hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Ports?
GovernmentSecurity.org > The Archives > General Network Security
isaiah
Feb 13 2004, 02:27 PM
I been getting scan and hit by many shit latly and zone alarms telling me but im wondering if any of this ports are not suppose to be on

[CODE]

Pid   Process            Port  Proto Path                          
736   svchost        ->  135   TCP   C:\WINDOWS\system32\svchost.exe
4     System         ->  139   TCP                                
4     System         ->  445   TCP                                
788   svchost        ->  1025  TCP   C:\WINDOWS\System32\svchost.exe
0     System         ->  1026  TCP                                
1636  vsmon          ->  1026  TCP   C:\WINDOWS\system32\ZoneLabs\vsmon.exe
476   ccApp          ->  1032  TCP   C:\Program Files\Common Files\Symantec Shared\ccApp.exe
492   msnmsgr        ->  1035  TCP   C:\Program Files\MSN Messenger\msnmsgr.exe
492   msnmsgr        ->  1041  TCP   C:\Program Files\MSN Messenger\msnmsgr.exe
3744  FlashFXP       ->  1183  TCP   C:\Program Files\FlashFXP\FlashFXP.exe
3744  FlashFXP       ->  1187  TCP   C:\Program Files\FlashFXP\FlashFXP.exe
492   msnmsgr        ->  1238  TCP   C:\Program Files\MSN Messenger\msnmsgr.exe
1232  IEXPLORE       ->  1395  TCP   C:\Program Files\Internet Explorer\IEXPLORE.EXE
944                  ->  5000  TCP                                
480   MSMSGS         ->  15323 TCP   C:\Program Files\Messenger\MSMSGS.EXE

0     System         ->  9     UDP                                
3744  FlashFXP       ->  123   UDP   C:\Program Files\FlashFXP\FlashFXP.exe
476   ccApp          ->  123   UDP   C:\Program Files\Common Files\Symantec Shared\ccApp.exe
4     System         ->  137   UDP                                
492   msnmsgr        ->  138   UDP   C:\Program Files\MSN Messenger\msnmsgr.exe
736   svchost        ->  445   UDP   C:\WINDOWS\system32\svchost.exe
3744  FlashFXP       ->  491   UDP   C:\Program Files\FlashFXP\FlashFXP.exe
4     System         ->  500   UDP                                
788   svchost        ->  1030  UDP   C:\WINDOWS\System32\svchost.exe
1636  vsmon          ->  1033  UDP   C:\WINDOWS\system32\ZoneLabs\vsmon.exe
492   msnmsgr        ->  1036  UDP   C:\Program Files\MSN Messenger\msnmsgr.exe
492   msnmsgr        ->  1044  UDP   C:\Program Files\MSN Messenger\msnmsgr.exe
492   msnmsgr        ->  1129  UDP   C:\Program Files\MSN Messenger\msnmsgr.exe
1232  IEXPLORE       ->  1281  UDP   C:\Program Files\Internet Explorer\IEXPLORE.EXE
3744  FlashFXP       ->  1387  UDP   C:\Program Files\FlashFXP\FlashFXP.exe
944                  ->  1900  UDP                                
3744  FlashFXP       ->  1900  UDP   C:\Program Files\FlashFXP\FlashFXP.exe
1232  IEXPLORE       ->  7667  UDP   C:\Program Files\Internet Explorer\IEXPLORE.EXE
480   MSMSGS         ->  28868 UDP   C:\Program Files\Messenger\MSMSGS.EXE
0     System         ->  36838 UDP                                
]
DumpZ
Mar 1 2004, 05:01 PM
Nope everything looks fine to me
usch
Mar 1 2004, 05:15 PM
well these ports should all be on but most important thing is to have your system up to date.
port 139 is for netbios shares.u should delete or password them so anyone could watch them
port 135 could be rpc,dunno it`s patched
port 445 is used for the ASN.! vuln
and there is a sploit out for msn messenger (port 15323)
keep your comp secure wink.gif
DumpZ
Mar 1 2004, 07:02 PM
But this is the output of Fport.exe which show on which port which program is listening. But the firewall probably blocks port 139,135, 445 and allot others, depending on the level of security
sp4rk
Mar 4 2004, 04:41 PM
As long as your system is patched i don't see anything wrong with this. Check your firewall rules and only allow traffic to ports you really need (don't really know how it's done in zonealarm but i'm sure you can figure it out smile.gif).
metrox
Mar 4 2004, 05:36 PM
944 -> 5000 TCP


strange ???
sp4rk
Mar 4 2004, 06:23 PM
QUOTE (metrox @ Mar 4 2004, 05:36 PM)
944 -> 5000 TCP


strange ???

Not really. I'm pretty sure it's svchost.exe listening there, here is little example from my own computer.

Process PID LocalIP Localport State Protocol
svchost.exe 1036 0.0.0.0 5000 LISTEN TCP
DaClueless
Mar 5 2004, 06:49 AM
Off hand eveything looks ok.

But, that doesnt mean there no EVIL programming running. Because there a lot of programs now they hide their port from fport.exe



R0x0r
Mar 5 2004, 07:40 AM
Yes.. Keep your computer up to date with windowxs update and other patches. I'm having a lot of attacks on these ports : 135,139 and 445..
OaKz
Mar 5 2004, 09:10 AM
yeah m8...
mine it keep the windows auto update on..I dont have to remind myself to update...
D3ADLiN3
Mar 5 2004, 09:11 AM
QUOTE (sp4rk @ Mar 4 2004, 06:23 PM)
QUOTE (metrox @ Mar 4 2004, 05:36 PM)
944                  ->  5000  TCP                               


strange ???

Not really. I'm pretty sure it's svchost.exe listening there, here is little example from my own computer.

Process PID LocalIP Localport State Protocol
svchost.exe 1036 0.0.0.0 5000 LISTEN TCP

Port 5000 isnt that UPNP ?
pr0t0type
Mar 5 2004, 10:07 AM
yea it is. As long as your patched then it's no problem
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.