Re: Sygate listening

From: Demon77 (demon.rebel77_at_gmail.com)
Date: 05/11/05


Date: 11 May 2005 00:06:33 -0700

Ok, I just did some snooping around about the ports and the services
that were mentioned ;)

I am not sure about the system process that are listening to/for udp
communication...

However, about the Sygate smc.exe listening to port 1027 - this is for
2 reasons:
1st- smc.exe is a part of the Sygate Secure Enterprise, more
specifically the firewall product. This piece of software blocks
attacks from Internet-bound viruses and hackers. This program is
important for the stable and secure running of your computer and should
not be terminated.
(quoted from:
http://www.liutilities.com/products/wintaskspro/processlibrary/smc/ )

2nd - Microsoft operating systems tend to allocate one or more
unsuspected, publicly exposed services (probably DCOM, but who knows)
among the first handful of ports immediately above the end of the
service port range (1024+).
(and)
 The most distressing aspect of this, is that these service ports are
wide open to the external Internet. If Microsoft wants to allow DCOM
services and clients operating within a single machine to
inter-operate, that's fine. But in that case the DCOM service ports
should be "locally bound" so that they are not wide open and flapping
in the Internet breeze.
(from: http://grc.com/port_1027.htm )

Sooo....on Port 1027 having a tool from the firewall snooping/sniffing
about is not a terrible thing to have.

Search on Google for the other services and ports and it will give ya
Tons of info!

~Demon



Relevant Pages

  • Re: Anti-Virus applications
    ... ports, unless specifically opened according to needs. ... Depends on your definition of snooping into your private activities. ... to the net just look for new versions and monitoring use, ...
    (uk.comp.sys.mac)
  • Re: DCOM
    ... > And DCOM is only one of the vulnerabilities that can be reached via TCP 135. ... > won't cause TCP or UDP 135 to be stealthed or blocked, because the RPC ... > endpoint mapper is the service that is really listening on those ports. ... > The reason for considering disabling DCOM or RPC would be to protect you ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Messenger Service on W2K server
    ... Thanks for the info on blocking UDP-135! ... article you refer to seems to me to be referring to a way to restrict dcom ... entire high range of ports available on your firewall. ... > This may be an alternative to shutting down the Messenger service ...
    (microsoft.public.security)
  • Re: DCOM
    ... You can stealth 135 with a firewall right now, ... DCOM, and XP SP2 has little to do with either one. ... change the fact that TCP and UDP ports 135 are listening, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Port 1026
    ... Related Ports: ... wide open to the external Internet. ... If Microsoft wants to allow DCOM ... configuration of your firewall rules. ...
    (comp.os.linux.security)