Re: What is this port? is it a trojan?

Wed, 02 Jul 2003 10:39:34 -0700 

On Mon, 2003-06-30 at 10:52, Hyperion wrote:
> Hello all :)
> 
>  I have been taking a more detailed interest in my pc's security of late,
> and security for computers in general, and I am learning at quite a fast
> rate, although there is a great, great deal of information to learn out
> there.
> 
>  Just recently I have taken to doing regular, netstat - probes on my machine
> to see the different connections that arise and so forth.
>  Today I found a rather mysterious port with the number, 44334 and I have
> copied/paste the results of the netstat -an below for people to look at.
>  Is the port in question, -44334- a Trojan? it strikes me as a rather
> suspicious port and a rather large port number.
>  Could anyone tell me how I can find out what's running behind the port in
> question, and also what to do about it if it is a port.
>  I have run my virus software, but it did not find any viruses or Trojans
> installed on my machine, so I am at a loss as to what to do.
> I am also very limited in my security knowledge, so I am basically stuck for
> the necessary ideas or solutions on what to do in order to find out what's
> behind this port.
> Any and all help is greatly appreciated thanks.
> 
> Details of netstat below::
> 
> Active Connections
> 
>   Proto  Local Address          Foreign Address        State
>   TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
>   TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
>   TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING
>   TCP    0.0.0.0:1026           0.0.0.0:0              LISTENING
>   TCP    0.0.0.0:1038           0.0.0.0:0              LISTENING
>   TCP    0.0.0.0:5000           0.0.0.0:0              LISTENING
>   TCP    0.0.0.0:44334          0.0.0.0:0              LISTENING
>   TCP    127.0.0.1:110          0.0.0.0:0              LISTENING
>   TCP    127.0.0.1:1279         127.0.0.1:110          TIME_WAIT
>   TCP    217.135.174.224:1280   195.92.193.154:110     TIME_WAIT
>   UDP    0.0.0.0:445            *:*
>   UDP    0.0.0.0:500            *:*
>   UDP    0.0.0.0:1036           *:*
>   UDP    0.0.0.0:44334          *:*
>   UDP    127.0.0.1:123          *:*
>   UDP    127.0.0.1:1900         *:*
>   UDP    217.135.174.224:123    *:*
>   UDP    217.135.174.224:1900   *:*
> 

Because the source and destination IP's are the same, it's just your
machine talking to itself.  Applications choose random port numbers to
communicate, unless the port is part of a spec.

However, for future outbound connections where the port number doesn't
clearly tie to a service (110 pop3 et al) you may wish to visit
http://www.portsdb.org

Cheers

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to