hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > General Network Security
blahplok
Aug 24 2004, 04:13 AM
after install my windows (XP / 2000) port 1025 always opened,
Why..? is this port can use for remote conection such as prot 23 (telnet)? if yes, what client used for it?
can i close this port manualy?

thank's before.....
nuorder
Aug 24 2004, 04:26 AM
disable UPNP service

edit: my bad - had a brain fart, its not UPNP
digitalk2003
Aug 24 2004, 05:40 AM
There are multiple things wrong with the Microsoft's implementation of the UPNP protocol. For more information, see link. rolleyes.gif

Link: http://www.eeye.com/html/research/advisories/AD20011220.html

Ciau...

digitalk2003 cool.gif
prog
Aug 24 2004, 08:48 AM
I believe mirc opens this port as well
320X
Aug 24 2004, 10:01 AM
Disable SSDP Discovery in Windows Messenger (1900)

System Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectPlayNATHelp\DPNHUPnP]
Value Name: UPnPMode
Data Type: REG_DWORD (DWORD Value)
Value Data: (2 = disable UPnP broadcasts)
talaxian
Aug 24 2004, 11:54 AM
Those articles you gave ghim refer to UPNP on UDP 1900. He didn't specify tcp or udp but TCP 1025 is used by RPC.

http://seclists.org/lists/fulldisclosure/2003/Aug/0407.html


shiz
Aug 24 2004, 12:39 PM
UPnP is port 5000, not 1025
1025 is used by svchost.exe (RCP)
blahplok
Aug 25 2004, 12:31 AM
banner scan say if port 1025 is blackjack (network blackjack) and i have been googling but never find an article explain about this port, how to close, use for what, and what service running on it.... uhhhhhh..
Terminal
Aug 25 2004, 04:39 AM
Stop RPC(Remote procedure call) services and port will be automatically closed . But RPC isalso used by many other services . Its better to let it run if u are on a network . Also this port is called DCOM port .

Note: there are some programs that can schedule eventsor even execute on ur pc through administrator account using RPC (DCOM) port.

FOr example: W32.Gaobot.gen (on a lan)puts a infected file somewhere in ur hard drive ( $ shares is one of method) and then using Dcom services execute it and voila u are infected and ur pc acts as a zombie to infect others on network .

Check out WIndows worm door cleaner attached .
h3llraz0r
Aug 25 2004, 05:07 AM
the port is open because of RPC service and if you try the tool vicky posted it will close that port for you. cool.gif
Katja
Aug 25 2004, 10:44 AM
net stop Remote procedure call and the port will close but many other service need the RPC service

mfg
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.