| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <001d01c3792b$637dcf90$4802a8c0@Security> From: joel at helgeson.com (Joel R. Helgeson) Subject: explorer.exe on port 1024 tcp Can anyone tell me why I would be seeing explorer.exe on windows XP pro listening on port 1024 tcp? 1024 is a restricted port, I don't think that MS would ever use it legitamately. I'm thinking it's a trojan horse or something. In googling the problem, I discovered other users that are asking the same question with no answers. MS Site is no help. I went to the machine and telnetted to 127.0.0.1:1024 and it opened a connection where I couldn't type anything, so it IS listening. I copied explorer.exe off the machine, and scanned it with an AV pkg, no virus. I ran spyware cleanup utilities to no avial. Below is the output from fport on the machine... I have examined hundreds of other XP machines and none respond on port 1024 TCP & 123 UDP. FPort v2.0 - TCP/IP Process to Port Mapper Copyright 2000 by Foundstone, Inc. http://www.foundstone.com Pid Process Port Proto Path 432 Explorer -> 1024 TCP C:\WINDOWS\Explorer.EXE 432 Explorer -> 123 UDP C:\WINDOWS\Explorer.EXE 4 System -> 123 UDP Any insight into this would be appreciated. Joel R. Helgeson "Give a man fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life."
Powered by blists - more mailing lists