Open ports 135 & 1032?

Discussion in 'other firewalls' started by bigbuck, Jun 13, 2005.

Thread Status:
Not open for further replies.
  1. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Hi Guys,
    I've always passed GRC's ShieldsUP test with just my XP Firewall, but admittedly, I haven't i haven't done one for a while.
    Well, tonight I was a bit disturbed to do the test and find ports 135 and 1032 open!!
    I haven't had any problems, all scans are clean and my HJT log looks OK.
    I suppose I'm looking for a bit of advice and I'm really concerned as to why these ports are now open...
    Googled a bit and found a little app by gkweb here http://www.firewallleaktester.com/wwdc.htm but haven't used it yet. Can't really find much on port 1032.
    Any advice for the dumb Aussie?
    TIA,
    Brad.
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
  3. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Thanks Ron.
     
  4. dog

    dog Guest

    GK app is nice ... completely safe to use. ;)

    You may get a warning about svchost memory usage ... when I reformatted and reinstalled with SP2 ... I did get a warning on a clean install, which I never got with SP1 ... so I guess the memory usage increased with SP2 :doubt: and it gets flagged. Of course once I went thru and disabled many of the NT services (using BV as a reference) it no longer got flagged.

    What firewall are you using?

    Steve
     
  5. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Thanks Steve, just XP ICF...
    That app will sort 135? ...but what about 1032?
     
  6. dog

    dog Guest

    Truly I'd run a dedicated Software Firewall, the are many good free ones available (I'd suggest Kerio either 2.x -or- 4.x) ... for added protection add a Hardware Firewall, they're really reasonably priced now a days, and will block all unrequested inbound packets, allowing your SW/FW to concentrate on outbound control.

    Back On-Topic


    I don't know why that port is open, it shouldn't be. :doubt: GRC doesn't have any info listed ... it maybe spyware related. Could you DL and trial DCS port explorer and check to see what process is using that port and check it's info? Also if the trial allows "Spying" add that PID (process id) and see what info is in those packets. Also do a who's this on the remote address. From there you can further investigate using Sysinternals Process Explorer. ;)

    Steve
     
  7. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Thanks Steve. Disabled 135 with gkweb's app and ran test again. It appears to have closed both now?
    I'm interested to know what might 'stop working' now....thought I read that 135 is used by some apps for live updating??
     

    Attached Files:

  8. dog

    dog Guest

    It won't affect anything. ;) It doesn't need to open nor should it be.

    Here's GRC info on 135 -> http://www.grc.com/port_135.htm

    Steve
     
  9. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus
    Thanks again. Yeah, I'd read that after one of the tests.
    Anyway, I've had a couple of reboots and run the test a couple more times.....all good! ......so far!......fingers crossed.
    Cheers.
     
  10. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Brad

    The XP firewall should block all unsolicited inbounds. Just curious what, if anything, you had configured under exceptions?

    Regards,

    CrazyM
     
Loading...
Thread Status:
Not open for further replies.