Foundstone.com has a useful tool called fport that will identify the pid on nt & 2k. Might be useful in this case. http://www.foundstone.com/knowledge/intrusion_detection.html Joel -----Original Message----- From: Matt Marcos [mailto:Matt.Marcosat_private] Sent: Monday, March 31, 2003 3:12 PM To: incidentsat_private Subject: RE: Why alerts on ports 1025-1029, 1036 In XP you can type NETSTAT -o and this will show the PID of each connection. You can then use task manager to corrolate the PID against what program is running. So NETSTAT -a -o will show you all listening processes and what PID is associated with them. Matt. -----Original Message----- From: Erik Boles [mailto:erikat_private] Sent: Tuesday, 1 April 2003 10:29 AM To: Tomas Carlsson; incidentsat_private Subject: RE: Why alerts on ports 1025-1029, 1036 Tomas, 1025 is dynamically assigned, so really any program can request use of it. I have seen nterm use 1026 rather frequently. 1036 is usually an outbound port. You can see what all is listneing on your system by running netstat -l (unix) or netstat -a (windows) from a command prompt. Erik -----Original Message----- From: Tomas Carlsson [mailto:xtcat_private] Sent: Monday, March 31, 2003 3:04 PM To: incidentsat_private Subject: Why alerts on ports 1025-1029, 1036 I get constant alerts from Zonealarm and it is always blocking on ports 1025, 1026, 1027 or 1029. Can someone tell me why? Sometimes also alerts from blocking on port 1036. What's there? TIA Tomas ------------------------------------------------------------------------ ---- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-incidents ------------------------------------------------------------------------ ---- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-incidents ------------------------------------------------------------------------ ---- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-incidents ---------------------------------------------------------------------------- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-incidents
This archive was generated by hypermail 2b30 : Wed Apr 02 2003 - 19:40:24 PST