Security Incidents mailing list archives
Re: Microsoft Windows ME and TCP/5000
From: "Bock, John (ISS San Francisco)" <JBock () ISS NET>
Date: Thu, 1 Mar 2001 20:08:42 -0500
Use fport: http://packetstorm.securify.com/NT/FPortNG.zip or if you've got 69 bucks TCPViewpro: http://www.winternals.com/products/monitoringtools/tcpviewpro.shtml and figure out what process owns that port. -john ----- Original Message ----- From: "Eric Fagan" <fagan () LVCM COM> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Wednesday, February 28, 2001 4:55 PM Subject: Microsoft Windows ME and TCP/5000
Hello, I've seen only a handful of unanswered questions when researching this subject on Google, but I've found what seems to be a webserver running on port 5000 of my WinME box. A "netstat -a" shows UDP/1900 listening and TCP/5000 listening. ICS is not installed, F/P Sharing is not enabled. On this box I have installed Halflife & QIII Arena off OEM CD's, and LimeWire (a gnutella type client). The Limewire has since been removed
and
no references seem to appear for it the registry. Telnetting to port 5000 and trying a properly formatted http GET command (or using a web browser) returns HTTP 1.1/400 Bad Request. I've seen references indicated UDP/1900 is normal for ME (something to do with IP multicast & PnP detection), but TCP/5000? I'm bringing home my Network Associates VirusScan software from work today. (Shame on me, running w/out protection for two weeks -- what was I thinking!) I was just curious if anyone knew of a Trojan that
camps
an HTTP server on TCP/5000. Perhaps I caught something... --Eric
Current thread:
- Microsoft Windows ME and TCP/5000 Eric Fagan (Feb 28)
- Re: Microsoft Windows ME and TCP/5000 George Bakos (Mar 01)
- Re: Microsoft Windows ME and TCP/5000 Todd A. Garrison (Mar 01)
- Re: Microsoft Windows ME and TCP/5000 V. L-M (Mar 02)
- Re: Microsoft Windows ME and TCP/5000 Jeff Pults (Mar 05)
- Apache logs John A. Kotulak (Mar 05)
- Re: Apache logs Pedro Ortale Neto (Mar 05)
- Re: Microsoft Windows ME and TCP/5000 V. L-M (Mar 02)
- <Possible follow-ups>
- Re: Microsoft Windows ME and TCP/5000 Bock, John (ISS San Francisco) (Mar 02)
- Re: Microsoft Windows ME and TCP/5000 Joe Matusiewicz (Mar 02)
- Re: Microsoft Windows ME and TCP/5000 Eric Fagan (Mar 05)
- Re: Microsoft Windows ME and TCP/5000 Joe Matusiewicz (Mar 02)
- Re: Microsoft Windows ME and TCP/5000 Vachon, Scott (Mar 05)
- Re: Microsoft Windows ME and TCP/5000 Magus Ba'al (Mar 09)
- Re: Microsoft Windows ME and TCP/5000 Timothy Lyons (Mar 06)