Port 1033 (netinfo) port is open - what's it for and how do I close it

I've run Shields up (www.grc.com) to test a clients new Wingate Pro firewall
on Win2000 server sp4.
Ideally I'd like all ports to be in full stealth mode.

The problem is that I'm seeing Port 1033 which I'm told is local netinfo
port open.

Now I know what you're thinking 'netspy' - but I don't think so.

Norton AV with latest definitions doesn't see it and neither does Mcafee's
excellent online scan.

I can't see what process might be using this port or what it's using it for.
I'm downloading fport and I'll try that the next time I'm onsite - but I was
hoping one of you kind folk would have an idea.

Hopefully,

Neil

Ireland

Neil Armstrong

"Neil Armstrong" <> wrote in message
news:uq%...
> I've run Shields up (www.grc.com) to test a clients new Wingate Pro
firewall
> on Win2000 server sp4.
> Ideally I'd like all ports to be in full stealth mode.
>
> The problem is that I'm seeing Port 1033 which I'm told is local netinfo
> port open.
>
> Now I know what you're thinking 'netspy' - but I don't think so.
>
> Norton AV with latest definitions doesn't see it and neither does Mcafee's
> excellent online scan.
>
> I can't see what process might be using this port or what it's using it
for.
> I'm downloading fport and I'll try that the next time I'm onsite - but I
was
> hoping one of you kind folk would have an idea.

One excellent (and free) program you can download to see which programs are
bound to which ports is TCPView by Sysinternals:

http://www.sysinternals.com/ntw2k/source/tcpview.shtml

That should tell what's listening on 1033 (can you telnet to it?). May just
be another of Microsoft's useful services.

-Tim


>
> Hopefully,
>
> Neil
>
> Ireland
>
>

Tim H.

"Neil Armstrong" <> wrote in message
news:uq#...
> I've run Shields up (www.grc.com) to test a clients new Wingate Pro
firewall
> on Win2000 server sp4.
> Ideally I'd like all ports to be in full stealth mode.
>
> The problem is that I'm seeing Port 1033 which I'm told is local netinfo
> port open.
>
> Now I know what you're thinking 'netspy' - but I don't think so.
>
> Norton AV with latest definitions doesn't see it and neither does Mcafee's
> excellent online scan.
>
> I can't see what process might be using this port or what it's using it
for.
> I'm downloading fport and I'll try that the next time I'm onsite - but I
was
> hoping one of you kind folk would have an idea.
>
> Hopefully,
>
> Neil
>
> Ireland
>
>

I havent actually used 2K myself but its basis are similar to XP, you might
find this will help (from the console):

netstat -ano

tasklist /svc -fi "pid eq XXX"

where XXX is the pid of the process of port 1033 that you should get from
the netstat.

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

Mimic

On an XP machine running IIS, this is what I get:


Image Name PID Services
========================= ======
=============================================
inetinfo.exe 1924 IISADMIN, W3SVC


"Mimic" <> wrote in message
news:...
> "Neil Armstrong" <> wrote in message
> news:uq#...
> > I've run Shields up (www.grc.com) to test a clients new Wingate Pro
> firewall
> > on Win2000 server sp4.
> > Ideally I'd like all ports to be in full stealth mode.
> >
> > The problem is that I'm seeing Port 1033 which I'm told is local netinfo
> > port open.
> >
> > Now I know what you're thinking 'netspy' - but I don't think so.
> >
> > Norton AV with latest definitions doesn't see it and neither does
Mcafee's
> > excellent online scan.
> >
> > I can't see what process might be using this port or what it's using it
> for.
> > I'm downloading fport and I'll try that the next time I'm onsite - but I
> was
> > hoping one of you kind folk would have an idea.
> >
> > Hopefully,
> >
> > Neil
> >
> > Ireland
> >
> >
>
> I havent actually used 2K myself but its basis are similar to XP, you
might
> find this will help (from the console):
>
> netstat -ano
>
> tasklist /svc -fi "pid eq XXX"
>
> where XXX is the pid of the process of port 1033 that you should get from
> the netstat.
>
> --
> Mimic
>
> "Without Knowledge you have fear, With fear you create your own
nightmares."
> "There are 10 types of people in this world. Those that understand Binary,
> and those that dont."
> "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
> when you do, it blows away your whole leg"
>
>
>

Bill Sanderson