On Mon, 2 Oct 2000, Yvette Hirth wrote:
> I have Internet ToolBox and am using the "Connections Watcher" feature.
Sorry, never heard of either of those...
> Protocol LocalIP LocalPort RemoteIP RemotePort State
> TCP 0.0.0.0 1025 0.0.0.0 0 Listen
> UDP 0.0.0.0 3028 0.0.0.0 0 Listen
Listen state means there's a service listening on your box, not an
outbound connection.
> Some stuff is obvious, like RemotePort 23 (telnet sessions I requested be
> established). Others are not, like 1025 - I recognize that to be a dynamic
> port, but with a local and remote IP of 0's, what's the deal there?
>
0.0.0.0 is usually used to denote that the socket is listening on all
local interfaces (loopback, any NICs...) rather than a specific address.
> Is there any way to track down these ports other than shutting everything
> down? YES, I know about the port list, I've listened to the other posters,
> Puh-Leeze don't flame me. How can I tell who dynamically allocated port
> 1025? And, would a trojan show up for a long time, or just when it's
> sending/trying_to_send it's data out?
Depends on how it's written.
Someone with more Win* experience will have to answer the "How do I
tell what's listening?" question, in the *nix world we have lsof which
does that really nicely for all open sockets/handles.
I believe that typically the MS RPC stuff opens a socket above 1024 on
Win* boxes.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
