• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

possible exploit ?

G

gdud82

Junior Member
few days ago i noticed with netstat -a
that i have too many (around 100) tcp ports in listening state such as
TCP rs500:3949 rs500:0 LISTENING
TCP rs500:3951 rs500:0 LISTENING
TCP rs500:3953 rs500:0 LISTENING

i'm running norton's family edition firewall on my win2k machine. can't find option to block range of ports in its gui
i tried to block these ports on linksys cable router.
but still see ports in their listening state.

any advise, links for this problem

thanks,
boris
 
Is this right after bootup? Does your anti-virus program catch anything? Is it up to date? What programs are you running? Are there any established connections?
 
a) the box was up for about 6 month
b) sometimes
c) subscription service expired 2 week ago. don't think its an issue here
d) while problem was checked no programs (except logviewer) were running.
 
Originally posted by: gdud82
no its not my business
but anyway 🙂
what noc u workin for ?
Click to expand...

A small security company. 🙂

Id reboot and check the netstat then, and maybe grab AVG (free for personal use) or atleast do an online scan. I doubt its a virus or exploit, but better safe than sorry.
 
Hi,
don't know if it an exploit but if you want to monitor more closely your connections i recommand using Tiny personnal firewall , besides it is free ...

@ nOcmonkey : heard any good / bad news about it (TPF) ? (just curious to have the opinion of somebody actually having a professional approach to security)
 
I think you're confusing two concepts here.

When a port is in a listening state, it means that some program is running under the OS, and that program told the operating system, "hey, when a packet comes in on this port, send it to me."

Blocking these ports at your firewall won't prevent them from listening. It could indeed prevent ports from getting to this machine on this port, but as long as the listener program starts up, the port will go into the listening state.

See if you can find a program called findport.exe. This program will list which programs are listening on what ports.
 
Originally posted by: Farfrael
Hi,
don't know if it an exploit but if you want to monitor more closely your connections i recommand using Tiny personnal firewall , besides it is free ...

@ nOcmonkey : heard any good / bad news about it (TPF) ? (just curious to have the opinion of somebody actually having a professional approach to security)
Click to expand...

I havent heard anything about it, but for the 2 weeks I had Win2k on one of my home machines I used TPF and thought it was pretty good.
 
zonealarm tells you which programs are trying to listen on ports so you can restrict certain applicatoins and see if it is a trojan. I think zonealarm is good, and it is very configurable.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top