Re: Microsoft Windows ME and TCP/5000

[Jeff Pults <j_pults () YAHOO COM>]

I found "Backweb Server" running on my "New" HP
Pavillion and determined it was "factory" installed
for some kind of automatic updates.  HP tech support
didn't know anything about it.  You could install some
tcp port monitor like TDImon to determine what app is
running on the port.

Cheers,
Jeff
--- "V. L-M" <derDoc () GMX DE> wrote:
> ----- Original Message -----
> From: "Todd A. Garrison" <tgarris () FRAMELOSS ORG>
> To: <INCIDENTS () SECURITYFOCUS COM>
> Sent: Thursday, March 01, 2001 7:02 PM
> Subject: Re: Microsoft Windows ME and TCP/5000
>
>
> > Quite commonly when you setup a multi-player FPS
> type game they will
> > install a web-server that allows you to change
> maps, kick players, etc
> > on the game server.  I know that this is the case
> with Unreal
> > Tournament.  As for Quake3 I am pretty sure it
> doesn't do this as it has
> > the ability to allow control of these game aspects
> via the game itself.
> > You may want to check the docs for Halflife to see
> if this is true.
>
> Your right, UT installs a webserver on port 80 if
> explicitly told so,
> however you can change the port.
> Youre right Q3a doesnt and the same is right for HL.
> If you want to control
> HL through a webserver you have to install some kind
> of mod but normally
> thats only feasible for a dedicated server, because
> when ingame you can
> change everything by means of the console(same goes
> for UT, BTW). Even the
> dedicated one can controled locally.
> As for the port 5000, I also have ME running and
> never seen any port 5000
> listening. What about ICQ? ICQ tends to sometimes
> open funny ports for
> listening.
> > Good luck!
> >
> > Eric Fagan wrote:
> > > Hello,
> > >   I've seen only a handful of unanswered
> questions when researching this
> > > subject on Google, but I've found what seems to
> be a webserver running
> on
> > > port 5000 of my WinME box.  A "netstat -a" shows
> UDP/1900 listening and
> > > TCP/5000 listening.  ICS is not installed, F/P
> Sharing is not enabled.
> > > On this box I have installed Halflife & QIII
> Arena off OEM CD's, and
> > > LimeWire (a gnutella type client).  The Limewire
> has since been removed
> and
> > > no references seem to appear for it the
> registry.  Telnetting to port
> 5000
> > > and trying a properly formatted http GET command
> (or using a web
> browser)
> > > returns HTTP 1.1/400 Bad Request.  I've seen
> references indicated
> UDP/1900
> > > is normal for ME (something to do with IP
> multicast & PnP detection),
> but
> > > TCP/5000?  I'm bringing home my Network
> Associates VirusScan software
> from
> > > work today.   (Shame on me, running w/out
> protection for two weeks --
> what
> > > was I thinking!)   I was just curious if anyone
> knew of a Trojan that
> camps
> > > an HTTP server on TCP/5000.  Perhaps I caught
> something...
> > > --Eric
> >
> > --
> > Todd Garrison
> > tgarris () frameloss org
> > PGP KEY ID: 0x007AEAE4


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/