Active Ports reports "Unknown"...

Discussion in 'other anti-trojan software' started by Lost_Prophet, Apr 4, 2002.

Thread Status:
Not open for further replies.
  1. Lost_Prophet

    Lost_Prophet Registered Member

    Joined:
    Apr 2, 2002
    Posts:
    12
    I've got "Unknown" processes and would like to know what they could be.  Here is an export of my log...

    Unknown      0      68.46.226.160      1795      24.153.64.3      110      TIME_WAIT      TCP      
    Unknown      0      68.46.226.160      1796      24.153.64.3      110      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      1798      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      1854      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      1921      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      1936      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      1984      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      2002      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      1949      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      68.46.226.160      2024      24.153.64.3      110      TIME_WAIT      TCP      
    Unknown      0      68.46.226.160      2022      24.153.64.3      110      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      2032      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      2050      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      2084      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      68.46.226.160      2130      206.171.171.1      80      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      2291      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      2713      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      2799      127.0.0.1      8080      TIME_WAIT      TCP      
    Unknown      0      127.0.0.1      8080      127.0.0.1      3031      TIME_WAIT      TCP      

    Thanks.  I have no idea if there is anything here I should be concerned about...
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,178
    Location:
    North Carolina, USA
    The port 8080 that is listed numerous times is usually opened by a proxy service of some kind.  Are you using a proxy or a program like Proxomitron?

    Port 110 is usually your e-mail client such as Outlook or Outlook Express.  Do you have it open?

    Poet 80 is usually your browser such as IE or Opera.  Do you have it open?

    I am not sure about port 3031.  Maybe someone else can help on this one.

    More than likely these are nothing to worry about.

    HTH a little bit,
    Kent
     
  3. Lost_Prophet

    Lost_Prophet Registered Member

    Joined:
    Apr 2, 2002
    Posts:
    12
    I use Web Washer.  That might be using port 8080.
    I also use IE and Outlook, so those make sense.

    As for the others, I'm clueless.   :)

    Thanks.
     
  4. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,178
    Location:
    North Carolina, USA
    I checked on port 3031 and a trojan called RAT.MicroSpy uses that port.  I would definitely scan your system with a good trojan scanner.  If you do not have one, I would recommend you to DL the trial v©†E3(Z@¸°en do a complete system scan.

    I do not know if you use a FW or not, but I use and recommend KerioPFW. One it is free and then something else it does is map all open/listening ports back to the process that has them open.  I have never had a port being seen as open or closed, just stealth using this product.  It is simple but very effective.

    HTH.

    Regards,
    Kent
     
  5. Lost_Prophet

    Lost_Prophet Registered Member

    Joined:
    Apr 2, 2002
    Posts:
    12
    Thanks.

    I"m using Zone Alarm Standard for a Firewall and will be switching to ZA Pro v 2.6x either today or tomorrow.  I will be sure to block port 3031
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.