If you have a tool like lsof. You can use following command to see which file is responsible for those oprn ports. Under Linux (Login as root): # lsof -i UDP (will show all UDP open ports) Rajeev Jacques Exelrud wrote: > > I'm using ZoneAlarm on a machine. Starting some days ago the alert log > started to show a UDP connection from my machine to my machine (denied by > ZoneAlamr) > The UDP port is 10000. > After check netstat -n -a I lso found some weird ports: > > TCP 0.0.0.0:25 0.0.0.0:0 LISTENING > TCP 0.0.0.0:80 0.0.0.0:0 LISTENING > TCP 0.0.0.0:135 0.0.0.0:0 LISTENING > TCP 0.0.0.0:445 0.0.0.0:0 LISTENING > TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING > TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING > TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING > TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING > TCP 0.0.0.0:1032 0.0.0.0:0 LISTENING > TCP 0.0.0.0:3372 0.0.0.0:0 LISTENING > TCP 1.0.0.1:1433 0.0.0.0:0 LISTENING > TCP 127.0.0.1:1433 0.0.0.0:0 LISTENING > TCP 192.168.64.1:139 0.0.0.0:0 LISTENING > TCP 192.168.64.1:1433 0.0.0.0:0 LISTENING > UDP 0.0.0.0:135 *:* > UDP 0.0.0.0:445 *:* > UDP 0.0.0.0:500 *:* > UDP 0.0.0.0:1028 *:* > UDP 0.0.0.0:1031 *:* > UDP 0.0.0.0:1434 *:* > UDP 0.0.0.0:3456 *:* > UDP 0.0.0.0:10000 *:* > UDP 192.168.64.1:137 *:* > UDP 192.168.64.1:138 *:* > > Some of the are known but other are, at least, suspicious. > > Any sugestions on how to find who owns those ports ? ZoneAlarm does not > bother me with them so I suspect that who owns them is services.exe or other > Win200 program that have been allowed to act like a server. > > Thanks in advance, > Jacques > > ---------------------------------------------------------------------------- > > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: > > http://aris.securityfocus.com -- ******************************************************************** Rajeev Kumar (rajeevat_private) http://www.rajeevnet.com ******************************************************************** -- PGP PUBLIC KEY -- http://www.rajeevnet.com/crypto/mypubkey ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jul 12 2001 - 11:34:57 PDT