PORTS are listening is this normal? what is normal?
Results 1 to 10 of 10

Thread: PORTS are listening is this normal? what is normal?

  1. #1
    Member
    Join Date
    May 2005
    Posts
    39

    PORTS are listening is this normal? what is normal?

    Hi, just got registered,I hope this is the right place for this poat, I have aTRIAL version Mcafee firwall using it till it expires(gonna get ZonealarmPRO after that---)anyway,

    I have been getting my PORTS scanned/i guess or PINGED?... I did a trace back to a CHINA RAILROAD SERVER near Bejing? Then, I started to trace/sending a ping, then I would get just 1 back, i sent 2 then I got 2 back etc... it was as if someone was on the other end watching me???
    So now I am paranoid they turned my computer into a "BOT"????

    I scanned it seems clean nothing unsual ,no excessive traffic,in or out.


    My questions is i have noticed my PORTS from "roughly 33,000---to--45444 have been requested to contact? I am guessing this might have something to do with this SOBER worm going around?, well it is right?....? anyway I have it all archived and saver as logs,

    IS THIS NORMAL INTERNET TRAFFIC? SHOULD i BE PARANOID?
    THEN RIGHT STARTING A FEW DAYS AGO I HAVE BEEN SENT THE SOBER Virus Advisory
    W32/Sober.p@MM is a Medium Risk viruS AS OF MCAFEE TODAY, ANY WAY IT STARTED AS LOW BUT NOW IS SLOWLY CLIMBING?



    i HAVE not BEEN INFECCTED WITH IT AND i HAVE RAN MANY SCANS TO QUADRUPLE CHECK ,
    i WANT TO LEARN ABOUT ALL THOSE REGITRIES I AHVE IN MY xp hOME SYSTEM,ETC,...?



    anyonw have any comments suggestions or advice to relieve me? I guess all this stuff I have watch for several years with my zone alrm free version but now with my new system I never really paid attention to all the alerts until the TRIAL VERSION from McAfee,...so any knowledge is greatful???

  2. #2
    Senior Member
    Join Date
    Jul 2004
    Posts
    469
    Slow down. You seem a little paranoid now that you can see what is actually happening over your network connection.

    You said you pinged them once and got a response and then pinged them twice and got two. This is... how ping works. You ping and get a response. If you mean you pinged them and then they pinged you, it might just be a script on their end to respond to pings.

    As far as getting scanned on those high port numbers, its probably just stuff trying to spread through the net. No specific application. A lot of trojans listen on these ports and they're checking to see if you're infected. Its mostly computerized so don't feel like you're being targetted. Just keep that firewall going and you'll be in good hands.

  3. #3
    Member
    Join Date
    May 2005
    Posts
    39
    OK, Thanks,yes I got a millions questions, ha ha, OK, I would NOT dream of getting online without a firewall of some sort,is it normal for my SYSTE PROCESS to be liste 8 diffrent times for listening on port 2639 i think it was/? I read all the HELP files with the FirewallMcafee program but they dont get very specific?... Ok Im gonna kick back and read the replies, if I get anymore,...
    Thansk!
    anyone?else?

    Dogman

  4. #4
    Senior Member
    Join Date
    Jul 2004
    Posts
    469
    You can visit http://www.iana.org/assignments/port-numbers to find out what specific port numbers might be used for. That one is listed as AMInet. You said you're not sure about the number so I won't assume that that is for sure, but give that a go.

  5. #5
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    Slow down and try keeping your thoughts organized and spelling in tact. I am horrible with anything having to do with grammar, but have realised you will get many more responses if your posts are easily readable.

    start by turning on the firewall. that will close all non-necessary ports, then one by one you can open the ones you need. simple. And in addition to your firewall have an anti-virus running. AVG is great and free. There are thousands of virus warnings that go out all the time, becasue new viruses come out every day, most wont matter, they are just notifications. There are TONS of threads here about how to secure your box, I suggest reading those.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Slow down and try keeping your thoughts organized and spelling in tact.
    I should probably be negged for this but I just found it funny....

    There's no space in the word intact.....

    Dogman:

    You are suffering the same information overload that everyone who runs a software firewall does when they first fire it up..... There's just too much information for the non-geek person to deal with sensibly. All you need to do is make sure that your firewall is running and that you haven't altered any of the default settings and you'll be fine...

    Take deep breaths and get a beer from the fridge....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    Intact? That's what XTC46 meant? I read it as written and thought it very appropriate!
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  8. #8
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi Dogman

    It seems to me, that your questions were twofold:

    incoming traffic

    This one has been thoroughly answered - follow the
    advices. Just in general: Incoming traffic, ie traffic
    you have not requested, is daily business. Don't panic
    Usually, configure your firewall such that everything incoming
    is dropped - except you have a server running, and you know
    what you are doing.
    Nowadays, personal firewalls also can be configured
    to disallow outgoing traffic. Which kind of outgoing
    traffic is fine? Standard-approach: Disallow everything
    and allow step by step. But what about such obscure request
    from SYSTEM and svchost.exe? See below.

    listening ports

    In a standard installation (which OS?), there always
    are listening ports. Often, in particular for stand-alone
    machines (machines not in a LAN), most are not needed.
    Find a tutorial[1], which explains how to disable most
    of them. It will also give advice, which obscure request
    from SYSTEM and svchost.exe should be allowed.

    It seems to me, that you have some experience (SYSTEM
    listening on port so and so, Pinging etc.) In case you
    have problems, pm me or post here.

    Final comment: It feels strange to me, that SYSTEM is listening
    on Port ~2639. Ok, it refers to AMInet - but do you actually
    have an AMInet server running? And if so - why is not the
    AMInet server listening there? Which services (services.msc)
    are running? Which software is installed? Which programs are
    running (eg. taskmanager, msconfig)? Try to check it - try
    to use the tools mentioned in the tutorial

    Good luck.
    Cheers.


    [1] http://www.antionline.com/showthread...hreadid=264811
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  9. #9
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    Hey tiger,

    "Do as i say, not as I do"

    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  10. #10
    Member
    Join Date
    May 2005
    Posts
    39

    I got back on this morning and NOW my Firewall is gone!

    OK,..OK, good advice from everybody,Now I log on this morning and NO McAfee,or , well I got it back on turns out it was a scheduling conflict with SPYBOT,
    Anyway as far as the ports on my computer they are ALL stealth,so if this is the case everything is copacetic.(this is correct spelling if not please advise as this word is rarley listed in ANY dictionary.
    later
    tails waggin'
    Dogman





Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides