RE: Why alerts on ports 1025-1029, 1036

From: Matt Marcos (Matt.Marcosat_private)
Date: Mon Mar 31 2003 - 17:11:59 PST

Next message: Toby Miller: "RE: new attack tool combining SMB and WebDAV?"

Previous message: cisoat_private: "[Full-Disclosure] Animal Rights Hacktivism - They Got One"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In XP you can type NETSTAT -o and this will show the PID of each connection.
You can then use task manager to corrolate the PID against what program is
running.   So NETSTAT -a -o will show you all listening processes and what
PID is associated with them.

Matt.

-----Original Message-----
From: Erik Boles [mailto:erikat_private] 
Sent: Tuesday, 1 April 2003 10:29 AM
To: Tomas Carlsson; incidentsat_private
Subject: RE: Why alerts on ports 1025-1029, 1036


Tomas,

1025 is dynamically assigned, so really any program can request use of it. I
have seen nterm use 1026 rather frequently.  1036 is usually an outbound
port.

You can see what all is listneing on your system by running netstat -l
(unix) or netstat -a (windows) from a command prompt.

Erik



-----Original Message-----
From: Tomas Carlsson [mailto:xtcat_private]
Sent: Monday, March 31, 2003 3:04 PM
To: incidentsat_private
Subject: Why alerts on ports 1025-1029, 1036


I get constant alerts from Zonealarm and it is always blocking on
ports 1025, 1026, 1027 or 1029.
Can someone tell me why?

Sometimes also alerts from blocking on port 1036. What's there?

TIA
Tomas



----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-incidents


----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-incidents



----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-incidents

Next message: Toby Miller: "RE: new attack tool combining SMB and WebDAV?"
Previous message: cisoat_private: "[Full-Disclosure] Animal Rights Hacktivism - They Got One"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 01 2003 - 16:34:50 PST