Security Basics mailing list archives

RE: Port 5000 and Windows XP

From: "Myers, Marvin" <MRMyers () anteon com>
Date: Wed, 13 Aug 2003 12:22:25 -0400

The utility that I think you are referring is XPANTISPY. Google for it,
it's out there. Port 5000 can and will be held open by the SSDP service
also. I am seeing this in a lot of machines. Even ones that have
XPANTISPY installed. This just started after the latest round of
updates.

Hope this helps


-----Original Message-----
From: Adam Newhard [mailto:atnewhard () microstrain com] 
Sent: Wednesday, August 13, 2003 9:16 AM
To: security-basics () securityfocus com
Subject: Re: Port 5000 and Windows XP

Side note, at one point in time, while working on a bunch of XP home and
professional machines, going to services.msc and disabling upnp didn't
always work.  Since you don't really need it or want it, you should
fully
remove it from the system.  In other words, after disabling it and
rebooting, port scan the machine.  There is/was a utility that'd remove
upnp
completely, but i forget where it is (i found it on google).  Being a
*nix
head, I can't tell you exactly how to completely remove it, but i'm sure
someone here can.
adam
----------------------------------------------------
Adam Newhard
Microstrain, Inc.
If vegetarians eat vegetables, watch out for humanitarians

----- Original Message ----- 
From: "dos cerveza" <dos_cerveza () mail com>
To: "matt willson" <mwillson () sbcglobal net>;
<security-basics () securityfocus com>
Sent: Tuesday, August 12, 2003 1:27 PM
Subject: RE: Port 5000 and Windows XP

Port 5000 TCP is used together with port 1900 UDP for UPnP (universal

plug
and play). It is open on a default Windows XP install.

If you don't use it (and you probably don't) you can easily disable

the
mentioned ports from listening by opening 'services.msc' from a run box
and
stop the folowwing services:

'Universal Plug and Play Device Host' &
'SSDP Discovery Service'. Be sure to set them to 'disabled' or

'manual' to
prevent them from starting up on a reboot.

http://www.grc.com has a nice article about this too.

Sincerely
Dos

I had reason to look at a Windows XP box and discovered port 5000

open

on
it.  Subsequent research has shown that this is normal (albeit

stupid).


However, when I connect to port 5000, I get an "HTTP/1.1 400 Bad
Request".  Also, fport /ap shows port 5000 open, but will not

associate

an
application with it.  Am I overly paranoid or has this box been
compromised?

Thanks



-- 
__________________________________________________________
Sign-up for your own personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

CareerBuilder.com has over 400,000 jobs. Be smarter about your job

search

http://corp.mail.com/careers

------------------------------------------------------------------------
--
-

------------------------------------------------------------------------
--
--



------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Port 5000 and Windows XP Gene (Aug 11)
- RE: Port 5000 and Windows XP matt willson (Aug 12)
- <Possible follow-ups>
- RE: Port 5000 and Windows XP dos cerveza (Aug 12)
  - Re: Port 5000 and Windows XP Adam Newhard (Aug 13)
- Fw: Port 5000 and Windows XP Stephane Auger (Aug 12)
- Re: Fw: Port 5000 and Windows XP dos cerveza (Aug 12)
- Port 5000 and Windows XP Meidinger Chris (Aug 13)
- RE: Port 5000 and Windows XP Myers, Marvin (Aug 13)
  - RE: Port 5000 and Windows XP dave kleiman (Aug 14)
- Re: Port 5000 and Windows XP Jim Clare (Aug 14)