Hosting Provided By

Re: What is this port? is it a trojan?

From: Ryan Smith <RyanSmith(at)mail.UTexas.edu>
Date: Mon Jun 30 2003 - 23:01:12 EDT

Original Message ----- From: "Hyperion" <nemesis@croasdalepreston.fsnet.co.uk>

> Just recently I have taken to doing regular, netstat - probes on my
machine
> to see the different connections that arise and so forth.

What operating system are you running? If you're using XP you can use the command "netstat -ao" and it will list the proccess ID (PID) of the program associated with the port
Armed with that info, you can go to task manager and click the "processes" tab. Then under view there will be an option "set columns" make sure the PID is checked, then sort by PID and you'll find your program.

If you don't like the legwork, you can also download fport.exe from http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subconte nt=/resources/proddesc/fport.htm
This will print all open ports with the full path of the program associated to them.
This is probably the easiest and best solution, but now you have options. AFAIK fport runs on NT, 2000 and XP.

> I have run my virus software, but it did not find any viruses or Trojans
for
> the necessary ideas or solutions on what to do in order to find out what's
FYI: I'm hoping that this IP has been "sanitized". By this I mean, its not a good idea to put your ip out there (with a list of open ports no less), even if just to a security mailing list. In the future, you might (if you haven't already) replace it with an ip in the 192.168.0.0/24 range, then state at the beginning to assume that's your address.

Hope this helps,
Ryan W Smith

Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm

Received on Wed Jul 2 12:04:20 2003

Do you need help?

This message: [ Message body ]
Next message: nee cee: "Re: What is this port? is it a trojan?"
Previous message: Chris Berry: "Re: Ten least secure programs"
In reply to: Hyperion: "What is this port? is it a trojan?"
In reply to dave klimen: "RE: What is this port? is it a trojan?"
Next in thread: Sabari Devadoss: "Re: What is this port? is it a trojan?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:05:20 EDT