Open ports by process

Discussion in 'malware problems & news' started by Joe, Aug 24, 2002.

Thread Status:
Not open for further replies.
  1. Joe

    Joe Guest

    I have a server with a few open ports. I can't find what processes have them open.

    What is a program that can show which ports are open by what processes?

    Thanks
     
  2. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    a decent firewall should have no problems. I use Kerio Personal Firewall. It does a fine job.
     
  3. You forgot to say what OS you are using for this server...

    Also tell me if you have a router and what Firewall you are running if anyo_O?

    but I am going to assume it is Win2000...

    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q263201

    Default Processes in Windows 2000 (Q263201)

    \
    The information in this article applies to:


    Microsoft Windows 2000 , Professional




    SUMMARY
    This article describes the processes which run by default in Microsoft Windows 2000. These processes can be viewed using Task Manager.
    ---------------------------------------------------------------------------


    Next...to understand all about the various services that make up Svchost.exe. It is not just one process but rather an .exe file that allows many different services to function through it..many of which go out to the internet..you must decided in your setup which ones you really need. If you do not tackle that problem you will go crazy trying to figure out which ones to allow. Some you can disable.

    ___________________________________________________________


    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q250320
    Description of Svchost.exe (Q250320)

    The information in this article applies to:


    Microsoft Windows 2000 , Advanced Server
    Microsoft Windows 2000 , Professional
    Microsoft Windows 2000 , Server
    _____________________________________________________________

    Black Viper has done the best job on the net to help people understand these issues and if you spend time read all of his suggestion you will be way ahead of the game.

    Here is his page on Win2000 servers.

    http://www.blkviper.com/WIN2K/win2k.htm


    This is the Page which will take all the mystery out of Win2000 Server.


    http://www.blkviper.com/WIN2K/servicecfg.htm
     
  4. Now to get down to the nitty gritty for what you really want...there are many..beside the built in tools for your OS..

    Here is one ...

    http://www.foundstone.com/
    We at Foundstone have honed our security skills at the highest corporate and government levels, including three of the Big Five accounting firms, the United States Air Force, and contractors involved in classified Department of Defense projects. In total, the Foundstone team has several decades of combined security experience across a full range of network and Internet technologies.

    Vision
    by Foundstone
    System Requirements

    NT 4/ Win 2000
    NT 4 needs psapi.dll
    800x600 res. minimum
    256 colors min
    32MB

    Vision will not work on Windows 9x, or Me. We are still in the process of testing of Vision on Windows XP.

    Vision v1.0 - reports all open TCP and UDP ports and maps them to the owning process or application.




    http://www.foundstone.com/knowledge/proddesc/vision.html


    Vision, Foundstone's newest product. This forensic utility is an essential part of a computer security professional's tool-kit. Vision maps all of a host's executables to corresponding ports, allowing you to identify and investigate suspicious services. Vision enables you to interrogate suspect services to identify backdoors and Trojan applications. If a malicious service is identified, Vision allows you to immediately kill it.
    http://www.foundstone.com/knowledge/press_releases-display.html?press_id=282


    Other Free tools at Foundstone.
    http://www.foundstone.com/knowledge/free_tools.html
     
  5. Joe

    Joe Guest

    Tried the Kerio Personal Firewall, it told me exactly what I needed. When the suspect process tried to open the mystery port Kerio popped up and let me know exactly which process, port and destination address was being used.

    Thanks for the help.... I'd been using ZoneAlarm Pro for years, but Kerio gives soooo much more info... I'm switching all my computers over.....
     
  6. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    When I first found ZA I thought it was the only software firewall available. (I was a newb then) I used it for a while, not happily but better than nothing. When I bought TDS3, some of the experienced members introduced me to Tiny (Kerio is basically the same program witrh mildly different cosmetics) I think It was Jazzie. Anyway I never looked back and no firewall since has made me happier.


    feel da powa of real rules baby! your puny applications pale before us ;)
     
  7. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Have a look to TCPView (Free) from sysinternals :
    http://www.sysinternals.com/

    Great tool
     
  8. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    While you people are talking about such stuff, there is a great little free program for 2k and XP.
    Found here. direct download link - Forum Admin
    I use it instead of my firewall when I want a quick glance at my connections. Keep it in the quick launch tray, one click and there all my connections.
    I am now going to look at the other programs you guys have posted here. Thanks.

    note: anyone posting direct download links, please state so when posting. As an alternative, a link to the home page can be used - Forum Admin
     
  9. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Hmmm. I don't know how I did that. I thought I was posting to the home page.
    Sigh! Oh well. Some days are better than others. :rolleyes:

    How about here. http://www.ntutility.com/index.htm
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    There are not too many for win98[me=Jooske]systems, most of those are for 2000/NT/XP[/me]
    One that comes close is nsider (was that the name?) which is not always secure, there was one that crashed my system completely, think it was the nutils, must hunt if i have it somewhere to recognize it.
    Good tools for this function are not there too many, so who knows ....... soon ....... maybe ........ i don't know what is realized from urgent wishlists and when ... ! :D
     
  11. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    root,

    Tell me about it :D

    regard.

    paul
     
  12. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    root mentioned Active Ports.I tested that program.It works and like root says it easy to use.Nice program!
     
  13. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    crkit1,


    would you mind posting this question on the thread you refer to?

    Thanks ;)

    regards.

    paul
     
Loading...
Thread Status:
Not open for further replies.