RE: What is this port? is it a trojan?

[matthias.rasking () accenture com]

Hyperion,

I usually start up a TCP/IP Port Mapper to check on these things, Vision
by www.foundstone.com/products and TCPView by www.sysinternals.com work
fine for me. With regards to Trojans I've heard good things about
www.spyguard.com, although other members of this mailing list should be
able to provide you with more info. 

Regards,
Matt.


-----Original Message-----
From: Hyperion [mailto:nemesis () croasdalepreston fsnet co uk] 
Sent: Montag, 30. Juni 2003 18:52
To: Security Basics Mailing List
Subject: What is this port? is it a trojan?


Hello all :)

 I have been taking a more detailed interest in my pc's security of
late, and security for computers in general, and I am learning at quite
a fast rate, although there is a great, great deal of information to
learn out there.

 Just recently I have taken to doing regular, netstat - probes on my
machine to see the different connections that arise and so forth.  Today
I found a rather mysterious port with the number, 44334 and I have
copied/paste the results of the netstat -an below for people to look at.
Is the port in question, -44334- a Trojan? it strikes me as a rather
suspicious port and a rather large port number.  Could anyone tell me
how I can find out what's running behind the port in question, and also
what to do about it if it is a port.  I have run my virus software, but
it did not find any viruses or Trojans installed on my machine, so I am
at a loss as to what to do. I am also very limited in my security
knowledge, so I am basically stuck for the necessary ideas or solutions
on what to do in order to find out what's behind this port. Any and all
help is greatly appreciated thanks.

Details of netstat below::

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1026           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1038           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5000           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:44334          0.0.0.0:0              LISTENING
  TCP    127.0.0.1:110          0.0.0.0:0              LISTENING
  TCP    127.0.0.1:1279         127.0.0.1:110          TIME_WAIT
  TCP    217.135.174.224:1280   195.92.193.154:110     TIME_WAIT
  UDP    0.0.0.0:445            *:*
  UDP    0.0.0.0:500            *:*
  UDP    0.0.0.0:1036           *:*
  UDP    0.0.0.0:44334          *:*
  UDP    127.0.0.1:123          *:*
  UDP    127.0.0.1:1900         *:*
  UDP    217.135.174.224:123    *:*
  UDP    217.135.174.224:1900   *:*


My Regards
Hyperion


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------