Full Version: Port 1025
There's been an increasing amount of noise rattling around on port 1025 in the last couple of days.. anyone know what this is?
Hmm found this on a site with all ports listet..
1025/tcp network blackjack
1025/udp network blackjack
Take a look your self. Here is the site:
http://www.iana.org/assignments/port-numbers
1025/tcp network blackjack
1025/udp network blackjack
Take a look your self. Here is the site:
http://www.iana.org/assignments/port-numbers
I remember reading that something along the lines of RPC opens ports 1025-1029. I'm not sure where I read that, but I did. I would sniff the traffic to it, but probably nothing malicious really. I remember my windows 2k box had that open, and no, it's not blackjack. :-p
U will often see ports UDP port, 135, and also to UDP ports 1025-1029, inclusive:
being targeted this is the messenger spam exploit simply block those ports their of no use anyway.
Read here for a more complete explanation
http://www.dslreports.com/forum/remark,794...ity,1~mode=flat
being targeted this is the messenger spam exploit simply block those ports their of no use anyway.
Read here for a more complete explanation
http://www.dslreports.com/forum/remark,794...ity,1~mode=flat
Someone gave me the heads up in another forum, apparently it's a new worm, nachi.f.
More info can be found here:
http://www.linklogger.com/Port1025_RPC_Exploit.htm
More info can be found here:
http://www.linklogger.com/Port1025_RPC_Exploit.htm
i tested it and none resluts 
New(ish) info on this, apparently there's a new bot contributing to the noise:
http://www.dslreports.com/forum/remark,9614814~mode=flat
http://www.dslreports.com/forum/remark,9614814~mode=flat
this is rather intresting, if rpc is exploitable through port 1025, its gonna be abused once again since most ISP's arent blocking this port
I will have to test it when i get home from work
I will have to test it when i get home from work
Howdy doodly. I'm new here.
I have recently been under attack by various strains of digital vermin..
First W32.Gaobot copies itself into many *.SPL files on my \windowsxp\system32\spools\print\*.SPL
And then the printer started printing garbled junk of about 2 lines , then the next paper, garbled 3 lines, next paper.. it's the first virus I've heard of that destroys the print-paper of the user.
Then I got the infamous W32.Blaster which my Norton AV killed.. using autoprotect, BUT EVEN THEN, the blaster was able to carry out its RPC-mojo and initiate a reset of my system - like it was its last dying spasms of violence..
But it didn't get installed, I've checked regedit and processes..
My computer is currently cleaned of viruses.. but since I seem to get these viruses over and over again, it occured to me that even if I have a hardware Gateway/Firewall, it doesn't mean that it will work perfectly, so here I am..
Now.. my personal network is setup as a wireless lan. From the ADSL-modem to an officeconnect 3com 11b to the rest of the house. This wlan router has a firewall.. YET, I carried out the Security Response scan on symantec.com , and it seems my hardware firewall does NOT seem to block ports 135 nor 1025..
I've blocked port 135 by running dcomcnfg.exe , going to "component services" , Computers, My Computer, rightclick-properties -> default properties -> unchecked "Enable Distributed COM on this computer"
Now, that's fixed.. I only have one gaping securityhole left, Port 1025.
How do I block it? My Officeconnect firewall does not give me any option of blocking specific ports.. it only seem to work the other way around. It blocks EVERYTHING , and I have to OPEN the ports that I DONT want it to block.. except it doesn't seem to block port 135 and 1025
I am certain I haven't added these ports anywhere on the firewall.
Any ideas on blocking port 1025? (without installing a bloaty software firewall)
I have recently been under attack by various strains of digital vermin..
First W32.Gaobot copies itself into many *.SPL files on my \windowsxp\system32\spools\print\*.SPL
And then the printer started printing garbled junk of about 2 lines , then the next paper, garbled 3 lines, next paper.. it's the first virus I've heard of that destroys the print-paper of the user.
Then I got the infamous W32.Blaster which my Norton AV killed.. using autoprotect, BUT EVEN THEN, the blaster was able to carry out its RPC-mojo and initiate a reset of my system - like it was its last dying spasms of violence..
But it didn't get installed, I've checked regedit and processes..
My computer is currently cleaned of viruses.. but since I seem to get these viruses over and over again, it occured to me that even if I have a hardware Gateway/Firewall, it doesn't mean that it will work perfectly, so here I am..
Now.. my personal network is setup as a wireless lan. From the ADSL-modem to an officeconnect 3com 11b to the rest of the house. This wlan router has a firewall.. YET, I carried out the Security Response scan on symantec.com , and it seems my hardware firewall does NOT seem to block ports 135 nor 1025..
I've blocked port 135 by running dcomcnfg.exe , going to "component services" , Computers, My Computer, rightclick-properties -> default properties -> unchecked "Enable Distributed COM on this computer"
Now, that's fixed.. I only have one gaping securityhole left, Port 1025.
How do I block it? My Officeconnect firewall does not give me any option of blocking specific ports.. it only seem to work the other way around. It blocks EVERYTHING , and I have to OPEN the ports that I DONT want it to block.. except it doesn't seem to block port 135 and 1025
I am certain I haven't added these ports anywhere on the firewall.
Any ideas on blocking port 1025? (without installing a bloaty software firewall)
Perhaps someone put some more work in to this
hxxp://www.governmentsecurity.org/forum/http://www.governmentsecurity.org/forum/index.php?showtopic=6704&hl=
just a thought....
-Nexy
hxxp://www.governmentsecurity.org/forum/http://www.governmentsecurity.org/forum/index.php?showtopic=6704&hl=
just a thought....
-Nexy
Good job on that Nex.. now how do I do something about Task Scheduler so that it doesn't keep port 1025 open?
Also, even if I have disabled DCOM, port 135 is still open. What should I do?
Also, even if I have disabled DCOM, port 135 is still open. What should I do?
Here's an interesting thread on the subject, may be of use:
http://www.dslreports.com/forum/remark,9499491~mode=flat
http://www.dslreports.com/forum/remark,9499491~mode=flat
lads port 1025 is yahoo
port 1025 is lots of stuff.. yahoo isn't part of this discussion tho.
| QUOTE (R0x0r @ Mar 9 2004, 07:52 PM) |
| Hmm found this on a site with all ports listet.. 1025/tcp network blackjack 1025/udp network blackjack Take a look your self. Here is the site: http://www.iana.org/assignments/port-numbers |
well, in most cases 1025 isnt blackjack; its actually the task manager. i'm not exactly sure what the task manager does on this port but i know thats what most xp/2000/nt boxes have on port 1025
hope that helps,
mike
If I remember well, ports 1024 to 1030 I think are also mIRC delfaut's DCC ports, so maybe it's only that that you see
Otherwise, I can be anything other ...
Otherwise, I can be anything other ...
hmm is a system port (TCP) status listen by winxp or a mirc dcc port i think
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
