Security Incidents mailing list archives
RE: Why alerts on ports 1025-1029, 1036
From: "Matt Marcos" <Matt.Marcos () paccar com>
Date: Mon, 31 Mar 2003 17:11:59 -0800
In XP you can type NETSTAT -o and this will show the PID of each connection. You can then use task manager to corrolate the PID against what program is running. So NETSTAT -a -o will show you all listening processes and what PID is associated with them. Matt. -----Original Message----- From: Erik Boles [mailto:erik () coloradosprings com] Sent: Tuesday, 1 April 2003 10:29 AM To: Tomas Carlsson; incidents () securityfocus com Subject: RE: Why alerts on ports 1025-1029, 1036 Tomas, 1025 is dynamically assigned, so really any program can request use of it. I have seen nterm use 1026 rather frequently. 1036 is usually an outbound port. You can see what all is listneing on your system by running netstat -l (unix) or netstat -a (windows) from a command prompt. Erik -----Original Message----- From: Tomas Carlsson [mailto:xtc () skildra nu] Sent: Monday, March 31, 2003 3:04 PM To: incidents () securityfocus com Subject: Why alerts on ports 1025-1029, 1036 I get constant alerts from Zonealarm and it is always blocking on ports 1025, 1026, 1027 or 1029. Can someone tell me why? Sometimes also alerts from blocking on port 1036. What's there? TIA Tomas ---------------------------------------------------------------------------- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-incidents ---------------------------------------------------------------------------- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-incidents ---------------------------------------------------------------------------- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-incidents
Current thread:
- Why alerts on ports 1025-1029, 1036 Tomas Carlsson (Mar 31)
- RE: Why alerts on ports 1025-1029, 1036 Erik Boles (Mar 31)
- Re: [CERT] Why alerts on ports 1025-1029, 1036 ePAc (Mar 31)
- <Possible follow-ups>
- RE: Why alerts on ports 1025-1029, 1036 Matt Marcos (Apr 01)
- Increase of attempts on port 635 in last couple days Jeff Lane (Apr 02)
- RE: Why alerts on ports 1025-1029, 1036 Stuart Wallace (Apr 02)
- RE: Why alerts on ports 1025-1029, 1036 Leo, Joel (Apr 02)