PDA

View Full Version : New User - Help with Port 500

Sicilian
February 7th, 2003, 08:16 AM
Hello,

I'm a new user to Port Explorer and have a question. I am running WinXP behind a ZyWall 10II and using NIS2003. Port Explorer is highlighting lsass.exe on my local port 500 in red. It is shown as listening. I have attached a screen sample. Should I be concerned about this? Thanks alot!
Pieter_Arntz
February 7th, 2003, 08:29 AM
Hi Sicilian,

Welcome at Wilders. :)
Please read this thread: http://www.wilderssecurity.com/showthread.php?t=6989 and feel free to ask any questions you may have left.

Regards,

Pieter
Pilli
February 7th, 2003, 08:38 AM
Hi Sicilian, WinTasks Process Library

lsass - lsass.exe - Process Information
Process File: lsass or lsass.exe
Process Name: Local Security Authority Service
Description: The Windows Local Security Authority Server Process Handles Windows Security Mechanisms
Common Errors: N/A
System Process: Yes

It is a bonefide Windows exe.

I have inserted the attached .jpg of the PE "What is" lsiss.exe As you can see it is an MS certified file. A Trojan could rename itself to this but with PE it is easy to see that it is genuine.

If your read out is similar to this there is no problem - Have fun Pilli
Sicilian
February 7th, 2003, 08:43 AM
Yea, it looks the same to me...thanks to both of you for the quick responses and help-much appreciated!

Can someone explain the attached regarding the remote IP and port in red?
Sicilian
February 8th, 2003, 09:27 AM
Hi,

Still looking for an explanation regarding the "remote" Port 53 in the above screen capture.

Thanks.
Pieter_Arntz
February 8th, 2003, 09:33 AM
Hi Sicilian,

That is the connection to your DNS Server.
Roughly said: the server that looks up what IP address belongs to a www address.

Regards,

Pieter
Sicilian
February 8th, 2003, 09:46 AM
Thanks alot Pieter! I was concerned about RAT...
Pieter_Arntz
February 8th, 2003, 09:49 AM
Hi Sicilian,

In this case I wasn´t because the IP showing there is a typical network address.

Regards,

Pieter
Jason_DiamondCS
February 9th, 2003, 10:34 PM
Hi Sicilian, there is a small bug in Port Explorer causing lsass.exe to show up as red in some cases, this has been fixed in v1.400

v1.350 of Port Explorer added the ability to show the last port and IP of UDP addresses (something not many programs will show you) . So in v1.350+ you can now see windows going out for DNS requests on port 53 . You can also see a lot more information if you play computer games like Quake , Unreal , Warcraft or any UDP based network game or application.

-Jason-