Active Ports reports "Unknown"...

Discussion in 'other anti-trojan software' started by Lost_Prophet, Apr 4, 2002.

Thread Status:
Not open for further replies.
  1. Lost_Prophet

    Lost_Prophet Registered Member

    Joined:
    Apr 2, 2002
    Posts:
    12
    I've got "Unknown" processes and would like to know what they could be.  Here is an export of my log...

    Unknown      0      68.46.226.160      1795      24.153.64.3      110      TIME_WAIT      TCP      
    Unknown      0      68.46.226.160      1796      24.153.64.3      110      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      1798      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      1854      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      1921      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      1936      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      1984      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      2002      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      1949      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      68.46.226.160      2024      24.153.64.3      110      TIME_WAIT      TCP      
    Unknown      0      68.46.226.160      2022      24.153.64.3      110      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      2032      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      2050      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      2084      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      68.46.226.160      2130      206.171.171.1      80      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      2291      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      2713      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      2799      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      8080      127.0.0.1      3031      TIME_WAIT      TCP      

    Thanks.  I have no idea if there is anything here I should be concerned about...
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,450
    Location:
    North Carolina, USA
    The port 8080 that is listed numerous times is usually opened by a proxy service of some kind.  Are you using a proxy or a program like Proxomitron?

    Port 110 is usually your e-mail client such as Outlook or Outlook Express.  Do you have it open?

    Poet 80 is usually your browser such as IE or Opera.  Do you have it open?

    I am not sure about port 3031.  Maybe someone else can help on this one.

    More than likely these are nothing to worry about.

    HTH a little bit,
    Kent
     
  3. Lost_Prophet

    Lost_Prophet Registered Member

    Joined:
    Apr 2, 2002
    Posts:
    12
    I use Web Washer.  That might be using port 8080.
    I also use IE and Outlook, so those make sense.

    As for the others, I'm clueless.   :)

    Thanks.
     
  4. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,450
    Location:
    North Carolina, USA
    I checked on port 3031 and a trojan called RAT.MicroSpy uses that port.  I would definitely scan your system with a good trojan scanner.  If you do not have one, I would recommend you to DL the trial v©†E3(Z@¸°en do a complete system scan.

    I do not know if you use a FW or not, but I use and recommend KerioPFW. One it is free and then something else it does is map all open/listening ports back to the process that has them open.  I have never had a port being seen as open or closed, just stealth using this product.  It is simple but very effective.

    HTH.

    Regards,
    Kent
     
  5. Lost_Prophet

    Lost_Prophet Registered Member

    Joined:
    Apr 2, 2002
    Posts:
    12
    Thanks.

    I"m using Zone Alarm Standard for a Firewall and will be switching to ZA Pro v 2.6x either today or tomorrow.  I will be sure to block port 3031
     
Thread Status:
Not open for further replies.