Port 1025 "Open" - How to Stealth it with NIS

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

geoand

Thread Starter
Joined
Apr 28, 2002
Messages
75
Hi folks,

Hopefully, someone can help me with an 'Open Port' using the GRC.com Site's check for Stealthed Ports. All my ports used to be stealthed using Norton Firewall 2003 but now I've got Port 1025 open! It seems to be something to do with 'Network Blackjack' [not something I've ever used] and the Trojans 'Fraggle Rock' 'MD5 Backdoor' 'Netspy' & 'Remote Alarm' could be connected through here from what I've read??

I've run Norton AV, SpyBot S&D plus an online trojan scanner - everything appears clean. I then installed 'Active Ports' which showed the following running during a normal surfing session using XP Pro & a DUN connection. Does this make sense?

System 4 0.0.0.0 445 LISTEN UDP
System 4 0.0.0.0 445 LISTEN TCP
System 4 0.0.0.0 1026 LISTEN TCP
svchost.exe 772 0.0.0.0 135 LISTEN TCP C:\WINDOWS\system32\svchost.exe
svchost.exe 796 0.0.0.0 1025 LISTEN TCP C:\WINDOWS\System32\svchost.exe
svchost.exe 856 0.0.0.0 1030 LISTEN UDP C:\WINDOWS\System32\svchost.exe
svchost.exe 856 0.0.0.0 1039 LISTEN UDP C:\WINDOWS\System32\svchost.exe
svchost.exe 856 0.0.0.0 1040 LISTEN UDP C:\WINDOWS\System32\svchost.exe
BigFix.exe 1768 127.0.0.1 1044 LISTEN UDP C:\Program Files\BigFix\BigFix.exe
iexplore.exe 1404 127.0.0.1 2082 LISTEN UDP C:\Program Files\Internet Explorer\iexplore.exe
ccPxySvc.exe 1348 127.0.0.1 1027 LISTEN TCP C:\Program Files\Norton Internet Security\ccPxySvc.exe
ccApp.exe 1540 127.0.0.1 1028 LISTEN TCP C:\Program Files\Common Files\Symantec Shared\ccApp.exe

I tried closing the svchost.exe using Port 1025 in Active Ports but my system froze, I needed to restart and I'm back to normal. The only thing that I've done recently was install a Network Card [it's got LAN Wake-Up - I don't know if that's significant or not ] as I'm going to upgrade to ADSL using a Netgear DG814 Modem/Firewall/Router. I'm worried about using Broadband if I've got an Open Port, I'd like to be fully stealthed if possible.

Any advice would be gratefully received.

Thanks,

George

PS Hopefully I've supplied enough info here.
 
Joined
Apr 2, 2002
Messages
5,945
According to a thread I found on the Security Focus Forum, port 1025 is kept open by MSTask.exe. In other words, your copy of 2K or XP is 'listening out' for more instructions from Head Office!

The thread provides a Registry hack if you're feeling adventurous or it may be possible to configure your firewall to close it (not the built in XP one of course).

http://www.securityfocus.com/archive/105/333471/2003-08-14/2003-08-20/0
 

geoand

Thread Starter
Joined
Apr 28, 2002
Messages
75
Thanks Togg,

I've read about the mstask.exe connection before elsewhere but didn't want to disable it - I use task scheduler to keep NIS up to date. It sounds like the sort of thing that should be running in the background.

Interesting that yon link you posted mentioned NAV as well - maybe that's the problem.

Thanks.
 

geoand

Thread Starter
Joined
Apr 28, 2002
Messages
75
Cheers Togg,

You were spot on with MSTask.exe. I hadn't disabled it in XP-AntiSpy after updating it to the latest version. I'm now 100% stealthed at grc.com.

Well solved,

George
 
Joined
Apr 2, 2002
Messages
5,945
George,

Interesting to know that you have XP Anti Spy. I haven't got XP so stopping it 'phoning home' is only of academic interest to me but I came across the Anti Spy tool some time ago and was wondering just how good/useful it was.

Based on your experience of it, would you recommend it unconditionally to other XP users or do you have reservations about some aspects of it?

I assume that every Update/Service Pack switches all the reporting services back on so that you have re apply Anti Spy each time.
 

geoand

Thread Starter
Joined
Apr 28, 2002
Messages
75
Yes,

XP-AntiSpy gets my full blessing. It's not just the 'phoning home' bit, there's loads of other useful stuff. Put simply, lots of bloatware that comes with XP and runs in the background by default can simply be switched off without searching through other progs.

No, XP Updates don't affect it apart from maybe XP SP1, even then it's just a case of ticking the boxes again - a very useful tool.

George
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top