mstask port 1025 open

Discussion in 'other firewalls' started by georgepds, Jun 20, 2004.

Thread Status:
Not open for further replies.
  1. georgepds

    georgepds Registered Member

    Joined:
    Jun 19, 2004
    Posts:
    10
    I've got an open port in w2k and can't seem to close it. I know it's due to mstask listening on port 1025 for task scheduling and can close it by doing services>task scheduler>disable

    But... I want task scheduling. I have another w2k that show mstask as listening, but does not show as open in dslreports

    Can some help fix this. I'm accessing the internet via dsl through a dlink i604 router

    (I've run cwshredder, avast, avg, tds, ewidos, spybot, adaware and the computer is clean)



    Here is the report

    http://www.dslreports.com/scan shows
    TCP 1025 : OPEN The port is open.
    24 - Read
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi georgepds

    ... and welcome to Wilders :)

    If you want to continue using task shceduler, then the easiest solution is to use a firewall to protect services like these. Are you running a software firewall on the system?

    Any difference in how this system is set up?

    How do you have your router configured? The default should be to drop unsolicited inbound connections and you should not be showing any open ports. Are you doing any port forwarding or have the system in a DMZ?

    Regards,

    CrazyM
     
  3. georgepds

    georgepds Registered Member

    Joined:
    Jun 19, 2004
    Posts:
    10
    "How do you have your router configured?"
    I have it configured as PPOE

    "The default should be to drop unsolicited inbound connections and you should not be showing any open ports."

    Not sure how to do this. It is a dlink i604, the physical config is
    internet> dsl modem> dlink router > computer(s). Can you tell me where I can read to chk this setting


    "Are you doing any port forwarding or have the system in a DMZ?"
    No, it was a clan install of w2k with all the security upgrades.

    My potential problem is that active ports shows odd connections on port 1025 when I leave it open. By odd, I mean conmnections shown from shaw cable. I suspect a worm/virus/trojan but the vast array of cleaners, including cwshredder, says the computer is clean


    What is DMZ?
    ~~~
    BTW, when I ___CLOSE___ mstask, I get this result from dslreports

    TCP default : CLOSED We received a response packet that no service is available

    TCP 80 : FILTERED No response packet was received.
    31 - Read

    TCP 135 : FILTERED No response packet was received.
    23 - Read

    UDP ALL : FILTERED No response packet was received


    ~~~~
    When I leave mtask ___OPEN___, I get this rreport

    TCP default : CLOSED We received a response packet that no service is available.

    TCP 80 : FILTERED No response packet was received.
    31 - Read

    TCP 135 : FILTERED No response packet was received.
    23 - Read

    TCP 1025 : OPEN The port is open.
    24 - Read

    UDP ALL : FILTERED No response packet was received.

    ~~~~
     
  4. georgepds

    georgepds Registered Member

    Joined:
    Jun 19, 2004
    Posts:
    10
    For more weirdness... I disabled mstask from the services, and then started it once windows was going. It then grabbed port 1072 . If I run dslreports port scan, I do not get 1072 open. I suspect dslreports is just not probing the port


    DSL reports with mstask on 1072
    ~~~~
    TCP default : CLOSED We received a response packet that no service is available.

    TCP 80 : FILTERED No response packet was received.
    31 - Read

    TCP 135 : FILTERED No response packet was received.
    23 - Read

    UDP ALL : FILTERED No response packet was received.
     
  5. georgepds

    georgepds Registered Member

    Joined:
    Jun 19, 2004
    Posts:
    10
    I apologize for the multiple posts... but this has me baffled. In trying to answer the question.. wat's different I ran neststat-an on the two computers

    On the "good" computer, the one that passes the dsl portscan, netstat -an shows a udp connection directly to the adress of the router. On the "bad" computer this is missing

    Hmmmm dose this help. I set up the "good" computer first, and ran the dlink install softwre on it. i did not do this on the second. Does the dlink software set up the udp ports?
     
  6. georgepds

    georgepds Registered Member

    Joined:
    Jun 19, 2004
    Posts:
    10
    Found it... the router had decided the second computer was in the dmz.


    Disabled dms, and once more I pass dsl reports. Thank you crazyM for the clue

    --G
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    That system being in the DMZ would explain your results. Any idea how it got configured that way?

    Glad to hear all is as it should be now.

    Regards,

    CrazyM
     
Loading...
Thread Status:
Not open for further replies.