tds-3 and the common port scan!

Discussion in 'Trojan Defence Suite' started by mike carter, Oct 27, 2003.

Thread Status:
Not open for further replies.
  1. mike carter

    mike carter Guest

    Port explorer shows port 25 open when I'm behind a router and norton firewall
    Have run numerous port scans from third party sites and they all come up as stealth.
    Any suggestions why tds shows this port 25 open?



    - Updated subject as user stated it is TDS reporting the open port, not Port Explorer - LWM
     
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Re:port explorer

    Hi,

    TDS or Port Explorer ? which is it ?

    In Port Explorer, click SAVE and then send the results to support@diamondcs.com.au and I'll send you back the reasoning :)

    A possible scenario - its REMOTE port 25 and this is because you just sent an email, msimn.exe showing port 25 on the remote host which would be your mailserver. Notice the local port which opened was not 25.
     
  3. mike carter

    mike carter Guest

    Re:port explorer

    o_O I am using tds-3 and the common port scan!
    There is no e-mail program running,and the program Active ports also does not say 25 is open,I'm stumped........
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Can you try Port Explorer

    Might be a bug with the port utility you are using, Port Explorer demo will show you exactly what is (and isn't) going on

    After installing, click File > Save Table. Then send the file to support@diamondcs.com.au and we'll let you know what is going on
     
  5. Stuart Lindsey

    Stuart Lindsey Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    8
    hiya, i`m in a similar but slightly more concerning position. Just ran a port scan on myself and 3 sockets came up as open, all trojan ones, how do i close em ? I`m running a Mcafee personal firewall too .
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Did you look with port explorer which applications are connected to them?
    Did you configure the TDS sockets (upper right corner) in which case ports can show up as listening, but it is TDS behind it, so no other application can use them.
     
  7. Stuart Lindsey

    Stuart Lindsey Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    8
    K i ran a Trojan ports ports check on myself using 127.0.0.1 as the target. i was able to connect on the following ...Socket de troi 1.0- .1, netbus 1 and netbus 2.

    The rest of them the connection attempt was rejected. No other programs aside from the essential background windows bits were open. So how do i close these ports ?
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Did you have the sockets (upper right corner) configured?
    In that case it's TDS itself behind those sockets and nothing top worry.
    With Port Explorer you would be able to see if there are any applications connected to those ports, which you might decide to close.
    When you do that check you could get something like this in the console:
    30-10 11:57:02 [NetBus 1.x] Port 12345 - Connection request by 127.0.0.1:2428
    30-10 11:57:03 [NetBus 2.x] Port 20034 - Connection request by 127.0.0.1:2429
    30-10 11:57:04 [Sokets de Troie] Port 5000 - Connection request by 127.0.0.1:2433
    30-10 11:57:04 [Socket 8] Remote host (127.0.0.1) has closed the connection.
    30-10 11:57:04 [Socket 9] Remote host (127.0.0.1) has closed the connection.
    30-10 11:57:04 [Socket 0] Remote host (127.0.0.1) has closed the connection.
    30-10 11:57:05 [Socket 0] Port 5000 - Connection request by 127.0.0.1:2433
    30-10 11:57:05 [Socket 8] Port 20034 - Connection request by 127.0.0.1:2429
    30-10 11:57:05 [Socket 9] Port 12345 - Connection request by 127.0.0.1:2428

    With this you would have got a voice alert (if speech is enabled) and three alert emails if you configured your email address into TDS too.
    You see also the connection was closed immediately.
     
  9. Stuart Lindsey

    Stuart Lindsey Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    8
    Yup i got all those alerts and the emails, so how do i close the ports ?
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    If you close the sockets listening and run the scan again they should be closed.
    Like said, you put TDS behind them listening, see it as an addition to your firewall:
    if any intruder would be able to get passed the firewall and target one of those ports they find TDS behind it and can't do any harm via those ports.
    In the registered version you can run the script Screx to do a lot more if those ports are targeted indeed.
     
  11. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    You really need Port Explorer for any cases involving ports. Get the demo which will well and truly put the case beyond doubt :)

    After installing, reboot and then open it and save the data shown from the first menu - click File > Save Table
     
Thread Status:
Not open for further replies.