135, 445, 1025, 1027, 1029, 1035, 1039, 1043, 15876 and 44334. Status is listening for all of these when I type netstat -an. The IP address is listed as 0.0.0.0:0. I do not understand. Someone clarify?
What are these ports open and listening for? Any ideas.
- Thread starter CromNogger
- Start date
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
- Jan 26, 2001
- 849
- 0
- 0
- Jan 26, 2001
- 849
- 0
- 0
http://www.ec11.dial.pipex.com/port-num.htm
135 and 445 look fine... "listener RFS remote_file_sharing" for 1025. hmmm...
1027 not on the list.
1029 either.
1035 either.
1039 either.
1043 either.
Same with the last two.
hmmm... whatever
135 and 445 look fine... "listener RFS remote_file_sharing" for 1025. hmmm...
1027 not on the list.
1029 either.
1035 either.
1039 either.
1043 either.
Same with the last two.
hmmm... whatever
PCResources
Banned
- Oct 4, 2000
- 2,499
- 0
- 0
In Linux, all ports are enabled as default, shut all of them then enable the ones you need...
In Win the standard is that all ports are disabled (locked) and are only enabled if you choose to do so...
Your computer is wide open, close it up before someone decides that he wants to mess with you...
Patrick
In Win the standard is that all ports are disabled (locked) and are only enabled if you choose to do so...
Your computer is wide open, close it up before someone decides that he wants to mess with you...
Patrick
port 1035
Name: Multidropper
Aliases: Trojan/Runner-A,
Ports: 1035
simovits.com/trojans
sans.org/newlook/resources
www.iana.org/assignments/port-numbers
Name: Multidropper
Aliases: Trojan/Runner-A,
Ports: 1035
simovits.com/trojans
sans.org/newlook/resources
www.iana.org/assignments/port-numbers
PCResources
Banned
- Oct 4, 2000
- 2,499
- 0
- 0
e-tech, that trojan does not run under linux...
But trippy should still close those ports, there are no need to keep them open...
My recommendation is that you use the personal firewall and keep all ports that you do not need closed, in Linux, this is easily done, in win, it is done by default (the ports, not the firewall...
Patrick
But trippy should still close those ports, there are no need to keep them open...
My recommendation is that you use the personal firewall and keep all ports that you do not need closed, in Linux, this is easily done, in win, it is done by default (the ports, not the firewall...
Patrick
- Jan 26, 2001
- 849
- 0
- 0
Thanks for all the help, guys. I saw one suspicious looking open port while scanning with Anti-Trojan (probably a trojan in itself haha). This confirms my suspicion.
- Jan 26, 2001
- 849
- 0
- 0
What can I do?
I have NIS 2K, NAV 2K (realtime thingy enabled), Anti-Trojan 5.5 and Anti-Trojan Watch, ZoneAlarm Pro, and Tiny Personal Firewall. I'm only running Tiny right now. Let me know if there's anything else I should know or do.
if I'm running the firewall, are the ports closed? Cuz netstat thinks they're open .. what can I do?
I have NIS 2K, NAV 2K (realtime thingy enabled), Anti-Trojan 5.5 and Anti-Trojan Watch, ZoneAlarm Pro, and Tiny Personal Firewall. I'm only running Tiny right now. Let me know if there's anything else I should know or do.
if I'm running the firewall, are the ports closed? Cuz netstat thinks they're open .. what can I do?
- Jan 26, 2001
- 849
- 0
- 0
A whole bunch more are listening now, in the 2-thousands
BTW, why are u talkin about Linux? I'm running Win2K
BTW, why are u talkin about Linux? I'm running Win2K
uh, a few things
1) IE may be opening new sockets and not closing them properly, hence they still exist in closed form. I don't know why they'd be listed as listening, but try rebooting and see if the same ports are open BEFORE going to any websites.
2) Press control-alt-delete and note any strange or unusual apps. If you are unsure which apps don't belong, post all of them up here.
1) IE may be opening new sockets and not closing them properly, hence they still exist in closed form. I don't know why they'd be listed as listening, but try rebooting and see if the same ports are open BEFORE going to any websites.
2) Press control-alt-delete and note any strange or unusual apps. If you are unsure which apps don't belong, post all of them up here.
- Jan 26, 2001
- 849
- 0
- 0
No unusual apps.
There were listen ports open before the last reboot, too. I can reboot and double check.
There were listen ports open before the last reboot, too. I can reboot and double check.
- Jan 26, 2001
- 849
- 0
- 0
The established connections: 5190 is AIM, 1863 is probably AIM or some feature of it (direct connect?), the 21 is ftp.
Everything else: damned if I know.
Ah, you might wanna go to System Info and see if anything suspicious is loading, I forgot that you're on 2k and it's easy for a program to hide itself as a process where most people don't have the patience to check (me included).
Everything else: damned if I know.
Ah, you might wanna go to System Info and see if anything suspicious is loading, I forgot that you're on 2k and it's easy for a program to hide itself as a process where most people don't have the patience to check (me included).
almostmakingit
Senior member
- Mar 3, 2001
- 343
- 0
- 0
- Jan 26, 2001
- 849
- 0
- 0
- Jan 26, 2001
- 849
- 0
- 0
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 24K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
AnandTech is part of Future plc, an international media group and leading digital publisher. Visit our corporate site.
© Future Publishing Limited Quay House, The Ambury, Bath BA1 1UA. All rights reserved. England and Wales company registration number 2008885.
Facebook
Twitter