You can keep guessing at the service running on this port, but the only sure way is to run a network monitor, ie ethereal, windump/tcpdump there are loads about, and check the packets.
Subsurface It is very dangerous to swim with the sharks, But at least they don't nag. -----Original Message----- From: Matti Haack [mailto:[EMAIL PROTECTED] Sent: 04 July 2003 19:01 To: [EMAIL PROTECTED] Subject: Re[2]: What is this port? is it a trojan? Do you use Kerio/tiny Firewall? Its the administration port number... Matti kmuam> Hello all :) kmuam> I have been taking a more detailed interest in my pc's security kmuam> of late, and security for computers in general, and I am learning kmuam> at quite a fast rate, although there is a great, great deal of kmuam> information to learn out there. kmuam> Just recently I have taken to doing regular, netstat - probes on kmuam> my machine to see the different connections that arise and so kmuam> forth. Today I found a rather mysterious port with the number, kmuam> 44334 and I have copied/paste the results of the netstat -an kmuam> below for people to look at. Is the port in question, -44334- a kmuam> Trojan? it strikes me as a rather suspicious port and a rather kmuam> large port number. Could anyone tell me how I can find out kmuam> what's running behind the port in question, and also what to do kmuam> about it if it is a port. I have run my virus software, but it kmuam> did not find any viruses or Trojans installed on my machine, so I kmuam> am at a loss as to what to do. I am also very limited in my kmuam> security knowledge, so I am basically stuck for the necessary kmuam> ideas or solutions on what to do in order to find out what's kmuam> behind this port. Any and all help is greatly appreciated thanks. kmuam> Details of netstat below:: kmuam> Active Connections kmuam> Proto Local Address Foreign Address State kmuam> TCP 0.0.0.0:135 0.0.0.0:0 LISTENING kmuam> TCP 0.0.0.0:445 0.0.0.0:0 LISTENING kmuam> TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING kmuam> TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING kmuam> TCP 0.0.0.0:1038 0.0.0.0:0 LISTENING kmuam> TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING kmuam> TCP 0.0.0.0:44334 0.0.0.0:0 LISTENING kmuam> TCP 127.0.0.1:110 0.0.0.0:0 LISTENING kmuam> TCP 127.0.0.1:1279 127.0.0.1:110 TIME_WAIT kmuam> TCP 217.135.174.224:1280 195.92.193.154:110 TIME_WAIT kmuam> UDP 0.0.0.0:445 *:* kmuam> UDP 0.0.0.0:500 *:* kmuam> UDP 0.0.0.0:1036 *:* kmuam> UDP 0.0.0.0:44334 *:* kmuam> UDP 127.0.0.1:123 *:* kmuam> UDP 127.0.0.1:1900 *:* kmuam> UDP 217.135.174.224:123 *:* kmuam> UDP 217.135.174.224:1900 *:* kmuam> My Regards kmuam> Hyperion kmuam> ----------------------------------------------------------------- kmuam> ---------- kmuam> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the kmuam> leader in marketshare. kmuam> Find out why, and see how you can get plug-n-play secure remote kmuam> access in about an hour, with no client, server changes, or ongoing maintenance. kmuam> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm kmuam> ----------------------------------------------------------------- kmuam> ----------- ------------------------------------------------------------------------ --- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------