Security Basics mailing list archives

Re: What is this port? is it a trojan?

From: "KoRe MeLtDoWn" <koremeltdown () hotmail com>
Date: Mon, 30 Jun 2003 22:56:46 +0000

Hey there,

Though I am unsure of what file might be accessing this port, if you areusing WIN XP there is a method you can use. This was talked about earlier inthe year and can be read about in the backlog of messages from thenewsgroup. This talked about using process ID numbers (PIDs) that you canget form a netstat -ano. The PID of the application using the port can beused to map to the name of the application. I can't recall the exact methodand do not have time to find it right now as I am at work, but it will be inthe logs somewhere. If you STILL can't find it, drop me a line and I willtake a look when I get home tonight.


Kindest of regards,

Hamish Stanaway

Absolute Web Hosting/-= KoRe WoRkS =- Internet Security
Owner/Operator
Auckland, New Zealand

http://www.webhosting.net.nz | http://www.buywebhosting.co.nz |http://www.koreworks.com


Is your box REALLY secure?

From: "Hyperion" <nemesis () croasdalepreston fsnet co uk>
To: "Security Basics Mailing List" <security-basics () securityfocus com>
Subject: What is this port? is it a trojan?
Date: Mon, 30 Jun 2003 17:52:04 +0100
MIME-Version: 1.0

Received: from outgoing2.securityfocus.com ([205.206.231.26]) bymc10-f7.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Mon, 30 Jun2003 15:19:32 -0700Received: from lists.securityfocus.com (lists.securityfocus.com[205.206.231.19])by outgoing2.securityfocus.com (Postfix) with QMQPid9679A8F5E6; Mon, 30 Jun 2003 15:26:50 -0600 (MDT)

Received: (qmail 18559 invoked from network); 30 Jun 2003 16:48:50 -0000
X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com

Message-ID:<PGENIBLLNBICBKILHDNGKEHACBAA.nemesis () croasdalepreston fsnet co uk>

X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Return-Path:security-basics-return-20761-koremeltdown=hotmail.com () securityfocus comX-OriginalArrivalTime: 30 Jun 2003 22:19:32.0671 (UTC)FILETIME=[AE5E94F0:01C33F55]


Hello all :)

 I have been taking a more detailed interest in my pc's security of late,
and security for computers in general, and I am learning at quite a fast
rate, although there is a great, great deal of information to learn out
there.

Just recently I have taken to doing regular, netstat - probes on mymachine

to see the different connections that arise and so forth.
 Today I found a rather mysterious port with the number, 44334 and I have
copied/paste the results of the netstat -an below for people to look at.
 Is the port in question, -44334- a Trojan? it strikes me as a rather
suspicious port and a rather large port number.
 Could anyone tell me how I can find out what's running behind the port in
question, and also what to do about it if it is a port.
 I have run my virus software, but it did not find any viruses or Trojans
installed on my machine, so I am at a loss as to what to do.

I am also very limited in my security knowledge, so I am basically stuckfor

the necessary ideas or solutions on what to do in order to find out what's
behind this port.
Any and all help is greatly appreciated thanks.

Details of netstat below::

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1026           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1038           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5000           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:44334          0.0.0.0:0              LISTENING
  TCP    127.0.0.1:110          0.0.0.0:0              LISTENING
  TCP    127.0.0.1:1279         127.0.0.1:110          TIME_WAIT
  TCP    217.135.174.224:1280   195.92.193.154:110     TIME_WAIT
  UDP    0.0.0.0:445            *:*
  UDP    0.0.0.0:500            *:*
  UDP    0.0.0.0:1036           *:*
  UDP    0.0.0.0:44334          *:*
  UDP    127.0.0.1:123          *:*
  UDP    127.0.0.1:1900         *:*
  UDP    217.135.174.224:123    *:*
  UDP    217.135.174.224:1900   *:*


My Regards
Hyperion


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------


_________________________________________________________________

STOP MORE SPAM with the new MSN 8 and get 2 months FREE*http://join.msn.com/?page=features/junkmail



---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in

about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm

----------------------------------------------------------------------------

Current thread:

RE: What is this port? is it a trojan? Paul Kurczaba (Jul 02)
- <Possible follow-ups>
- Re: What is this port? is it a trojan? Mike Heitz (Jul 02)
- Re: What is this port? is it a trojan? KoRe MeLtDoWn (Jul 02)
- Re: What is this port? is it a trojan? Roger A. Grimes (Jul 02)
- RE: What is this port? is it a trojan? Hyperion (Jul 02)
- RE: What is this port? is it a trojan? dave klimen (Jul 02)
- Re: What is this port? is it a trojan? Ryan Smith (Jul 02)
- Re: What is this port? is it a trojan? nee cee (Jul 02)
- Re: What is this port? is it a trojan? Sabari Devadoss (Jul 02)
- Re: What is this port? is it a trojan? BlueScreen (Jul 02)
- RE: What is this port? is it a trojan? Sabol, Paul (Jul 02)
- Re: What is this port? is it a trojan? entmoot (Jul 02)
- RE: What is this port? is it a trojan? Dave Killion (Jul 02)

(Thread continues...)