localhost:half-life

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
A program that shows connections on my computer show's

Remote address ______ Local address

localhost:half-life_______  127.0.0.1:1051
localhost:1051_________ 127.0.0.1:half-life
*.*___________________ 127.0.0.1:half-life

I never play the game half-life so I'm wondering if this might
be a Trojan, key logger or something I need to worry about?

Thanks
JNB


Re: localhost:half-life


| A program that shows connections on my computer show's
|
| Remote address ______ Local address
|
| localhost:half-life_______  127.0.0.1:1051
| localhost:1051_________ 127.0.0.1:half-life
| *.*___________________ 127.0.0.1:half-life
|
| I never play the game half-life so I'm wondering if this might
| be a Trojan, key logger or something I need to worry about?
|
| Thanks
| JNB

The question is what is the actuialt TCP port the alias "half-life" represents.

This will be found in the etc/services table.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: localhost:half-life

wrote:
Quoted text here. Click to load it
Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm
Quoted text here. Click to load it
I don't understand what you mean by etc/services table.
JNB


Re: localhost:half-life


Quoted text here. Click to load it
It is the file C:/Windows/System32/Drivers/Etc/Services (On a PC)  Note that
it has no extension.
Jim



Re: localhost:half-life

Quoted text here. Click to load it
That's an interesting file but I can't find Half-life listed or the
port.
There is a listing for doom port 666 but I never play games.
Today the port listed for Half-life is 1034 using netmon. It was
port 1051 the other day.

I suppose if it were a virus or something Avast would have found
it so I'm about ready to stop worrying about it.

I appreciate all the help.
Live long and prosper.
JNB
####################################################
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This file contains port numbers for well-known services defined by
IANA
#
# Format:
#
# <service name>  <port number>/<protocol>  [aliases...]
[#<comment>]
#

echo                7/tcp
echo                7/udp
discard             9/tcp    sink null
discard             9/udp    sink null
systat             11/tcp    users                  #Active users
systat             11/tcp    users                  #Active users
daytime            13/tcp
daytime            13/udp
qotd               17/tcp    quote                  #Quote of the day
qotd               17/udp    quote                  #Quote of the day
chargen            19/tcp    ttytst source          #Character
generator
chargen            19/udp    ttytst source          #Character
generator
ftp-data           20/tcp                           #FTP, data
ftp                21/tcp                           #FTP. control
telnet             23/tcp
smtp               25/tcp    mail                   #Simple Mail
Transfer Protocol
time               37/tcp    timserver
time               37/udp    timserver
rlp                39/udp    resource               #Resource Location
Protocol
nameserver         42/tcp    name                   #Host Name Server
nameserver         42/udp    name                   #Host Name Server
nicname            43/tcp    whois
domain             53/tcp                           #Domain Name
Server
domain             53/udp                           #Domain Name
Server
bootps             67/udp    dhcps                  #Bootstrap
Protocol Server
bootpc             68/udp    dhcpc                  #Bootstrap
Protocol Client
tftp               69/udp                           #Trivial File
Transfer
gopher             70/tcp
finger             79/tcp
http               80/tcp    www www-http           #World Wide Web
kerberos           88/tcp    krb5 kerberos-sec      #Kerberos
kerberos           88/udp    krb5 kerberos-sec      #Kerberos
hostname          101/tcp    hostnames              #NIC Host Name
Server
iso-tsap          102/tcp                           #ISO-TSAP Class 0
rtelnet           107/tcp                           #Remote Telnet
Service
pop2              109/tcp    postoffice             #Post Office
Protocol - Version 2
pop3              110/tcp                           #Post Office
Protocol - Version 3
sunrpc            111/tcp    rpcbind portmap        #SUN Remote
Procedure Call
sunrpc            111/udp    rpcbind portmap        #SUN Remote
Procedure Call
auth              113/tcp    ident tap              #Identification
Protocol
uucp-path         117/tcp
nntp              119/tcp    usenet                 #Network News
Transfer Protocol
ntp               123/udp                           #Network Time
Protocol
epmap             135/tcp    loc-srv                #DCE endpoint
resolution
epmap             135/udp    loc-srv                #DCE endpoint
resolution
netbios-ns        137/tcp    nbname                 #NETBIOS Name
Service
netbios-ns        137/udp    nbname                 #NETBIOS Name
Service
netbios-dgm       138/udp    nbdatagram             #NETBIOS Datagram
Service
netbios-ssn       139/tcp    nbsession              #NETBIOS Session
Service
imap              143/tcp    imap4                  #Internet Message
Access Protocol
pcmail-srv        158/tcp                           #PCMail Server
snmp              161/udp                           #SNMP
snmptrap          162/udp    snmp-trap              #SNMP trap
print-srv         170/tcp                           #Network
PostScript
bgp               179/tcp                           #Border Gateway
Protocol
irc               194/tcp                           #Internet Relay
Chat Protocol
ipx               213/udp                           #IPX over IP
ldap              389/tcp                           #Lightweight
Directory Access Protocol
https             443/tcp    MCom
https             443/udp    MCom
microsoft-ds      445/tcp
microsoft-ds      445/udp
kpasswd           464/tcp                           # Kerberos (v5)
kpasswd           464/udp                           # Kerberos (v5)
isakmp            500/udp    ike                    #Internet Key
Exchange
exec              512/tcp                           #Remote Process
Execution
biff              512/udp    comsat
login             513/tcp                           #Remote Login
who               513/udp    whod
cmd               514/tcp    shell
syslog            514/udp
printer           515/tcp    spooler
talk              517/udp
ntalk             518/udp
efs               520/tcp                           #Extended File
Name Server
router            520/udp    route routed
timed             525/udp    timeserver
tempo             526/tcp    newdate
courier           530/tcp    rpc
conference        531/tcp    chat
netnews           532/tcp    readnews
netwall           533/udp                           #For emergency
broadcasts
uucp              540/tcp    uucpd
klogin            543/tcp                           #Kerberos login
kshell            544/tcp    krcmd                  #Kerberos remote
shell
new-rwho          550/udp    new-who
remotefs          556/tcp    rfs rfs_server
rmonitor          560/udp    rmonitord
monitor           561/udp
ldaps             636/tcp    sldap                  #LDAP over TLS/SSL
doom              666/tcp                           #Doom Id Software
doom              666/udp                           #Doom Id Software
kerberos-adm      749/tcp                           #Kerberos
administration
kerberos-adm      749/udp                           #Kerberos
administration
kerberos-iv       750/udp                           #Kerberos version
IV
kpop             1109/tcp                           #Kerberos POP
phone            1167/udp                           #Conference
calling
ms-sql-s         1433/tcp                           #Microsoft-SQL-
Server
ms-sql-s         1433/udp                           #Microsoft-SQL-
Server
ms-sql-m         1434/tcp                           #Microsoft-SQL-
Monitor
ms-sql-m         1434/udp                           #Microsoft-SQL-
Monitor
wins             1512/tcp                           #Microsoft Windows
Internet Name Service
wins             1512/udp                           #Microsoft Windows
Internet Name Service
ingreslock       1524/tcp    ingres
l2tp             1701/udp                           #Layer Two
Tunneling Protocol
pptp             1723/tcp                           #Point-to-point
tunnelling protocol
radius           1812/udp                           #RADIUS
authentication protocol
radacct          1813/udp                           #RADIUS accounting
protocol
nfsd             2049/udp    nfs                    #NFS server
knetd            2053/tcp                           #Kerberos de-
multiplexor
man              9535/tcp                           #Remote Man Server
#########################################################################


Re: localhost:half-life

Here is a better list of connectons. All the other connections
were edited out.
######################
C:\Program Files\Netmon\process_list.txt
Timestamp: 10:18:30 PM Aug 03 07
Generated by: Netmon 1.57

Remote address : localhost:half-life
Local address  : 127.0.0.1:1034
Protocol       : TCP
Status         : Established
######################
Remote address : *:*
Local address  : 127.0.0.1:half-life
Protocol       : TCP
Status         : Listening
######################

Remote address : localhost:1034
Local address  : 127.0.0.1:half-life
Protocol       : TCP
Status         : Established
######################






Re: localhost:half-life


Quoted text here. Click to load it

The first two lines show one program on your computer talking
to another program on your computer (127.0.0.1 is localhost).

The third shows a program is listening for packets on the
port, that has the name half-life.  As David Lipman pointed out,
this will be in the file /etc/services.

I gather you're running mac os x, which I'm not familiar with,
but can you try running the command

netstat -utap

If it works, that will list all udp and tcp ports, and the name of
the program that's using it.

I expect when you look in /etc/services, you will find half-life
assigned as the name for port 26000, which is used by many of
the quake based games, such as Quakeworld, QuakeIII.

If you are running one of the quake based games, you may need to
alter your firewall settings to allow incoming packets on that port.

If you haven't opened up that port in your firewall, then having
the program listening for packets, won't hurt, as it won't see them.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Re: localhost:half-life

wrote:
Quoted text here. Click to load it

I don't know what file you mean, "etc/services".

Quoted text here. Click to load it

Windows XP SP2

Quoted text here. Click to load it

I ran netstat. The arguments didn't work. It didn't show much

Quoted text here. Click to load it

I don't play games at all.


Quoted text here. Click to load it

Using the program Netmon 1.57 I can kill the process
but it pops back up instantly.

Quoted text here. Click to load it
Have a safe & happy weekend
JNB




Site Timeline