Security Basics mailing list archives

RE: What is this port? is it a trojan?

From: "Hyperion" <nemesis () croasdalepreston fsnet co uk>
Date: Tue, 1 Jul 2003 01:33:22 +0100

Silly me heh, the 44334 port is my firewall:

PERSFW.EXE        TCP           all:44334               ......                  Listening
PERSFW.EXE    TCP       all:44334         localhost:ingreslock  Connected in
PERSFW.EXE    UDP       all:44334         ......                  Listening
PFWADMIN.EXE  TCP       all:ingreslock    localhost:44334         Connected
out
PFWADMIN.EXE  TCP       all:1526          localhost:44334         Connected
out

As for ther port 5000 well the firewall has it as

SVCHOST.EXE   TCP       all:5000           ......                 Listening

There are a humber of those SVCHOST.EXE things when I take a look at the
firewall ststus window. I have no idea what they are heh.
Anyone enlighten me on the matter?
Regards Hyperion

-----Original Message-----
From: Uwe Röhl [mailto:uwe.roehl () kannix net]
Sent: 30 June 2003 23:13
To: Hyperion
Subject: Re: What is this port? is it a trojan?


Hello,

 Could anyone tell me how I can find out what's running behind the port in
question, and also what to do about it if it is a port.

  TCP    0.0.0.0:5000           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:44334          0.0.0.0:0              LISTENING
  UDP    0.0.0.0:500            *:*
  UDP    0.0.0.0:44334          *:*
  UDP    127.0.0.1:123          *:*
  UDP    127.0.0.1:1900         *:*
  UDP    217.135.174.224:123    *:*
  UDP    217.135.174.224:1900   *:*


Well, #44334 is not the only one, i'd have a look at.
Fport should be the right tool:
http://www.foundstone.com/resources/proddesc/fport.htm

--
Bye, Uwe Roehl



---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Current thread:

RE: What is this port? is it a trojan? Paul Kurczaba (Jul 02)
- <Possible follow-ups>
- Re: What is this port? is it a trojan? Mike Heitz (Jul 02)
- Re: What is this port? is it a trojan? KoRe MeLtDoWn (Jul 02)
- Re: What is this port? is it a trojan? Roger A. Grimes (Jul 02)
- RE: What is this port? is it a trojan? Hyperion (Jul 02)
- RE: What is this port? is it a trojan? dave klimen (Jul 02)
- Re: What is this port? is it a trojan? Ryan Smith (Jul 02)
- Re: What is this port? is it a trojan? nee cee (Jul 02)
- Re: What is this port? is it a trojan? Sabari Devadoss (Jul 02)
- Re: What is this port? is it a trojan? BlueScreen (Jul 02)
- RE: What is this port? is it a trojan? Sabol, Paul (Jul 02)
- Re: What is this port? is it a trojan? entmoot (Jul 02)
- RE: What is this port? is it a trojan? Dave Killion (Jul 02)
- RE: What is this port? is it a trojan? Spencer D'oro (Jul 02)
- RE: What is this port? is it a trojan? matthias . rasking (Jul 02)

(Thread continues...)