New User - Help with Port 500

Hello,

I'm a new user to Port Explorer and have a question. I am running WinXP behind a ZyWall 10II and using NIS2003. Port Explorer is highlighting lsass.exe on my local port 500 in red. It is shown as listening. I have attached a screen sample. Should I be concerned about this? Thanks alot!

 

Hi Sicilian,

Welcome at Wilders.
Please read this thread: http://www.wilderssecurity.com/showthread.php?t=6989 and feel free to ask any questions you may have left.

Regards,

Pieter

 

Hi Sicilian, WinTasks Process Library

lsass - lsass.exe - Process Information
Process File: lsass or lsass.exe
Process Name: Local Security Authority Service
Description: The Windows Local Security Authority Server Process Handles Windows Security Mechanisms
Common Errors: N/A
System Process: Yes

It is a bonefide Windows exe.

I have inserted the attached .jpg of the PE "What is" lsiss.exe As you can see it is an MS certified file. A Trojan could rename itself to this but with PE it is easy to see that it is genuine.

If your read out is similar to this there is no problem - Have fun Pilli

 

Yea, it looks the same to me...thanks to both of you for the quick responses and help-much appreciated!

Can someone explain the attached regarding the remote IP and port in red?

 

Hi,

Still looking for an explanation regarding the "remote" Port 53 in the above screen capture.

Thanks.

 

Hi Sicilian,

That is the connection to your DNS Server.
Roughly said: the server that looks up what IP address belongs to a www address.

Regards,

Pieter

 

Thanks alot Pieter! I was concerned about RAT...

 

Hi Sicilian,

In this case I wasn´t because the IP showing there is a typical network address.

Regards,

Pieter

 

Hi Sicilian, there is a small bug in Port Explorer causing lsass.exe to show up as red in some cases, this has been fixed in v1.400

v1.350 of Port Explorer added the ability to show the last port and IP of UDP addresses (something not many programs will show you) . So in v1.350+ you can now see windows going out for DNS requests on port 53 . You can also see a lot more information if you play computer games like Quake , Unreal , Warcraft or any UDP based network game or application.

-Jason-