Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Port 1025 - Network Blackjack

From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 14 Aug 2003 10:25:09 -0700
  I don't know why things think 1025 is "Network Blackjack".
The Windows RPC stuff tends to assign its services ports
just above 1024.  135 is where the "end-point mapper" that
will tell a client "the service you want is on my port 1025"
lives.

  So the box is apparently running Windows RPC and allows 
you (and probably anyone else on the Internet) to connect to
it.  Sounds like a great candidate for W32.Blaster infection,
doesn't it?  The scans you've seen may well have been attempts 
to spread the infection to your machine.

David Gillett



-----Original Message-----
From: osden [mailto:osden77 () hotmail com]
Sent: August 14, 2003 03:59
To: security-basics () securityfocus com
Subject: Port 1025 - Network Blackjack


Hi everybody,

My WIN XP box has been scanned number of times this week from 
IP which on
return scanning seems to have TCP Port 1025 (Network 
Blackjack) open. It
also has  port 135 (DCE endpoint resolution).
Could someone enlightened me on this. I have googled and have 
had a look at
past listing of this type on this very mailing list. But no 
one had given a
answer to this.

Letme know. Thankxx in advance.

Cheerzzzzzzzz !!!!!!!
Osden

--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: