Announcement

Collapse
No announcement yet.

Ports Question

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ports Question

    In mIRC, upon loading, I get this:

    Current Ports in Use
    ...
    1042 :: BLA trojan

    Does that mean that a trojan is using this port? I ran `netstat -n` and `netstat` and 1042 wasn't even in use.. I ran NAVP2003, Trend Micro's House call, and BPS Spyware (Trojans, keyloggers) Remover.. and everything was clean.. O_o
    "63,000 bugs in the code, 63,000 bugs, you get 1 whacked with a service pack, now there's 63,005 bugs in the code."
    "Before you critisize someone, walk a mile in their shoes. That way, when you critisize them, you're a mile away and you have their shoes."
    Utopia Software - Current Software: Utopia News Pro (news management system)

  • #2
    netstat -a
    is what you like to use.

    Do you use any scripts in mIRC that you didn't write yourself ?

    Comment


    • #3
      Originally posted by xiphoid
      netstat -a
      is what you like to use.

      Do you use any scripts in mIRC that you didn't write yourself ?
      Eep, 1042 is indeed open. :O
      It's foreign IP is just *:*...and nothing under Status (No 'established' or 'listening).. How do I close the port?

      The only script I use is Invision...
      "63,000 bugs in the code, 63,000 bugs, you get 1 whacked with a service pack, now there's 63,005 bugs in the code."
      "Before you critisize someone, walk a mile in their shoes. That way, when you critisize them, you're a mile away and you have their shoes."
      Utopia Software - Current Software: Utopia News Pro (news management system)

      Comment


      • #4
        google showed me:

        According to the official RFC, dynamic allocations are technically supposed to be used only in the very high port ranges, but it seems that Microsoft has decided instead to use the mid-range values of 1024 ... 5000 for this purpose. (The Microsoft dynamic allocation routine only allocates a port if it is not already active, therefore it doesn't ever interfere with, or clobber, any existing services that may be legitimately running in that range). So if you run the Port Scanner against a Windows machine and find activity on, say, "Port 1042 -- Bla 1.1 Trojan" do not be so alarmed. Port 1042 often turns out to be one of the ports that a Windows server will dynamically use to manage its resources.

        Comment


        • #5
          Originally posted by CeleronXT
          In mIRC, upon loading, I get this:

          Current Ports in Use
          ...
          1042 :: BLA trojan

          Does that mean that a trojan is using this port? I ran `netstat -n` and `netstat` and 1042 wasn't even in use.. I ran NAVP2003, Trend Micro's House call, and BPS Spyware (Trojans, keyloggers) Remover.. and everything was clean.. O_o
          IRC never uses that low a port, even with a script it shouldnt.
          what network where you accessing?
          It almost always will use 6666 or 6667 to connect..
          MCSE, MVP, CCIE
          Microsoft Beta Team

          Comment


          • #6
            Originally posted by xiphoid
            google showed me:
            Then why is it called Bla Trojan if it's a Microsoft thing...?
            "63,000 bugs in the code, 63,000 bugs, you get 1 whacked with a service pack, now there's 63,005 bugs in the code."
            "Before you critisize someone, walk a mile in their shoes. That way, when you critisize them, you're a mile away and you have their shoes."
            Utopia Software - Current Software: Utopia News Pro (news management system)

            Comment


            • #7
              A Trojan probably also shares the same port. So it could either be Windows or a Trojan.

              Run an AV scanner to make sure
              Raz - KMC Forums

              Comment


              • #8
                I've run multiple scanners, NAVP2003, Trend Micro HouseCall, and BPS Trojan searcher thing..

                But that excerpt says to not be alarmed if you see Port 1042 -- Bla 1.1 Trojan.... O_o
                "63,000 bugs in the code, 63,000 bugs, you get 1 whacked with a service pack, now there's 63,005 bugs in the code."
                "Before you critisize someone, walk a mile in their shoes. That way, when you critisize them, you're a mile away and you have their shoes."
                Utopia Software - Current Software: Utopia News Pro (news management system)

                Comment


                • #9
                  Close the port with your firewall software.
                  Translations provided by Google.

                  Wayne Luke
                  The Rabid Badger - a vBulletin Cloud demonstration site.
                  vBulletin 5 API

                  Comment


                  • #10
                    ZoneAlarm Pro.. can't find any settings for specific ports.. O_o
                    "63,000 bugs in the code, 63,000 bugs, you get 1 whacked with a service pack, now there's 63,005 bugs in the code."
                    "Before you critisize someone, walk a mile in their shoes. That way, when you critisize them, you're a mile away and you have their shoes."
                    Utopia Software - Current Software: Utopia News Pro (news management system)

                    Comment


                    • #11
                      That is why I use SyGate,
                      then I also know what kind of package gets send through it, or who wants to connect and what contains in the package. And you get a good log file to send to any ISP for any possible hacking attempt.

                      Since you are not sure that anybody has ever used it, as soon as you blocked it in/out - log all attempts, and start changing your passwords.

                      Comment


                      • #12
                        Grabbed Sygate.. Looking good.. Nothing's running on that port anymore.
                        "63,000 bugs in the code, 63,000 bugs, you get 1 whacked with a service pack, now there's 63,005 bugs in the code."
                        "Before you critisize someone, walk a mile in their shoes. That way, when you critisize them, you're a mile away and you have their shoes."
                        Utopia Software - Current Software: Utopia News Pro (news management system)

                        Comment


                        • #13
                          Originally posted by CeleronXT
                          ZoneAlarm Pro.. can't find any settings for specific ports.. O_o
                          Get a better Firewall. Zonealarm is the candy in the front of the store to lure children inside. For a technical person it is worthless. I also use Sygate's products on all of my computers.
                          Translations provided by Google.

                          Wayne Luke
                          The Rabid Badger - a vBulletin Cloud demonstration site.
                          vBulletin 5 API

                          Comment


                          • #14
                            Originally posted by Wayne Luke
                            Get a better Firewall. Zonealarm is the candy in the front of the store to lure children inside. For a technical person it is worthless. I also use Sygate's products on all of my computers.
                            ZoneAlarm (free) is pretty much worthless for customizability, but I use ZA Pro and it works perfectly fine for me. I'm able to open up specific ports for specific programs (i.e., my port for Apache).

                            Haven't tried their stuff though but I haven't found a need to change. I also have my router's firewall but strangely enough a lot of stuff gets through that.
                            --filburt1, vBulletin.org/vBulletinTemplates.com moderator
                            Web Design Forums.net: vB Board of the Month
                            vBulletin Mail System (vBMS): webmail for your forum users

                            Comment


                            • #15
                              I used Zone Alarm Pro in the Windows 98 days. However when I upgraded to Windows XP, Zone Alarm didn't work at all, even the new version that was supposed to fix the problems. Since they couldn't get their act together in the 6 months between the release of Windows XP and the time I upgraded, they were worthless to me.

                              The free version of Sygate Personal Firewall is comparable to Zone Alarm Pro. The professional version is much better though. I am glad that Zone Alarm screwed up. They made me open my eyes to real firewall software.
                              Translations provided by Google.

                              Wayne Luke
                              The Rabid Badger - a vBulletin Cloud demonstration site.
                              vBulletin 5 API

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X