I'm using ZoneAlarm on a machine. Starting some days ago the alert log started to show a UDP connection from my machine to my machine (denied by ZoneAlamr) The UDP port is 10000. After check netstat -n -a I lso found some weird ports: TCP 0.0.0.0:25 0.0.0.0:0 LISTENING TCP 0.0.0.0:80 0.0.0.0:0 LISTENING TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING TCP 0.0.0.0:1032 0.0.0.0:0 LISTENING TCP 0.0.0.0:3372 0.0.0.0:0 LISTENING TCP 1.0.0.1:1433 0.0.0.0:0 LISTENING TCP 127.0.0.1:1433 0.0.0.0:0 LISTENING TCP 192.168.64.1:139 0.0.0.0:0 LISTENING TCP 192.168.64.1:1433 0.0.0.0:0 LISTENING UDP 0.0.0.0:135 *:* UDP 0.0.0.0:445 *:* UDP 0.0.0.0:500 *:* UDP 0.0.0.0:1028 *:* UDP 0.0.0.0:1031 *:* UDP 0.0.0.0:1434 *:* UDP 0.0.0.0:3456 *:* UDP 0.0.0.0:10000 *:* UDP 192.168.64.1:137 *:* UDP 192.168.64.1:138 *:* Some of the are known but other are, at least, suspicious. Any sugestions on how to find who owns those ports ? ZoneAlarm does not bother me with them so I suspect that who owns them is services.exe or other Win200 program that have been allowed to act like a server. Thanks in advance, Jacques ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jul 11 2001 - 13:31:40 PDT