What are these tcp ports?

Discussion in 'Computer Security' started by Doug Fox, Oct 17, 2005.

  1. Doug Fox

    Doug Fox Guest

    Did an internal port scan on a number of Windows Server 2003 and found the
    following ports, but they seems weired. Any
    comments/suggestions/information are thankful.

    85 (MIT ML Device)
    264 (BGMP)
    039 (Streamlined Blackhole)
    1041 (AK2 Product)
    1043 (BONIC Client Control)
    $1051 (Optima VNET)
    1052 (Dynamic DNS Tools)
    1074 (FASTechnologies License Manager)
    1098 (RMI Activation)
    1106 (ISOIPSIGPORT-1)
    1119 (Battle.net Chat/Game Protocol)
    1208 (SEAGULL AIS)
    1264 (PRAT)
    1302 (Cl3-Software-2)
    1360 (MIMER)
    1366 (Novell NetWare Comm Service Platform) - We don't have Novell stuff on
    our network!!
    1378 Elan License Manager
    4000 (Terabase)
    5998 (Asp module for Apache servers(
    6001 (Rainbow SuperPro Net network Services)
    6071 (SSDTP)
    6502 (BoKS Servm)
    6503 (BoKS Clntd)
    6504 ??

    Best regards,
     
    Doug Fox, Oct 17, 2005
    #1
    1. Advertisements

  2. Doug Fox

    Chuck Guest

    Doug,

    Suspecting a malware problem, why not start by checking for malware.
    <http://nitecruzr.blogspot.com/2005/05/dealing-with-malware-adware-spyware.html>

    Knowing that malware will use any ports that it considers convenient, not
    according to registration, look at those ports using TCPView (free) from
    <http://www.sysinternals.com/ntw2k/source/tcpview.shtml>

    Once you identify the process(es) that have opened those ports, find the
    relevant program modules, and submit them for analysis to Jotti and VirusTotal.
    Find all components of those processes using Process Explorer (also free), and
    run interesting components thru Jottia dn VirusTotal too.
    <http://virusscan.jotti.org/>
    <http://www.virustotal.com/flash/index_en.html>
    <http://www.sysinternals.com/ntw2k/freeware/procexp.shtml>

    --
    Cheers,
    Chuck, MS-MVP [Windows - Networking]
    http://nitecruzr.blogspot.com/
    Paranoia is not a problem, when it's a normal response from experience.
    My email is AT DOT
    actual address pchuck mvps org.
     
    Chuck, Oct 17, 2005
    #2
    1. Advertisements

  3. Doug Fox

    Winged Guest

    Seems odd to me since by default server 2003 Is locked down requiring
    ports to be opened specifically. What software is installed on system?
    I see battlenet which indicates at least 1 game service. It is
    running BOINC which is a distributed computing platform.
    The novell stuff is required for IPX. there is a virtual net installed
    on system.

    All of the nfo can be googled. Seems pretty straight forward to me.

    This appears to be someones game server, I suspect perhaps battlenet
    itself, though I haven't checked. But there are some pricey toys
    installed on system, seems like one who administered such a system would
    know what was there.

    Winged
     
    Winged, Oct 17, 2005
    #3
  4. <snip>

    http://www.codecutters.org/resources/knownports.html
    http://www.codecutters.org/resources/regports.html

    and their lik are the official lists: I would have half-suspected a mix-up
    with ephermeral posts, but for that glaring port 85.

    A few seconds in Google found this:
    http://www.doshelp.com/Ports/Trojan_Ports.htm

    There's a new -b parameter in XP's netstat - not sure if that's in 2003
    (although I'd have thought so). systinternals.com provide duplicate
    functionality, if you'd care to download.

    HTH

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Oct 17, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.