| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ELEOLHOJFMBPBFCJHOCIIEKJCLAA.aditya@mail15.com> From: aditya at mail15.com (Aditya) Subject: explorer.exe on port 1024 tcp in windows 1024 in not a restricted port any user can open up and start listining on any port... restricted port is a unix concept that ms forgot to copy... can u see some connection to explorer ? try netstat -a for this info most probebly nothing more that some useless open port that various windows programs have habit of opening up u say u have scanned ur system ... but did u update the antivirus definations ? ------ Aditya Lalit Deshmukh, _____ Chief Security Officer & System and Network Administrator, Electronic Security Division, Enterprise Security Solutions, Inc -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Joel R. Helgeson Sent: Friday, September 12, 2003 6:13 PM To: full-disclosure@...ts.netsys.com Subject: [Full-Disclosure] explorer.exe on port 1024 tcp Can anyone tell me why I would be seeing explorer.exe on windows XP pro listening on port 1024 tcp? 1024 is a restricted port, I don't think that MS would ever use it legitamately. I'm thinking it's a trojan horse or something. In googling the problem, I discovered other users that are asking the same question with no answers. MS Site is no help. I went to the machine and telnetted to 127.0.0.1:1024 and it opened a connection where I couldn't type anything, so it IS listening. I copied explorer.exe off the machine, and scanned it with an AV pkg, no virus. I ran spyware cleanup utilities to no avial. Below is the output from fport on the machine... I have examined hundreds of other XP machines and none respond on port 1024 TCP & 123 UDP. FPort v2.0 - TCP/IP Process to Port Mapper Copyright 2000 by Foundstone, Inc. http://www.foundstone.com Pid Process Port Proto Path 432 Explorer -> 1024 TCP C:\WINDOWS\Explorer.EXE 432 Explorer -> 123 UDP C:\WINDOWS\Explorer.EXE 4 System -> 123 UDP Any insight into this would be appreciated. Joel R. Helgeson "Give a man fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Aditya Lalit Deshmukh.vcf Type: text/x-vcard Size: 4232 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030916/09866e3d/AdityaLalitDeshmukh.vcf
Powered by blists - more mailing lists