Here's a list of known ports: Known ports from 0 to 1023 25 tcp, udp smtp Simple Mail Transfer; alias=mail 80 tcp udp WWW World Wide Web HTTP 135 tcp udp loc-srv / epmap Location Service / DCE endpoint resolution 137 tcp udp netbios-ns NetBIOS Name Service 138 tcp udp netbios-dgm NetBIOS Datagram Service 139 tcp udp netbios-ssn NetBIOS Session Service 445 tcp udp microsoft-ds Microsoft-DS 500 tcp udp isakmp internet Secuirty Association and Key management protocol Registered ports from 1024 to 49151 1025 tcp listen listener RFS remote_file_sharing 1026 tcp nterm remote_login network_terminal 1031 & 1032 tcp udp iad3 BBN IAD @timeplex.com 1433 tcp, udp ms-sql-s Microsoft-SQL-Server 1434 tcp, udp ms-sql-m Microsoft-SQL-Monitor @microsoft.com 3372 tcp, udp tip2 loc252.tandem.com 3456 tcp udp vat VAT default data ee.lbl.gov 10000 tcp udp ndmp Network Data Management Protocol netapp.com Looks like you have a web server listening on port 80 (Microsoft Personal Web Server perhaps?), a Microsoft SQL Server listening to port 1433 (using a database for your web pages?), you are checking your mail on port 25, ports 135 to 139 are being used for your dial-up connection (or whatever) and it looks like you have File and Print sharing enabled and turned on. check out http://www.iana.org/assignments/port-numbers On Tue, 10 Jul 2001, Jacques Exelrud wrote: > I'm using ZoneAlarm on a machine. Starting some days ago the alert log > started to show a UDP connection from my machine to my machine (denied by > ZoneAlamr) > The UDP port is 10000. > After check netstat -n -a I lso found some weird ports: > > TCP 0.0.0.0:25 0.0.0.0:0 LISTENING > TCP 0.0.0.0:80 0.0.0.0:0 LISTENING > TCP 0.0.0.0:135 0.0.0.0:0 LISTENING > TCP 0.0.0.0:445 0.0.0.0:0 LISTENING > TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING > TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING > TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING > TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING > TCP 0.0.0.0:1032 0.0.0.0:0 LISTENING > TCP 0.0.0.0:3372 0.0.0.0:0 LISTENING > TCP 1.0.0.1:1433 0.0.0.0:0 LISTENING > TCP 127.0.0.1:1433 0.0.0.0:0 LISTENING > TCP 192.168.64.1:139 0.0.0.0:0 LISTENING > TCP 192.168.64.1:1433 0.0.0.0:0 LISTENING > UDP 0.0.0.0:135 *:* > UDP 0.0.0.0:445 *:* > UDP 0.0.0.0:500 *:* > UDP 0.0.0.0:1028 *:* > UDP 0.0.0.0:1031 *:* > UDP 0.0.0.0:1434 *:* > UDP 0.0.0.0:3456 *:* > UDP 0.0.0.0:10000 *:* > UDP 192.168.64.1:137 *:* > UDP 192.168.64.1:138 *:* > > Some of the are known but other are, at least, suspicious. > > Any sugestions on how to find who owns those ports ? ZoneAlarm does not > bother me with them so I suspect that who owns them is services.exe or other > Win200 program that have been allowed to act like a server. > > Thanks in advance, > Jacques > > > > > ---------------------------------------------------------------------------- > > > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: > > http://aris.securityfocus.com > > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jul 11 2001 - 16:36:37 PDT