View Full Version : Why are ports open with nod v2
June 23rd, 2003, 01:32 AM
It seems like ports
I didnt have these ports open until i installed nod v2
Now these are internal ports that are open so they are not open to outside world.
My question is why do they have to be open?? I didnt have these ports open with mcafee
I just dont think that a program should have any ports open to operate unless it calling out to the net
June 23rd, 2003, 01:37 AM
I wonder what this is also---keep in mind i dint have any of these show up untill i installed nod v2--thats why i was wondering--and i watch all my ports like a hawk .
Better to be safe than sorry.
I dont believe it is any kind of threat---i just want to know why.
June 23rd, 2003, 02:39 AM
I do not see NOD32 listening or holding any ports open on my system. As for alg.exe, I think that may be part of XP that provides support for ICS and Internet Connection Firewall (ICF). I do not use XP, perhaps someone that does can clarify if this is what you may be seeing.
June 23rd, 2003, 03:02 AM
I am running NODv2 on Win2kSP3 so I cannot comment on the XP side of things but I also do not see any openports from NOD aside from the hourly update check.
June 23rd, 2003, 03:02 AM
When I first got XP and put an early version of Zone Alarm on it, I would get these alerts about alg.exe accessing the network. I researched it and found out that it was related to the built-in XP firewall (ICF) and accesses being made through it, which triggered these activations and therefore the alerts. (I had not, but should have disabled ICF since I had ZAP running. ::) )
After cleaning up the running services, ICF among them, alg.exe (and many others) went away and reduced the number of programs running and ports listening.
NOD, if you don't have ICF running, then let us know that because then there is something strange occurring.
The ports 3002 and 3003 looked familiar to me so I looked at my early XP configuration notes and found references to allowing them through ZAP (incoming TCP), however, my notes are incomplete and it does not say what they were related to (and they were removed about 2 years ago, so I don't remember what they were).
NOD, have you looked at these ports with a port-to-process mapper to identify the exact program that is holding them open? (They are listening locally on 127.0.0.1, right? That's what they were on my XP system.) If you are running Windows XP you can use the command: "netstat -ano" - The little "o" (oh) adds an extra column to the netstat output which includes the Process ID (PID) of the program using the port. You can look the PIDs up in the Task Manager to identify the program.
June 23rd, 2003, 03:26 AM
I quess the older i get the more forgetful i get.I just did a format and turned the firewall on that is built into xp pro.
I forgot to turn it off after i got everything reinstalled.I quess it keeps these ports open by default.
Everything is fine now--i only show port 135 as being open but that is an inner port and it is visable to the outside world as stealth.
Thx for helping me out and making me feel older and more forgetful now.
By the way water--how is tiny 5.0 working for u ---i tried it but it wouldnt let me connect to the net?? And it wouldnt take my keycode from tiny 4.5.
Anyway--this is why forums are so great.
June 23rd, 2003, 03:35 AM
Glad you got that all fixed NOD !
Re: TPF 5.0 - I'm not ready to report anything on that yet. Whole lots yet to do. ;)
vBulletin® Copyright ©2000-2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums