|
Posted by Steven L Umbach on April 5, 2006, 12:20 am
Please log in for more thread options
Hard to say what is going on if you initially have found no listening
process. What you could do is use portqry from another computer on your
network to see what is found and install the port reporter service on the
computer to log port activity and review the logs to see if that port has
been used and if so by what process [if using Windows 2003 as Windows 2000
only reports port use]. Of course a routine scan for malware and spyware
would be a good idea if it has not been done in a while. --- Steve
http://support.microsoft.com/default.aspx?kbid=832919 -- Portqry command
line port scanner.
http://www.microsoft.com/downloads/details.aspx?FamilyID=69BA779B-BAE9-4243-B9D6-63E62B4BCD2E&displaylang=en
--- Port Reporter
> Hello.
>
> For a while I inadvertently had ports open in a firewall on an NT box
> connected to the Internet. There were no services on the ports.
>
> Firewall logs showed unblocked connection attempts with no
> responses...except for one port: 41523. An occasional probe of 41523 would
> typically consist of a connection attempt, one response, then another
> connection attempt with no response. Sometimes there would be a third
> connection attempt with no response.
>
> Netstat showed nothing listening on 41523, and I don't see any indication
> the system was compromised. But why a response only on that port, and only
> to the first attempt to connect?
>
> Is this just the TCP/IP stack replying with RST, then ignoring subsequent
> connection attempts? Could the reply be due to the type of scan, which I
> suspect has to do with the ARCserve Backup port 41523 vulnerability?
>
> thanx,
> nf
>
>
>
>
| 
XML Sitemap