Open ports

Printable View

October 13th, 2004, 03:05 PM
Death_Knight

Open ports

i did a netstat -an, i found out that there are connections like this

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1031 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1035 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1068 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1147 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1148 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1151 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1425 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1467 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1027 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1067 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1067 127.0.0.1:1068 ESTABLISHED
TCP 127.0.0.1:1068 127.0.0.1:1067 ESTABLISHED
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:1033 *:*
UDP 0.0.0.0:1037 *:*
UDP 0.0.0.0:1081 *:*
UDP 127.0.0.1:1032 *:*

How can i findout which applications are using them and close all the ports
:rolleyes:
October 13th, 2004, 03:09 PM
SirDice

netstat -on will tell you the process id (PID). You can lookup PID->application name using the taskmanager.
October 13th, 2004, 03:13 PM
Death_Knight

i have a question i seen some weird entries in my HOST file like 127.0.0.1 www.blahblah.com

what does it do?

it seems to be alter
October 13th, 2004, 03:17 PM
Limpster

Well 127.0.0.1 is a loopback address to your own computer. I think the hosts file should be empty, but im not sure.
October 13th, 2004, 03:22 PM
CurioCT

hsots

anything pointing to 127.0.0.1 (or localhost) will revert back to your own computer.

so the hosts file can be used a simple blocker.

so the entry :-

127.0.0.1 dirtybleedingscumbagpopupadsite.com

when a site trys to pop up this ad site your computer will look in the hosts file for the ip and will actually pop up a blank page (assuming you are not running a webserver fo course) this is because your computer checks its host file before going to its DNS to get the address.

There are websites out there that post huge lists of ad sites to allow you to do this its very handy at reducing bandwidth wastage
October 13th, 2004, 03:25 PM
sec_ware

Hi

First question:
I very like [1]. It shows you the program name and the ports it uses.
In combination with [2], you have some useful information about what
is going on on your system.

Probably, you cannot avoid that the programs are listening on these
ports. However, you can block (firewall) all traffic to or from it. Note however,
that you should be careful what to close and what to allow.

Second question:
hosts-file (?)
The OS (most) uses the host-file to resolve DNS before looking it up on
some DNS Server. In your case, if you ping www.blahblah.com, it will
send a ping to 127.0.0.1, which is your localhost ie your computer.

Cheers

[1] http://www.diamondcs.com.au/openports/
[2] http://www.foundstone.com/index.htm?...desc/fport.htm

/edit: wow, people are really quick here. during writing this post, you got 3~4 replies :D
October 13th, 2004, 03:28 PM
MrLinus

Umm... first question I'd be asking is, did you alter the hosts file? If not, there is one known virus (worm?) that would do this (for the life of me the name escapes me). There is an actual website for www.blahblah.com so is that the url in there or is it another?

There are also hosts files that you can get online that use the loopback to block known spammers/ad sites, as mentioned above. Is it possible you downloaded and installed one of these and forgot you did it?
October 13th, 2004, 03:37 PM
Death_Knight

well, lucky that i have created a ghost image backup. i have restored back to good working state. backup is good :D. just to be careful with all these spyware and virus.

lmao didnt knew there's a blahblah.com :D