What are these tcp ports?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Did an internal port scan on a number of Windows Server 2003 and found the
following ports, but they seems weired.  Any
comments/suggestions/information are thankful.

85 (MIT ML Device)
264 (BGMP)
039 (Streamlined Blackhole)
1041 (AK2 Product)
1043 (BONIC Client Control)
$1051 (Optima VNET)
1052 (Dynamic DNS Tools)
1074 (FASTechnologies License Manager)
1098 (RMI Activation)
1119 (Battle.net Chat/Game Protocol)
1264 (PRAT)
1302 (Cl3-Software-2)
1360 (MIMER)
1366 (Novell NetWare Comm Service Platform) - We don't have Novell stuff on
our network!!
1378 Elan License Manager
4000 (Terabase)
5998 (Asp module for Apache servers(
6001 (Rainbow SuperPro Net network Services)
6071 (SSDTP)
6502 (BoKS Servm)
6503 (BoKS Clntd)
6504 ??

Best regards,

Re: What are these tcp ports?


Quoted text here. Click to load it


Suspecting a malware problem, why not start by checking for malware.

Knowing that malware will use any ports that it considers convenient, not
according to registration, look at those ports using TCPView (free) from

Once you identify the process(es) that have opened those ports, find the
relevant program modules, and submit them for analysis to Jotti and VirusTotal.
Find all components of those processes using Process Explorer (also free), and
run interesting components thru Jottia dn VirusTotal too.

Chuck, MS-MVP [Windows - Networking]
http://nitecruzr.blogspot.com /
Paranoia is not a problem, when it's a normal response from experience.
My        email         is          AT         DOT
   actual       address    pchuck       mvps        org.

Re: What are these tcp ports?

Doug Fox wrote:
Quoted text here. Click to load it
Seems odd to me since by default server 2003 Is locked down requiring
ports to be opened specifically.  What software is installed on system?
  I see battlenet which indicates at least 1 game service.  It is
running BOINC which is a distributed computing platform.
The novell stuff is required for IPX. there is a virtual net installed
on system.

All of the nfo can be googled.  Seems pretty straight forward to me.

This appears to be someones game server, I suspect perhaps battlenet
itself, though I haven't checked.  But there are some pricey toys
installed on system, seems like one who administered such a system would
know what was there.


Re: What are these tcp ports?

Quoted text here. Click to load it



and their lik are the official lists: I would have half-suspected a mix-up
with ephermeral posts, but for that glaring port 85.

A few seconds in Google found this:

There's a new -b parameter in XP's netstat - not sure if that's in 2003
(although I'd have thought so). systinternals.com provide duplicate
functionality, if you'd care to download.


Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

Site Timeline