Primary TCP Port Inspector?

Discussion in 'Trojan Defence Suite' started by Robyn, Mar 12, 2004.

Thread Status:
Not open for further replies.
  1. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    I would really appreciate advice on a result when I ran the TCP port Inspector. I have Windows XP SP1 + all patches. I also have a hardware Router Firewall plus Sygate Pro which I have tested with various online scanners and each of them give me a Full Stealth report. I have also tested various ports individually and I am shown a 'forceful rejection' when they attempt to connect.

    Last night I was looking deeper into TDS and found the Primary TCP port inspector and was alarmed as it scanned the ports to see 'Connected Port 135' :eek: I fail to understand this as all the other tests show this not to be responding plus I have disabled the registry key (as per Microsoft's instructions) quite sometime ago.

    I am very worried as I do not know what I should do to stop this connection especially when I have all doors barred according to the firewall tests plus I have NetBios Protection enabled in Sygate.

    Thank you in advance for any advice on how I can stop this as I am very worried indeed. I do not even see this appearing in my Sygate traffic logs and this confuses me even more. Ports 137 and 138 are appearing as Blocked but 135 is not even mentioned as being permitted o_O

    I have just gone to several scans which allow me to test the ports individually and each of them show that my computer has not responded and connection could not be made. o_O
     
  2. tutankamon

    tutankamon Registered Member

    Joined:
    Jul 10, 2003
    Posts:
    170
    Location:
    Lancashire U.K.
    Hi Robyn,
    I am certain you will get some excellent advice from the team, and other members on this site.
    In the meantime have a look at this page.
    http://www.iss.net/security_center/advice/Exploits/Ports/groups/Microsoft/default.htm (copy and paste)
    also, type, port 135 into Google search and read lots more about it.
     
  3. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Many thanks for your reply, I have bookmarked this link as it has some very good information regarding the various ports.

    I have throughly tested my system for most of the day yesterday; in fact I created a rule in my router that virtually stopped me from doing anything :oops: yet still this report with the Inspector. I feel it is one of the services used by Microsoft but not as alarming as I first thought. I have probed the specific ports within this range with every online scan I could find and everyone of them show I am not responding to any of the pings and am stealthed.
    I have taken the extra precaution to block all incoming and outgoing TCP/UDP for this port within my router for peace of mind.

    I appreciate you help on this with the link to Microsoft's definition. I have used Google and various means to research Port 135. I also know I have the registry key set to 'Y' which disables port 135. I somehow think I would be even worse if I installed Port Explorer :oops:

    Thanks again
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Robyn, Port 135 when tested by TDS3 TCP port inspector, is connecting internally to your own Machine's LocalHost. No external connection is made. Port Explorer shows this very well:) See my screenshot blow.
     

    Attached Files:

  5. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Pilli is right Robyn....have a look at my screenies :).

    TCP Inspector shows 127.0.0.1 connected on port 135.....127.0.0.1 being Localhost - which is indeed internal.

    Try running Interrogator (you'll find it under Plugins, where TCP Inspector is), and you will find that Port 135 is indeed closed...and remains silent.

    Nothing to worry about Robyn ;).


    Regards,
    Jade.
     

    Attached Files:

  6. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Wow, I am sooooooooooo relieved to see both these screenshots just now :) I was very anxious when I discovered the 135 connected and to make matters worse it was just before I shut down my computer the other night!!! I even went back to it to see if TDS would tell me this on a fresh boot :oops:

    It's tears of relief today as the screenshots and re-assuring words have really helped me. Many thanks once again to all who have sought the definitive answer for me and now I will not be so afraid of using the tools again and perhaps Port Explorer would not be as scary as I thought ;)

    I don't have any cookies to give to all of you but if I had all of you would have a basket full from me :)
     
  7. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    I have just tried the Interrogator and see connected but do not get the further 'remains silent' just finished :eek: I still get the silent mode from the online probes but am a little anxious again as I hoped the Interrogator would show the same as your screenshot but it didn't. I am really confused with this result now as it conflicts with the other reports I have for this port o_O

    Edit: Yippeee I have just tried again and do see the remains silent result when interrogated. Relief!!! I think my Block outbound rule for 135 in my router stopped TDS bringing back the result as when I removed this I found the remains silent logged :)
    Sorry for the false alarm this time :oops:
     
Thread Status:
Not open for further replies.