managing add ons

[cheryl006]

under tools the file TCP/UDP shows I have 5 TCP's with foreign addresses of 0.0.0.0:0 on different ports and it says the status is " listening". Is this safe? and should it be deleted? I so not see any information on how to handle this situation or what it means. thank you for any help. cheryl

[enoskype]

cheryl006,

 

If you give us the numbers of the 5 TCP listening local ports, I will try to define which is what and if it is quite safe.

 

FYI

I have 12 of them.

[cheryl006]

ports

 

they are ports 135, 445, 2869, 1025, 1030, 139, all say they are listening.

[enoskype]

Hi cherly006,

 

Since those ports are listening to "0.0.0.0:0" foreign address, there's no active connection. (0.0.0.0 is the official nil target.) So basically it is safe. 135, 139, 445 are same in mine also.

I have given the numbers of mine so you don't panic if you misinterpret the below explanations.

 

Please go to: Shields_Up!

and click the button "proceed" and click first:"File Sharing", secondly try: "Common Ports", and to check all your ports: click "All Service Ports".

Follow the instructions.

The result will show you how vulnerable your PC's ports are to outside attacks.

 

THE KNOWLEDGE BELOW IS FOR INFORMATION PURPOSE

 

Decimal/tcp => Keyword _/__Description

------- ---------- -----------------------

________________________________________________________________________________________

135/tcp => epmap /DCE endpoint resolution

=> dcom-scm Microsoft's DCOM (Distributed, i.e.networked, COM) Service Control Manager.

(also known as the RPC Endpoint Mapper)

The SCM server running on the user's computer opens port 135 and listens for incoming requests from clients wishing to locate the ports where DCOM services can be found on that machine.

 

Virus / Trojan: No

________________________________________________________________________________________

445/tcp => microsoft-ds /Microsoft-DS

Microsoft Directory Services

This port replaces the notorious Windows NetBIOS trio (ports 137-139), for all versions of Windows after NT. The preferred port for carrying Windows file sharing and numerous other services.

 

Virus / Trojan: No

_______________________________________________________________________________________

2869/tcp => icslap /ICSLAP

TCP port 2869 uses the Transmission Control Protocol. TCP is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered on port 2869 in the same order in which they were sent. Guaranteed communication over port 2869 is the key difference between TCP and UDP

 

Virus / Trojan: No

_______________________________________________________________________________________

1025/tcp => blackjack /network blackjack

Microsoft operating systems tend to allocate one or more unsuspected, publicly exposed services (probably DCOM, but who knows) among the first handful of ports immediately above the end of the service port range (1024+).

PORT 1025 - Information

Port Number: 1025

TCP / UDP: TCP

Delivery: Yes

Protocol / Name: blackjack,listener

FraggleRock

md5Backdoor

NetSpy

RemoteStorm

---------------

Port Description: System V R3 listener; used by uucp

Fraggle Rock

md5 Backdoor

NetSpy

Remote Storm

 

Virus / Trojan: Yes, Caution!

________________________________________________________________________________________

 

1030/tcp => iad1 /BBN IAD

Same as 1025

 

Virus / Trojan: No

________________________________________________________________________________________

 

139/tcp => netbios-ssn /NETBIOS Session Service

TCP NetBIOS connections are made over this port, usually with Windows machines but also with any other system running Samba (SMB). These TCP connections form "NetBIOS sessions" to support connection oriented file sharing activities.

PORT 139 - Information

Port Number: 139

TCP / UDP: TCP

Delivery: Yes

Protocol / Name:

Sadmind

Network

SMBRelay

Chode

GodMessageworm

Msinit

Netlog

netbios-ssn

---------------

Port Description:

Sadmind

Network

SMB Relay

Chode

God Message worm

Msinit

Netlog

A principle rqmt for NetBIOS services on MS hosts (Win9x/ME/NT/Win2000). TCP 139 is used for directory replication, event viewer, file sharing, logon sequence, pass-thru validation, performance monitoring, printing, registry editor, server manager, trusts, user manager, WinNT Diagnostics, and WinNT Secure Channel.Security Concerns: Key target in auth & DOS attacks, plus sniffer capture of sensitive data transfers. Block at all perimeters; NIC-filter on public-exposed MS hosts

 

Virus / Trojan: Yes, Caution!

_________________________________________________________

 

I hope this is helpful to you.

[solbjerg]

cheryl006,

 

If you give us the numbers of the 5 TCP listening local ports, I will try to define which is what and if it is quite safe.

 

FYI

I have 12 of them.

 

Hi enoskype

I have 12 too and 22 UDP, only 3 TCp Allowed just now and at the moment with one of them having a Time-out, the rest (9) listening.

greetings solbjerg

[MattLee]

under tools the file TCP/UDP shows I have 5 TCP's with foreign addresses of 0.0.0.0:0 on different ports and it says the status is " listening". Is this safe? and should it be deleted? I so not see any information on how to handle this situation or what it means. thank you for any help. cheryl

 

besides the steps the guy below me suggested i also recommend downloading 2 free microsoft products. one is TCPView and the other ProcessExplorer. process explorer is replacement for task manager and far more detailed while TCPView is tcp/udp application that checks all ports and does a decent job at it, and neither need installing