port 1122

Discussion in 'Trojan Defence Suite' started by tutankamon, Nov 7, 2003.

Thread Status:
Not open for further replies.
  1. tutankamon

    tutankamon Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    170
    Location:
    Lancashire U.K.
    I started my computer up earlier tonight, checked my email, did some searches etc, etc, then run TDS3, everything seems o.k. then I selected NETSTAT it showed several lines, one of which said, some numbers, which I cant remember but they ended in 1122 listening so I right clicked on this line, and asked what is port 1122? the answer was port 1122 RAT last2000 what does this mean? I run AVG6 fully updated, TDS3 (although not at startup) spywareblaster, spywareguard, ZoneAlarm, was someone still eavesdropping on me? I forgot to mention that when I clicked on "refresh" in NETSTAT it was gone, I ran AVG6 everything ok, I ran Full System Scan on TDS3 updated today, still everything ok
     
  2. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi Tut!

    This is probably a normal instance of the use of ephemeral ports. As a general rule, if you question whether there may be a trojan listening or using one of these ports and trojan scanners don't show anything you can use a port-to-process mapper such as DCS's Port Explorer (GUI) or OpenPorts (Command-line) to see which process is holding to that port, and what IP (if any) is on the other end of the communication and what is the destination port. After you note this info down, do a reboot and relaunch (if necessary) the "suspect" process and use Port Explorer or OpenPorts to see if it is using the same local port or destination port or communicating with the same IP. If any of these three are the same than you really do have some need for concern. If all are different then this is a good indication of normal use of ephemeral ports.

    You can download both of the DCS products mentions from

    http://www.diamondcs.com.au/index.php?page=products

    Hope this helps,

    Dan
     
  3. tutankamon

    tutankamon Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    170
    Location:
    Lancashire U.K.
    Hi Dan,
    Thanks for the reply, I`ve tried NETSTAT again five times, but I`ve not seen port 1122 again. It would seem to be a "one off". My problem is not knowing enough about trojans, uses of different ports, etc,etc.
    so i will no doubt keep coming back to this forum with more queries. I have downloaded OPEN PORTS but not tried it yet.
     
  4. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hey Tut,

    I'm glad that was cleared up. When you get a chance to try it, I think you will find openports to be much more powerful than netstat.

    Don't hesitate to broach any further questions or concerns as you come across them ;)
     
Thread Status:
Not open for further replies.