Kevin, No offense, but you've fallen into the same trap many people seem to fall into...in fact, on the Security-basics list for this week alone, there are at least two other threads that are almost exactly the same as what you're referring to...
When you're performing a security/vulnerability assessment of systems you own, particularly Win2K systems, port scanning the systems and then looking up what services the ports are assigned to is an exercise in futility...and generally will result in posts like yours. A better way of handling these things is to get yourself a copy of fport.exe from FoundStone (I see you're already familiar with the site) and run that tool. Other tools you can use include Active Ports, or FoundStone's Vision, or TDIMon from SysInternals. These tools will all map a port to the process using the port, and clear up your questions. Note: Tools like fport do not work on XP due to MS rewriting the networking code. Instead, use the '-o' switch in netstat...'netstat -ano'. Again, this is ONLY for XP...the '-o' switch does NOT work on 2K. <soapbox> If you really want to get a better picture/snapshot of what's going on on an NT/2K system, I'd recommend that you go to SysInternals and get handle.exe, listdlls.exe, and pslist.exe (part of the PSToolKit). Then get fport.exe from Foundstone. Once you have these tools, run them (as well as 'netstat -an') and redirect their output to files: c:\tools>handle > handle.log etc Then, go to http://patriot.net/~carvdawg/perl.html and get either the procdmp.pl script, or the standalone EXE for procdmp w/ a GUI. Run the tool, and you'll get an HTML file that shows information on each of the processes you've got running, consolidated to include command line, user context, open files, ports and connections. Also, the EXE will perform highlighting of processes started from within NTFS alternate data streams. An example can be seen here: http://patriot.net/~carvdawg/pd.html </soapbox> HTH, Carv __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
