|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jacques Exelrud (jacques
msainfor.com.br)Date: Tue Jul 10 2001 - 13:00:57 CDT
I'm using ZoneAlarm on a machine. Starting some days ago the alert log
started to show a UDP connection from my machine to my machine (denied by
ZoneAlamr)
The UDP port is 10000.
After check netstat -n -a I lso found some weird ports:
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1032 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3372 0.0.0.0:0 LISTENING
TCP 1.0.0.1:1433 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1433 0.0.0.0:0 LISTENING
TCP 192.168.64.1:139 0.0.0.0:0 LISTENING
TCP 192.168.64.1:1433 0.0.0.0:0 LISTENING
UDP 0.0.0.0:135 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1028 *:*
UDP 0.0.0.0:1031 *:*
UDP 0.0.0.0:1434 *:*
UDP 0.0.0.0:3456 *:*
UDP 0.0.0.0:10000 *:*
UDP 192.168.64.1:137 *:*
UDP 192.168.64.1:138 *:*
Some of the are known but other are, at least, suspicious.
Any sugestions on how to find who owns those ports ? ZoneAlarm does not
bother me with them so I suspect that who owns them is services.exe or other
Win200 program that have been allowed to act like a server.
Thanks in advance,
Jacques
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]