Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > incidents > 03 > 030934.html (Request Expert securityfocus.com Support)

Re: [CERT] Why alerts on ports 1025-1029, 1036

From: ePAc <epac(at)korigan.net>
Date: Mon Mar 31 2003 - 19:59:50 EST

those ports are use as RPC endpoints for COM/COM+ under windows 2000/XP i beleive, which would explain why ZoneAlarm would try to block those.

>From what i understand, COM(+) binding starts at 1024 and quickly use more
ports (up to 5000). There are a couple articles in the MS knowledge base about this (support.ms.com/search/default.aspx and search for 1025 port connection)

I believe that some application like ZoneAlarm will block specific applications from binding/using some network interfaces unless you specifically allow for those.

I hope this answers your concerns...

i suggests you check out the various tools to see what applications are binding to those ports (if those are rogue services or something else harmless)

Good Luck..

ePAc.

Do you need help?X

On Tue, 1 Apr 2003, Tomas Carlsson wrote:

> Date: Tue, 1 Apr 2003 00:04:23 +0200
> From: Tomas Carlsson <xtc@skildra.nu>
> To: incidents@securityfocus.com
> Subject: [CERT] Why alerts on ports 1025-1029, 1036
>
> I get constant alerts from Zonealarm and it is always blocking on 

---
Nothing is foolproof to a sufficiently talented fool...
  oo
,(..)\
  ~~

----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-incidents
Received on Mon Mar 31 20:10:32 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:00 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library