New User - Help with Port 500

Discussion in 'Port Explorer' started by Sicilian, Feb 7, 2003.

Thread Status:
Not open for further replies.
  1. Sicilian

    Sicilian Registered Member

    Joined:
    Feb 7, 2003
    Posts:
    4
    Hello,

    I'm a new user to Port Explorer and have a question. I am running WinXP behind a ZyWall 10II and using NIS2003. Port Explorer is highlighting lsass.exe on my local port 500 in red. It is shown as listening. I have attached a screen sample. Should I be concerned about this? Thanks alot!
     

    Attached Files:

  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi Sicilian,

    Welcome at Wilders. :)
    Please read this thread: http://www.wilderssecurity.com/showthread.php?t=6989 and feel free to ask any questions you may have left.

    Regards,

    Pieter
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Sicilian, WinTasks Process Library

    lsass - lsass.exe - Process Information
    Process File: lsass or lsass.exe
    Process Name: Local Security Authority Service
    Description: The Windows Local Security Authority Server Process Handles Windows Security Mechanisms
    Common Errors: N/A
    System Process: Yes

    It is a bonefide Windows exe.

    I have inserted the attached .jpg of the PE "What is" lsiss.exe As you can see it is an MS certified file. A Trojan could rename itself to this but with PE it is easy to see that it is genuine.

    If your read out is similar to this there is no problem - Have fun Pilli
     

    Attached Files:

  4. Sicilian

    Sicilian Registered Member

    Joined:
    Feb 7, 2003
    Posts:
    4
    Yea, it looks the same to me...thanks to both of you for the quick responses and help-much appreciated!

    Can someone explain the attached regarding the remote IP and port in red?
     

    Attached Files:

  5. Sicilian

    Sicilian Registered Member

    Joined:
    Feb 7, 2003
    Posts:
    4
    Hi,

    Still looking for an explanation regarding the "remote" Port 53 in the above screen capture.

    Thanks.
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi Sicilian,

    That is the connection to your DNS Server.
    Roughly said: the server that looks up what IP address belongs to a www address.

    Regards,

    Pieter
     
  7. Sicilian

    Sicilian Registered Member

    Joined:
    Feb 7, 2003
    Posts:
    4
    Thanks alot Pieter! I was concerned about RAT...
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi Sicilian,

    In this case I wasn´t because the IP showing there is a typical network address.

    Regards,

    Pieter
     
  9. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Hi Sicilian, there is a small bug in Port Explorer causing lsass.exe to show up as red in some cases, this has been fixed in v1.400

    v1.350 of Port Explorer added the ability to show the last port and IP of UDP addresses (something not many programs will show you) . So in v1.350+ you can now see windows going out for DNS requests on port 53 . You can also see a lot more information if you play computer games like Quake , Unreal , Warcraft or any UDP based network game or application.

    -Jason-
     
Thread Status:
Not open for further replies.