Though I am unsure of what file might be accessing this port, if you are using WIN XP there is a method you can use. This was talked about earlier in the year and can be read about in the backlog of messages from the newsgroup. This talked about using process ID numbers (PIDs) that you can get form a netstat -ano. The PID of the application using the port can be used to map to the name of the application. I can't recall the exact method and do not have time to find it right now as I am at work, but it will be in the logs somewhere. If you STILL can't find it, drop me a line and I will take a look when I get home tonight.
Kindest of regards,
Hamish Stanaway
Absolute Web Hosting/-= KoRe WoRkS =- Internet Security Owner/Operator Auckland, New Zealand
http://www.webhosting.net.nz | http://www.buywebhosting.co.nz | http://www.koreworks.com
Is your box REALLY secure?
From: "Hyperion" <[EMAIL PROTECTED]>
To: "Security Basics Mailing List" <[EMAIL PROTECTED]>
Subject: What is this port? is it a trojan?
Date: Mon, 30 Jun 2003 17:52:04 +0100
MIME-Version: 1.0
Received: from outgoing2.securityfocus.com ([205.206.231.26]) by mc10-f7.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Mon, 30 Jun 2003 15:19:32 -0700
Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing2.securityfocus.com (Postfix) with QMQPid 9679A8F5E6; Mon, 30 Jun 2003 15:26:50 -0600 (MDT)
Received: (qmail 18559 invoked from network); 30 Jun 2003 16:48:50 -0000
X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:[EMAIL PROTECTED]>
List-Help: <mailto:[EMAIL PROTECTED]>
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <mailto:[EMAIL PROTECTED]>
Delivered-To: mailing list [EMAIL PROTECTED]
Delivered-To: moderator for [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 30 Jun 2003 22:19:32.0671 (UTC) FILETIME=[AE5E94F0:01C33F55]
Hello all :)
I have been taking a more detailed interest in my pc's security of late, and security for computers in general, and I am learning at quite a fast rate, although there is a great, great deal of information to learn out there.
Just recently I have taken to doing regular, netstat - probes on my machine
to see the different connections that arise and so forth.
Today I found a rather mysterious port with the number, 44334 and I have
copied/paste the results of the netstat -an below for people to look at.
Is the port in question, -44334- a Trojan? it strikes me as a rather
suspicious port and a rather large port number.
Could anyone tell me how I can find out what's running behind the port in
question, and also what to do about it if it is a port.
I have run my virus software, but it did not find any viruses or Trojans
installed on my machine, so I am at a loss as to what to do.
I am also very limited in my security knowledge, so I am basically stuck for
the necessary ideas or solutions on what to do in order to find out what's
behind this port.
Any and all help is greatly appreciated thanks.
Details of netstat below::
Active Connections
Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING TCP 0.0.0.0:1038 0.0.0.0:0 LISTENING TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING TCP 0.0.0.0:44334 0.0.0.0:0 LISTENING TCP 127.0.0.1:110 0.0.0.0:0 LISTENING TCP 127.0.0.1:1279 127.0.0.1:110 TIME_WAIT TCP 217.135.174.224:1280 195.92.193.154:110 TIME_WAIT UDP 0.0.0.0:445 *:* UDP 0.0.0.0:500 *:* UDP 0.0.0.0:1036 *:* UDP 0.0.0.0:44334 *:* UDP 127.0.0.1:123 *:* UDP 127.0.0.1:1900 *:* UDP 217.135.174.224:123 *:* UDP 217.135.174.224:1900 *:*
My Regards Hyperion
--------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------