Re: TCP Connection - Established

From: Steven Umbach (n9rou_at_n0spam-comcast.net)
Date: 01/31/04 

Date: Sat, 31 Jan 2004 02:09:12 GMT

Port 1525 tcp is shown as used by Oracle applications in some port charts.
Downloading and using TCPView from SysInternals will help by mapping ports to
process/application and right clinking the process will give more information.
If you have not done a spyware/parasite scan you may also want to do that as it
could be spyware. SpyBot Search and Destroy in advanced mode/tools also will
show processes and startup applications that may also shed some light on what
the mystery port usage is. I believe Sygate may even be able to map ports to
processes and has a traceback function via the logs. It definitely looks like a
connection to an external address because of the address 207.33.111.82. ---
Steve

http://www.sysinternals.com/ntw2k/source/tcpview.shtml
http://www.safer-networking.org/

"John" <john@somewhere.com> wrote in message
news:MPG.1a84b615825e4434989682@news.telusplanet.net...
> I am using W2K Workstation, not joined to a domain, ie. standalone. I
> use an ADSL connection to the internet.
>
> I ran netstat -a -n to see the connections that existed and there was a
> connection with status "established" that got my attention.
>
> Netstat shows
>
> TCP mynumericIPaddress:1525 207.33.111.82:8195 Established
>
> The interesting thing is that the connection remains even if my Sygate
> personal firewall is "blocking all traffic".
>
> I also made a rule to block traffic (in or out) on TCP to remote port
> 8195 with any packets logged. There were no packets, suggesting this
> connection was not generating any traffic.
>
> I downloaded a "whois" utility and searched 207.33.111.82 and the result
> was "no such address".
>
> It seems to be something happening inside my machine only, but I thought
> netstat only reported external connections.
>
> Can anyone explain?
>
> Thanks
>
> John.

Relevant Pages

  • RE: Configure Hardware Firewall for SBS 2003
    ... the corresponding ports to the SBS box. ... When a router is deployed at the SBS end, you must forward the port numbers ... TCP 110 This port is used for POP3 mail clients. ... TCP 1723 PPTP VPN connection ...
    (microsoft.public.windows.server.sbs)
  • Re: HTTP DDoS attack on our servers
    ... A quick googling for TCP port 45836 turns up the following page at ... The worm creates a remote access server by listening on TCP ... > Basically,> 8.000 IP numbers are sending HTTP requests to our server on ... > connection after the first sent line, ...
    (Incidents)
  • Re: .NET SqlConnection: connect error SQL Server 2005 DEV on same
    ... If I wanted to specify the port in the conenct string, ... enable TCP in the surface area configuration? ... Rick Byham, SQL Server Books Online ... An error has occurred while establishing a connection to the ...
    (microsoft.public.sqlserver.connect)
  • Re: Correction
    ... Normally to physically disconnect is just a matter of reaching for the ... >> I have an ADSL connection which polls my computer from time to time, ... > disallow each and every port with Windows Firewall? ...
    (microsoft.public.windowsxp.messenger)
  • Re: Using Remote Desktop From an SBS Domain
    ... when you tried to RDP while attached directly to a port on your router? ... Internet to initiate an IP conversation with your computer. ... This situation is different than if you ran your own NAT connection sharing ...
    (microsoft.public.windows.server.sbs)