PDA

View Full Version : Active Ports reports "Unknown"...

Lost_Prophet
April 4th, 2002, 09:40 AM
I've got "Unknown" processes and would like to know what they could be. *Here is an export of my log...

Unknown * * *0 * * *68.46.226.160 * * *1795 * * *24.153.64.3 * * *110 * * *TIME_WAIT * * *TCP * * *
Unknown * * *0 * * *68.46.226.160 * * *1796 * * *24.153.64.3 * * *110 * * *TIME_WAIT * * *TCP * * *
Unknown * * *0 * * *127.0.0.1 * * *1798 * * *127.0.0.1 * * *8080 * * *TIME_WAIT * * *TCP * * *
Unknown * * *0 * * *127.0.0.1 * * *1854 * * *127.0.0.1 * * *8080 * * *TIME_WAIT * * *TCP * * *
Unknown * * *0 * * *127.0.0.1 * * *1921 * * *127.0.0.1 * * *8080 * * *TIME_WAIT * * *TCP * * *
Unknown * * *0 * * *127.0.0.1 * * *1936 * * *127.0.0.1 * * *8080 * * *TIME_WAIT * * *TCP * * *
Unknown * * *0 * * *127.0.0.1 * * *1984 * * *127.0.0.1 * * *8080 * * *TIME_WAIT * * *TCP * * *
Unknown * * *0 * * *127.0.0.1 * * *2002 * * *127.0.0.1 * * *8080 * * *TIME_WAIT * * *TCP * * *
Unknown * * *0 * * *127.0.0.1 * * *1949 * * *127.0.0.1 * * *8080 * * *TIME_WAIT * * *TCP * * *
Unknown * * *0 * * *68.46.226.160 * * *2024 * * *24.153.64.3 * * *110 * * *TIME_WAIT * * *TCP * * *
Unknown * * *0 * * *68.46.226.160 * * *2022 * * *24.153.64.3 * * *110 * * *TIME_WAIT * * *TCP * * *
Unknown * * *0 * * *127.0.0.1 * * *2032 * * *127.0.0.1 * * *8080 * * *TIME_WAIT * * *TCP * * *
Unknown * * *0 * * *127.0.0.1 * * *2050 * * *127.0.0.1 * * *8080 * * *TIME_WAIT * * *TCP * * *
Unknown * * *0 * * *127.0.0.1 * * *2084 * * *127.0.0.1 * * *8080 * * *TIME_WAIT * * *TCP * * *
Unknown * * *0 * * *68.46.226.160 * * *2130 * * *206.171.171.1 * * *80 * * *TIME_WAIT * * *TCP * * *
Unknown * * *0 * * *127.0.0.1 * * *2291 * * *127.0.0.1 * * *8080 * * *TIME_WAIT * * *TCP * * *
Unknown * * *0 * * *127.0.0.1 * * *2713 * * *127.0.0.1 * * *8080 * * *TIME_WAIT * * *TCP * * *
Unknown * * *0 * * *127.0.0.1 * * *2799 * * *127.0.0.1 * * *8080 * * *TIME_WAIT * * *TCP * * *
Unknown * * *0 * * *127.0.0.1 * * *8080 * * *127.0.0.1 * * *3031 * * *TIME_WAIT * * *TCP * * *

Thanks. *I have no idea if there is anything here I should be concerned about...
puff-m-d
April 4th, 2002, 10:44 AM
The port 8080 that is listed numerous times is usually opened by a proxy service of some kind. *Are you using a proxy or a program like Proxomitron?

Port 110 is usually your e-mail client such as Outlook or Outlook Express. *Do you have it open?

Poet 80 is usually your browser such as IE or Opera. *Do you have it open?

I am not sure about port 3031. *Maybe someone else can help on this one.

More than likely these are nothing to worry about.

HTH a little bit,
Kent
Lost_Prophet
April 4th, 2002, 12:17 PM
I use Web Washer. *That might be using port 8080.
I also use IE and Outlook, so those make sense.

As for the others, I'm clueless. * :)

Thanks.
puff-m-d
April 4th, 2002, 12:37 PM
I checked on port 3031 and a trojan called RAT.MicroSpy uses that port. *I would definitely scan your system with a good trojan scanner. *If you do not have one, I would recommend you to DL the trial v©†E3(Z@¸°en do a complete system scan.

I do not know if you use a FW or not, but I use and recommend KerioPFW. One it is free and then something else it does is map all open/listening ports back to the process that has them open. *I have never had a port being seen as open or closed, just stealth using this product. *It is simple but very effective.

HTH.

Regards,
Kent
Lost_Prophet
April 4th, 2002, 01:13 PM
Thanks.

I"m using Zone Alarm Standard for a Firewall and will be switching to ZA Pro v 2.6x either today or tomorrow. *I will be sure to block port 3031