On Mon, 8 Sep 2003 17:01:36 +0100, "Mimic" <> wrote:
>"Minder" <---@---.---> wrote in message
>news:.. .
>> Just installed Win2k SP4 and closed all ports but one.
>>
>> ----------------------------------
>> c:\>netstat -an
>> Proto Local Address Foreign Address State
>> TCP 0.0.0.0:1025 0.0.0.0:0 Listening
>>
>> c:\>fport
>> Pid Process Port Proto Path
>> 8 System --> 1025 TCP
>>
>> Process Explorer: shows "System Pid 8" as the parent of many child
>> processes such as SMSS, Winlogon and LSASS, so I'll assume it can't
>> be disabled.
>>
>> WinTask Pro: Describes "System" as the Microsoft Windows System
>> Process, and shows no path to an executable.
>> ---------------------------------
>>
>> Does anyone know what 'System' does, why it's listening on TCP 1025
>> and most importantly, how to make it stop ?
>>
>> Minder
>
>sounds like svchosts.exe to me.
I have two svchost processes with PID's 356 and 358.
My concern is with PID 8 "System", listening on 1025.
>If youre in an NT based platform (xp for example) try this
>
>C:\windows> netstat -ano
>(to get the pid of the process or i see you use fport)
>
>C:\windows> tasklist /svc -fi "pid eq XXX"
>(where XXX is the pid)
>
>Port 1025 shouldnt be running on your internet IP, it should just run on
>0.0.0.0 for system use.
I don't think Port 1025 is running on my Internet IP, its on 0.0.0.0.
I'm not sure I follow... I thought when netstat reports "Local Address
0.0.0.0:1025" as "Listening" to "Foreign Address 0.0.0.0:0" it means
the local computer is ready to accept connection attempts to port 1025
on any adapter (ppp,ethernet,modem,etc.) from ANY remote host.
e.g.
c:\>netstat -an
Proto Local Address Foreign Address State
TCP 0.0.0.0:1025 0.0.0.0:0 Listening
Are you saying 0.0.0.0 is reserved for system use and no remote host
can connect to it?
>I remeber we had a big discussion about this when tracker claimed it was
>redbroker trojan or some windows game.
Minder
|
Similar Threads
