Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Connection between Nimda & Port 1027

  1. #11
    Forgive me if I'm wrong since I haven't come across servers with IIS yet, but what about spyware and adware on the servers? Some of them open up ports, but I don't recall one opening up 1027.

  2. #12
    Junior Member
    Join Date
    Jun 2002
    Posts
    6
    This may be inappropriate but did you check to see if those computers had ICQ installed on them? Maybe the users who got nimba would be the same users that use ICQ. Also if it bothers you a lot just close the port on your firewall and see what services stop running.

    This may be inappropriate but did you check to see if those computers had ICQ installed on them? Maybe the users who got nimba would be the same users that use ICQ. Also if it bothers you a lot just close the port on your firewall and see what services stop running.
    Man made beer, god made marijuana. Who\'s right?

  3. #13
    Junior Member
    Join Date
    May 2002
    Posts
    4
    PScan shows MS Distributed Transaction Coordinator running on port 1027. We are checking the documentation for the app to see if it's a process which should be running. But now I think it may be a false alarm. If so, learned a lot in the process...
    Thanks for the advice everyone.

    BTW: No chance of ICQ running on the server.

  4. #14
    if your looking to see what info is passing thru the port use a packet sniffer .. http://www.sniff-em.com and http://www.tamos.com for commview both are pretty good shareware .... but i had that same port open on my windoze box and neither detected anything and im sure it wasnt opened by virus or trojan... hope that helps

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •