Security Basics mailing list archives
RE: Port 5000 and Windows XP
From: "Myers, Marvin" <MRMyers () anteon com>
Date: Wed, 13 Aug 2003 12:22:25 -0400
The utility that I think you are referring is XPANTISPY. Google for it, it's out there. Port 5000 can and will be held open by the SSDP service also. I am seeing this in a lot of machines. Even ones that have XPANTISPY installed. This just started after the latest round of updates. Hope this helps -----Original Message----- From: Adam Newhard [mailto:atnewhard () microstrain com] Sent: Wednesday, August 13, 2003 9:16 AM To: security-basics () securityfocus com Subject: Re: Port 5000 and Windows XP Side note, at one point in time, while working on a bunch of XP home and professional machines, going to services.msc and disabling upnp didn't always work. Since you don't really need it or want it, you should fully remove it from the system. In other words, after disabling it and rebooting, port scan the machine. There is/was a utility that'd remove upnp completely, but i forget where it is (i found it on google). Being a *nix head, I can't tell you exactly how to completely remove it, but i'm sure someone here can. adam ---------------------------------------------------- Adam Newhard Microstrain, Inc. If vegetarians eat vegetables, watch out for humanitarians ----- Original Message ----- From: "dos cerveza" <dos_cerveza () mail com> To: "matt willson" <mwillson () sbcglobal net>; <security-basics () securityfocus com> Sent: Tuesday, August 12, 2003 1:27 PM Subject: RE: Port 5000 and Windows XP
Port 5000 TCP is used together with port 1900 UDP for UPnP (universal
plug and play). It is open on a default Windows XP install.
If you don't use it (and you probably don't) you can easily disable
the mentioned ports from listening by opening 'services.msc' from a run box and stop the folowwing services:
'Universal Plug and Play Device Host' & 'SSDP Discovery Service'. Be sure to set them to 'disabled' or
'manual' to prevent them from starting up on a reboot.
http://www.grc.com has a nice article about this too. Sincerely DosI had reason to look at a Windows XP box and discovered port 5000
open
on it. Subsequent research has shown that this is normal (albeit
stupid).
However, when I connect to port 5000, I get an "HTTP/1.1 400 Bad Request". Also, fport /ap shows port 5000 open, but will not
associate
an application with it. Am I overly paranoid or has this box been compromised? Thanks-- __________________________________________________________ Sign-up for your own personalized E-mail at Mail.com http://www.mail.com/?sr=signup CareerBuilder.com has over 400,000 jobs. Be smarter about your job
search
http://corp.mail.com/careers
------------------------------------------------------------------------ -- -
------------------------------------------------------------------------ -- --
------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Port 5000 and Windows XP Gene (Aug 11)
- RE: Port 5000 and Windows XP matt willson (Aug 12)
- <Possible follow-ups>
- RE: Port 5000 and Windows XP dos cerveza (Aug 12)
- Re: Port 5000 and Windows XP Adam Newhard (Aug 13)
- Fw: Port 5000 and Windows XP Stephane Auger (Aug 12)
- Re: Fw: Port 5000 and Windows XP dos cerveza (Aug 12)
- Port 5000 and Windows XP Meidinger Chris (Aug 13)
- RE: Port 5000 and Windows XP Myers, Marvin (Aug 13)
- RE: Port 5000 and Windows XP dave kleiman (Aug 14)
- Re: Port 5000 and Windows XP Jim Clare (Aug 14)