Cannot close port

Discussion in 'Port Explorer' started by Arctic, Sep 16, 2004.

Thread Status:
Not open for further replies.
  1. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    I recently purchased Port Explorer and had a bit of a problem over the weekend. While viewing all ports that were established I noticed one in red and it said it was established to Mcafee and it also said it was a shared component. I tried to close it but it would not allow it to be closed. I also have process guard, TDS-3 and wormguard. Yes I am a safty girl :D My questions are: (1) should I be concerned about that port being established and (2) how do I close it?

    Thank you all for any help you can give me.
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Arctic, Can you post a screenshot of what you were seeing? Hope you are referring just the their AV as Port Explorer does not get on with the Mcafee firewall and Mcafee have failed to address the problem as yet.
    Also what Operating system are you using.

    Thanks. Pilli
     
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    I wouldn't be concerned considering the remote address is McAfee, this suggests it would be the updater checking for updates
     
  4. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    I have windows XP Home edition. I just read your post, however I am on my work computer. :( So when I go home tonight I will turn my home computer on and take a screen shot. And it is McAfee antivirus not the firewall. I use zonealarm firewall. Thank you. :)
     
  5. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    Phili I took the screen shots but I don't know how to post them here. I tried to copy and paste but it will not work :'( I saved them into jpeg files. I don't know what to do now :(
     
  6. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi Arctic,

    See the screen shot below:
    From the reply window,
    Click "Manage Attachments",
    New window will open...
    Click "Browse" and go to the jpeg you want,
    And click "upload"...
    Then click "Close Window"...
    Finish your reply and you are done.
     

    Attached Files:

  7. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    Thank you for your replay puff :) I feel really stupid now that I did not see that button. I am attaching 2 screenshots of my port explorer because the window was to large to get just one screenshot. Since I am only allowed to attach one shot at a time I will make a second post here so you can see the whole shot. So when you view the shots side by side you can see what I mean. I just find it very weird that the port said it was a shared component with McAfee and would not let me close it. I also have process guard and Mcafee is one of the protected programs but I don't think that would have anything to do with port explorer. Thank you all for any help you can give me with this. :D
     

    Attached Files:

    • PE1.JPG
      PE1.JPG
      File size:
      79.4 KB
      Views:
      749
    Last edited by a moderator: Sep 21, 2004
  8. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    Here is my second screen shot of the previous post. Thank you
     

    Attached Files:

    • PE2.JPG
      PE2.JPG
      File size:
      75.1 KB
      Views:
      741
    Last edited by a moderator: Sep 21, 2004
  9. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Arctic, I edited your screenshots as they were showing your proper name ;)

    The first looks like some sort of updater service foe Macfee

    The second could be your ISP - Have you done a who is on the IP addresses?
     
  10. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    Thank you Pilli for editing my screenshot. Told you I was an idiot. lol :) I did do a look up on the ip number 63.210.47.30 and it resolved to:

    OrgName: Level 3 Communications, Inc.
    OrgID: LVLT
    Address: 1025 Eldorado Blvd.
    City: Broomfield
    StateProv: CO
    PostalCode: 80021
    Country: US
    Comment:
    RegDate: 1998-05-22
    Updated: 2003-11-06

    That really did not tell me much.

    The ip number 216.49.88.31 resolved to:

    OrgName: Mcafee.Com
    OrgID: MCAFEE-13
    Address: 535 Oakmead Pkwy
    City: Sunnyvale
    StateProv: CA
    PostalCode: 94086
    Country: US

    IP Address: 216.49.88.31

    Hostname: download.mcafee.com

    So as you can see I am concerned about the 63.210.47.30 IP and the fact that it said it was mcafee shared component on the port explorer but a whois lookup did not return that it was mcafee.

    I have TDS-3 and I have done a scan of my system and also a virus scan and it says the system is clean. Am I being over cautious here. Thanks for any help.
     
  11. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Arctic, I believe one of those addresses could be your ISP's DNS server
    (Level 3) or something else to do with your ISP as well?
    Lowe screenshot last entry is Yahoo.
    You will have to ask MaCfee about their shared components, unless another user here can help.

    Pilli
     
  12. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    Thanks for the reply Pilli. I do not believe that is my isp number as I am on roadrunner and all our isp numbers start with either 24. or 68. I have never seen one start with a 63. And also the fact that it was saying it is Mcafee shared component, if it was my ISP why would it be saying it is Mcafee. I am still confused about that one.
     
  13. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    I was looking at the Level 3 communications reference. Could it be an update site used bt MacFee or something like that?
     
  14. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    I really do not know Pilli. I know the 216 is Mcafee update site. When I did a look up on 216 it said it was a Mcafee update site. That is what is so confusing. Why would Mcafee have 2 update sites open at once. Also, as soon as I turn my computer on I do all my antivirus updates and TDS-3 updates. So, I really do not see the purpose in McAfee keeping 2 ports open when it is already up to date. This is very strange. If I knew who owned the 63 ip i would not be so concerned, however I do not know and that is what worries me. I take every saftey precaution I can. Yes I am very paranoid about security because I was hacked not once, not twice, but three times and a trojan was dropped on me. That happened about 4 years ago. And after that episode I made it my quest to learn everything I could possibly learn about computer security. The programs I run are: TDS-3, Wormguard, Port Explorer, Process Guard, Mcafee, ZoneAlarm, Linksys firewall router, Linkslogger. I know it sounds like over kill but there is no way I want to ever go through the mess I went through 4 years ago. lol So as you can see, I worry that someone may be connected to that port and be in my computer do,,, who knows what. lol. Thanks for any help you can give.
     
  15. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Arctic, Strange as sit may seem, my interest in Internet etc. security stemmed from a similar scaenario to yours back in 1999. :)

    I am hoping that an expert will drop in on this thread to offer some more guidance but contacting MCafee regrding their product would appear to be your best approach for those particular IP addresses.
    You could also try disabling any MCafee autoupdtes to see if that stops the connections, as most programs have the option to manually download.

    HTH Pilli
     
  16. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    Thank you for your reply Philli. I will keep a watch on it and see how things develop. I just noticed in another thread PE 2.0 is available now. I may just download that version and see what happens. I am not really sure what new things they added to 2.0 but it is worth a look. ;)
     
  17. H. Lee

    H. Lee Guest

    I believe that Level 3 is a Windows update site. It usually holds on to ports 80 and 445 on my system and as stated before, very difficult to close. Turn off your Windows update for a few days and and see if it still connects to that site.
     
  18. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Arctic

    If you can reproduce both connections by doing a manual update try enabling socket > spying on them or use a packet sniffer (Ethereal) to see if that will help determine what the level3 connection is. As Pilli suggested, it is likely just McAfee content being accessed on a different network/server.

    Regards,

    CrazyM
     
  19. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    Thank you for your reply CrazyM. I think I have worked out what the problem was. I had mcaffe update in my process guard, therefore it was keeping that port open. When i removed mcafee update from my process guard the problem was solved. So after mcafee updates I then go into port explorer and manually close the port. There are times it tries to stay open after updates but I close it off ;)
     
  20. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    thats scary
     
Thread Status:
Not open for further replies.