Security Basics mailing list archives

Re: What is this port? is it a trojan?

From: Security <security () ddiction com>
Date: Wed, 02 Jul 2003 07:24:50 -0600

On Mon, 2003-06-30 at 10:52, Hyperion wrote:

Hello all :)

 I have been taking a more detailed interest in my pc's security of late,
and security for computers in general, and I am learning at quite a fast
rate, although there is a great, great deal of information to learn out
there.

 Just recently I have taken to doing regular, netstat - probes on my machine
to see the different connections that arise and so forth.
 Today I found a rather mysterious port with the number, 44334 and I have
copied/paste the results of the netstat -an below for people to look at.
 Is the port in question, -44334- a Trojan? it strikes me as a rather
suspicious port and a rather large port number.
 Could anyone tell me how I can find out what's running behind the port in
question, and also what to do about it if it is a port.
 I have run my virus software, but it did not find any viruses or Trojans
installed on my machine, so I am at a loss as to what to do.
I am also very limited in my security knowledge, so I am basically stuck for
the necessary ideas or solutions on what to do in order to find out what's
behind this port.
Any and all help is greatly appreciated thanks.

Details of netstat below::

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1026           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1038           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5000           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:44334          0.0.0.0:0              LISTENING
  TCP    127.0.0.1:110          0.0.0.0:0              LISTENING
  TCP    127.0.0.1:1279         127.0.0.1:110          TIME_WAIT
  TCP    217.135.174.224:1280   195.92.193.154:110     TIME_WAIT
  UDP    0.0.0.0:445            *:*
  UDP    0.0.0.0:500            *:*
  UDP    0.0.0.0:1036           *:*
  UDP    0.0.0.0:44334          *:*
  UDP    127.0.0.1:123          *:*
  UDP    127.0.0.1:1900         *:*
  UDP    217.135.174.224:123    *:*
  UDP    217.135.174.224:1900   *:*


Because the source and destination IP's are the same, it's just your
machine talking to itself.  Applications choose random port numbers to
communicate, unless the port is part of a spec.

However, for future outbound connections where the port number doesn't
clearly tie to a service (110 pop3 et al) you may wish to visit
http://www.portsdb.org

Cheers

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

RE: What is this port? is it a trojan?, (continued)
- RE: What is this port? is it a trojan? Spencer D'oro (Jul 02)
- RE: What is this port? is it a trojan? matthias . rasking (Jul 02)
- Re: What is this port? is it a trojan? vincent (Jul 02)
- RE: What is this port? is it a trojan? McLaughlin, Bryan (Jul 02)
- RE: What is this port? is it a trojan? George Peek (Jul 02)
- RE: What is this port? is it a trojan? Dillon, Cameron (Jul 02)
  - RE: What is this port? is it a trojan? Hyperion (Jul 02)
- RE: What is this port? is it a trojan? kurtis . myers (Jul 02)
- Re: What is this port? is it a trojan? Angelz (Jul 02)
- Re: What is this port? is it a trojan? Justin Dwyer (Jul 02)
- Re: What is this port? is it a trojan? Security (Jul 02)
- Re: What is this port? is it a trojan? pablo gietz (Jul 02)