Why are ports open with nod v2

Discussion in 'NOD32 version 2 Forum' started by NOD, Jun 23, 2003.

Thread Status:
Not open for further replies.
  1. NOD

    NOD Guest

    It seems like ports

    3002 tcp
    3003 tcp
    3004 udp

    I didnt have these ports open until i installed nod v2

    Now these are internal ports that are open so they are not open to outside world.

    My question is why do they have to be open?? I didnt have these ports open with mcafee

    I just dont think that a program should have any ports open to operate unless it calling out to the net

    thx
     
  2. NOD

    NOD Guest

    alg.exe---3001 tcp

    I wonder what this is also---keep in mind i dint have any of these show up untill i installed nod v2--thats why i was wondering--and i watch all my ports like a hawk .


    Better to be safe than sorry.

    I dont believe it is any kind of threat---i just want to know why.
     
  3. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi NOD

    I do not see NOD32 listening or holding any ports open on my system. As for alg.exe, I think that may be part of XP that provides support for ICS and Internet Connection Firewall (ICF). I do not use XP, perhaps someone that does can clarify if this is what you may be seeing.

    Regards,

    CrazyM
     
  4. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi All,

    I am running NODv2 on Win2kSP3 so I cannot comment on the XP side of things but I also do not see any openports from NOD aside from the hourly update check.

    Rgds,

    Dan
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    True CrazyM.

    When I first got XP and put an early version of Zone Alarm on it, I would get these alerts about alg.exe accessing the network. I researched it and found out that it was related to the built-in XP firewall (ICF) and accesses being made through it, which triggered these activations and therefore the alerts. (I had not, but should have disabled ICF since I had ZAP running. :rolleyes: )

    After cleaning up the running services, ICF among them, alg.exe (and many others) went away and reduced the number of programs running and ports listening.

    NOD, if you don't have ICF running, then let us know that because then there is something strange occurring.

    The ports 3002 and 3003 looked familiar to me so I looked at my early XP configuration notes and found references to allowing them through ZAP (incoming TCP), however, my notes are incomplete and it does not say what they were related to (and they were removed about 2 years ago, so I don't remember what they were).

    NOD, have you looked at these ports with a port-to-process mapper to identify the exact program that is holding them open? (They are listening locally on 127.0.0.1, right? That's what they were on my XP system.) If you are running Windows XP you can use the command: "netstat -ano" - The little "o" (oh) adds an extra column to the netstat output which includes the Process ID (PID) of the program using the port. You can look the PIDs up in the Task Manager to identify the program.
     
  6. NOD

    NOD Guest

    I quess the older i get the more forgetful i get.I just did a format and turned the firewall on that is built into xp pro.

    I forgot to turn it off after i got everything reinstalled.I quess it keeps these ports open by default.


    Everything is fine now--i only show port 135 as being open but that is an inner port and it is visable to the outside world as stealth.

    Thx for helping me out and making me feel older and more forgetful now.

    By the way water--how is tiny 5.0 working for u ---i tried it but it wouldnt let me connect to the net?? And it wouldnt take my keycode from tiny 4.5.


    Anyway--this is why forums are so great.
     
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Glad you got that all fixed NOD !

    Re: TPF 5.0 - I'm not ready to report anything on that yet. Whole lots yet to do. ;)
     
Thread Status:
Not open for further replies.