those ports are use as RPC endpoints for COM/COM+ under windows 2000/XP i beleive, which would explain why ZoneAlarm would try to block those. From what i understand, COM(+) binding starts at 1024 and quickly use more ports (up to 5000). There are a couple articles in the MS knowledge base about this (support.ms.com/search/default.aspx and search for 1025 port connection) I believe that some application like ZoneAlarm will block specific applications from binding/using some network interfaces unless you specifically allow for those. I hope this answers your concerns... i suggests you check out the various tools to see what applications are binding to those ports (if those are rogue services or something else harmless) Good Luck.. ePAc. On Tue, 1 Apr 2003, Tomas Carlsson wrote: > Date: Tue, 1 Apr 2003 00:04:23 +0200 > From: Tomas Carlsson <xtcat_private> > To: incidentsat_private > Subject: [CERT] Why alerts on ports 1025-1029, 1036 > > I get constant alerts from Zonealarm and it is always blocking on > ports 1025, 1026, 1027 or 1029. > Can someone tell me why? > > Sometimes also alerts from blocking on port 1036. What's there? > > TIA > Tomas > > > > ---------------------------------------------------------------------------- > Powerful Anti-Spam Management and More... > SurfControl E-mail Filter puts the brakes on spam, > viruses and malicious code. Safeguard your business > critical communications. Download a free 30-day trial: > http://www.securityfocus.com/SurfControl-incidents > --- Nothing is foolproof to a sufficiently talented fool... oo ,(..)\ ~~ ---------------------------------------------------------------------------- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-incidents
This archive was generated by hypermail 2b30 : Mon Mar 31 2003 - 17:08:55 PST