Re: [CERT] Why alerts on ports 1025-1029, 1036

[ePAc <epac () korigan net>]

those ports are use as RPC endpoints for COM/COM+ under windows 2000/XP i
beleive, which would explain why ZoneAlarm would try to block those.

> From what i understand, COM(+) binding starts at 1024 and quickly use more
ports (up to 5000). There are a couple articles in the MS knowledge base
about this (support.ms.com/search/default.aspx and search for 1025 port
connection)

I believe that some application like ZoneAlarm will block specific
applications from binding/using some network interfaces unless you
specifically allow for those.

I hope this answers your concerns...

i suggests you check out the various tools to see what applications are
binding to those ports (if those are rogue services or something else
harmless)

Good Luck..

ePAc.


On Tue, 1 Apr 2003, Tomas Carlsson wrote:

> Date: Tue, 1 Apr 2003 00:04:23 +0200
> From: Tomas Carlsson <xtc () skildra nu>
> To: incidents () securityfocus com
> Subject: [CERT] Why alerts on ports 1025-1029, 1036
>
> I get constant alerts from Zonealarm and it is always blocking on
> ports 1025, 1026, 1027 or 1029.
> Can someone tell me why?
>
> Sometimes also alerts from blocking on port 1036. What's there?
>
> TIA
> Tomas
>
>
>
> ----------------------------------------------------------------------------
> Powerful Anti-Spam Management and More...
> SurfControl E-mail Filter puts the brakes on spam,
> viruses and malicious code. Safeguard your business
> critical communications. Download a free 30-day trial:
> http://www.securityfocus.com/SurfControl-incidents

---
Nothing is foolproof to a sufficiently talented fool...
  oo
,(..)\
  ~~

----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-incidents