::: Replying to leon <[EMAIL PROTECTED]>,
message dated Friday, November 23, 2001 14:53 hours :::
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Why don't you get f-port or vision from foundstone.com and track down
>the process that is bound to the port?
>
Good choice, but why not kill two birds with one stone, that is, precise who
owns the application opening the ports and also provide a configurable firewall
as well?
If you want the two, get Tiny Personal firewall Personal Edition (freeware).
>- -----Original Message-----
>From: Richard Feaver [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, November 21, 2001 5:38 AM
>To: [EMAIL PROTECTED]
>Subject: WIN2K Ports 32000 & 32001 Open ?
>
>Greets all,
>
>recently checking one of our Win2k boxes
>i found ports 32000 and 32001 open
>and listening for connections.
>checking google i failed to find
>much concerning port 32000 but i did
>find a trojan called "Donald Dick" which
>apparently runs on port 32001. Ive checked
>official application port listings and those
>port numbers are not registered so i can only
>assume its a trojan of some sort.
>
>Has anyone else had any experiance with these
>port numbers or coudl offer any more advice
>as to track down exactly what it is and how i
>could go about curing the problem. I tried a
>reboot aswell but they were still open on re-startup.
>
>thank you,
>
>rich
>
--
Richard H. Cotterell <mailto:[EMAIL PROTECTED]>
A quotable quote:
The least initial deviation from the truth is multiplied later a
thousandfold.
-Aristotle, philosopher (384-322 B.C.)
