Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: What is this port? is it a trojan?

From: Dave Killion <Dkillion () netscreen com>
Date: Mon, 30 Jun 2003 16:00:18 -0700
Hyperion,

I'd try telnet-ing (e.g. 'telnet localhost:44334') or better yet use
NetCat and try connecting to it, bang the Enter key a few times, and see
what pops up.  If it does reply with any banner, run that through Google
for more info.

If it were a POSIX system (your output looks Windows-ish to me, but I
could be wrong) you could use lsof to determine which process was
listening to what port - very handy proggie.

Good luck,

Dave Killion 
Senior Security Engineer 
Security Group
NetScreen Technologies, Inc.



-----Original Message-----
From: Hyperion [mailto:nemesis () croasdalepreston fsnet co uk]
Sent: Monday, June 30, 2003 9:52 AM
To: Security Basics Mailing List
Subject: What is this port? is it a trojan?


Hello all :)

 I have been taking a more detailed interest in my pc's security of
late,
and security for computers in general, and I am learning at quite a fast
rate, although there is a great, great deal of information to learn out
there.

 Just recently I have taken to doing regular, netstat - probes on my
machine
to see the different connections that arise and so forth.
 Today I found a rather mysterious port with the number, 44334 and I
have
copied/paste the results of the netstat -an below for people to look at.
 Is the port in question, -44334- a Trojan? it strikes me as a rather
suspicious port and a rather large port number.
 Could anyone tell me how I can find out what's running behind the port
in
question, and also what to do about it if it is a port.
 I have run my virus software, but it did not find any viruses or
Trojans
installed on my machine, so I am at a loss as to what to do.
I am also very limited in my security knowledge, so I am basically stuck
for
the necessary ideas or solutions on what to do in order to find out
what's
behind this port.
Any and all help is greatly appreciated thanks.

Details of netstat below::

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1026           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1038           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5000           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:44334          0.0.0.0:0              LISTENING
  TCP    127.0.0.1:110          0.0.0.0:0              LISTENING
  TCP    127.0.0.1:1279         127.0.0.1:110          TIME_WAIT
  TCP    217.135.174.224:1280   195.92.193.154:110     TIME_WAIT
  UDP    0.0.0.0:445            *:*
  UDP    0.0.0.0:500            *:*
  UDP    0.0.0.0:1036           *:*
  UDP    0.0.0.0:44334          *:*
  UDP    127.0.0.1:123          *:*
  UDP    127.0.0.1:1900         *:*
  UDP    217.135.174.224:123    *:*
  UDP    217.135.174.224:1900   *:*


My Regards
Hyperion


------------------------------------------------------------------------
---
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access
in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
------------------------------------------------------------------------
----

Attachment: smime.p7s
Description:

Previous By Date Next
Previous By Thread Next

Current thread: