Re: Sygate listening
From: Demon77 (demon.rebel77_at_gmail.com)
Date: 11 May 2005 00:06:33 -0700
Ok, I just did some snooping around about the ports and the services
that were mentioned ;)
I am not sure about the system process that are listening to/for udp
However, about the Sygate smc.exe listening to port 1027 - this is for
1st- smc.exe is a part of the Sygate Secure Enterprise, more
specifically the firewall product. This piece of software blocks
attacks from Internet-bound viruses and hackers. This program is
important for the stable and secure running of your computer and should
not be terminated.
2nd - Microsoft operating systems tend to allocate one or more
unsuspected, publicly exposed services (probably DCOM, but who knows)
among the first handful of ports immediately above the end of the
service port range (1024+).
The most distressing aspect of this, is that these service ports are
wide open to the external Internet. If Microsoft wants to allow DCOM
services and clients operating within a single machine to
inter-operate, that's fine. But in that case the DCOM service ports
should be "locally bound" so that they are not wide open and flapping
in the Internet breeze.
(from: http://grc.com/port_1027.htm )
Sooo....on Port 1027 having a tool from the firewall snooping/sniffing
about is not a terrible thing to have.
Search on Google for the other services and ports and it will give ya
Tons of info!