I started my computer up earlier tonight, checked my email, did some searches etc, etc, then run TDS3, everything seems o.k. then I selected NETSTAT it showed several lines, one of which said, some numbers, which I cant remember but they ended in 1122 listening so I right clicked on this line, and asked what is port 1122? the answer was port 1122 RAT last2000 what does this mean? I run AVG6 fully updated, TDS3 (although not at startup) spywareblaster, spywareguard, ZoneAlarm, was someone still eavesdropping on me? I forgot to mention that when I clicked on "refresh" in NETSTAT it was gone, I ran AVG6 everything ok, I ran Full System Scan on TDS3 updated today, still everything ok
Hi Tut! This is probably a normal instance of the use of ephemeral ports. As a general rule, if you question whether there may be a trojan listening or using one of these ports and trojan scanners don't show anything you can use a port-to-process mapper such as DCS's Port Explorer (GUI) or OpenPorts (Command-line) to see which process is holding to that port, and what IP (if any) is on the other end of the communication and what is the destination port. After you note this info down, do a reboot and relaunch (if necessary) the "suspect" process and use Port Explorer or OpenPorts to see if it is using the same local port or destination port or communicating with the same IP. If any of these three are the same than you really do have some need for concern. If all are different then this is a good indication of normal use of ephemeral ports. You can download both of the DCS products mentions from http://www.diamondcs.com.au/index.php?page=products Hope this helps, Dan
Hi Dan, Thanks for the reply, I`ve tried NETSTAT again five times, but I`ve not seen port 1122 again. It would seem to be a "one off". My problem is not knowing enough about trojans, uses of different ports, etc,etc. so i will no doubt keep coming back to this forum with more queries. I have downloaded OPEN PORTS but not tried it yet.
Hey Tut, I'm glad that was cleared up. When you get a chance to try it, I think you will find openports to be much more powerful than netstat. Don't hesitate to broach any further questions or concerns as you come across them