Open ports 135 & 1032?

Hi Guys,
I've always passed GRC's ShieldsUP test with just my XP Firewall, but admittedly, I haven't i haven't done one for a while.
Well, tonight I was a bit disturbed to do the test and find ports 135 and 1032 open!!
I haven't had any problems, all scans are clean and my HJT log looks OK.
I suppose I'm looking for a bit of advice and I'm really concerned as to why these ports are now open...
Googled a bit and found a little app by gkweb here http://www.firewallleaktester.com/wwdc.htm but haven't used it yet. Can't really find much on port 1032.
Any advice for the dumb Aussie?
TIA,
Brad.

 

Thanks Ron.

 

GK app is nice ... completely safe to use.

You may get a warning about svchost memory usage ... when I reformatted and reinstalled with SP2 ... I did get a warning on a clean install, which I never got with SP1 ... so I guess the memory usage increased with SP2 and it gets flagged. Of course once I went thru and disabled many of the NT services (using BV as a reference) it no longer got flagged.

What firewall are you using?

Steve

 

Thanks Steve, just XP ICF...
That app will sort 135? ...but what about 1032?

 

Truly I'd run a dedicated Software Firewall, the are many good free ones available (I'd suggest Kerio either 2.x -or- 4.x) ... for added protection add a Hardware Firewall, they're really reasonably priced now a days, and will block all unrequested inbound packets, allowing your SW/FW to concentrate on outbound control.

Back On-Topic

I don't know why that port is open, it shouldn't be. GRC doesn't have any info listed ... it maybe spyware related. Could you DL and trial DCS port explorer and check to see what process is using that port and check it's info? Also if the trial allows "Spying" add that PID (process id) and see what info is in those packets. Also do a who's this on the remote address. From there you can further investigate using Sysinternals Process Explorer.

Steve

 

Thanks Steve. Disabled 135 with gkweb's app and ran test again. It appears to have closed both now?
I'm interested to know what might 'stop working' now....thought I read that 135 is used by some apps for live updating??

 

It won't affect anything. It doesn't need to open nor should it be.

Here's GRC info on 135 -> http://www.grc.com/port_135.htm

Steve

 

Thanks again. Yeah, I'd read that after one of the tests.
Anyway, I've had a couple of reboots and run the test a couple more times.....all good! ......so far!......fingers crossed.
Cheers.

 

Hi Brad

The XP firewall should block all unsolicited inbounds. Just curious what, if anything, you had configured under exceptions?

Regards,

CrazyM