RE: What is this port? is it a trojan?

Hyperion,

I'd try telnet-ing (e.g. 'telnet localhost:44334') or better yet use NetCat and try connecting to it, bang the Enter key a few times, and see what pops up. If it does reply with any banner, run that through Google for more info.

If it were a POSIX system (your output looks Windows-ish to me, but I could be wrong) you could use lsof to determine which process was listening to what port - very handy proggie.

Good luck,

Dave Killion
Senior Security Engineer
Security Group
NetScreen Technologies, Inc.

-----Original Message-----
From: Hyperion [mailto:nemesis@croasdalepreston.fsnet.co.uk] Sent: Monday, June 30, 2003 9:52 AM
To: Security Basics Mailing List
Subject: What is this port? is it a trojan?

Hello all :)

 I have been taking a more detailed interest in my pc's security of late,
and security for computers in general, and I am learning at quite a fast rate, although there is a great, great deal of information to learn out there.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

 Just recently I have taken to doing regular, netstat - probes on my machine
to see the different connections that arise and so forth.  Today I found a rather mysterious port with the number, 44334 and I have
copied/paste the results of the netstat -an below for people to look at.  Is the port in question, -44334- a Trojan? it strikes me as a rather suspicious port and a rather large port number.  Could anyone tell me how I can find out what's running behind the port in
question, and also what to do about it if it is a port.  I have run my virus software, but it did not find any viruses or Trojans
installed on my machine, so I am at a loss as to what to do. I am also very limited in my security knowledge, so I am basically stuck for
the necessary ideas or solutions on what to do in order to find out what's
behind this port.
Any and all help is greatly appreciated thanks.

Details of netstat below::

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1026           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1038           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5000           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:44334          0.0.0.0:0              LISTENING
  TCP    127.0.0.1:110          0.0.0.0:0              LISTENING
  TCP    127.0.0.1:1279         127.0.0.1:110          TIME_WAIT
  TCP    217.135.174.224:1280   195.92.193.154:110     TIME_WAIT
  UDP    0.0.0.0:445            *:*
  UDP    0.0.0.0:500            *:*
  UDP    0.0.0.0:1036           *:*
  UDP    0.0.0.0:44334          *:*
  UDP    127.0.0.1:123          *:*
  UDP    127.0.0.1:1900         *:*

---
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access
in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: 
http://www.neoteris.com/promos/sf-6-9.htm
------------------------------------------------------------------------
----