Re: TCP Connection - Established

From: John (john_at_somewhere.com)
Date: 01/31/04 

Date: Sat, 31 Jan 2004 16:50:40 GMT

In article <c7ESb.147041$5V2.785271@attbi_s53>, n9rou@n0spam-comcast.net
says...
> Port 1525 tcp is shown as used by Oracle applications in some port charts.
> Downloading and using TCPView from SysInternals will help by mapping ports to
> process/application and right clinking the process will give more information.
> If you have not done a spyware/parasite scan you may also want to do that as it
> could be spyware. SpyBot Search and Destroy in advanced mode/tools also will
> show processes and startup applications that may also shed some light on what
> the mystery port usage is. I believe Sygate may even be able to map ports to
> processes and has a traceback function via the logs. It definitely looks like a
> connection to an external address because of the address 207.33.111.82. ---
> Steve
>
> http://www.sysinternals.com/ntw2k/source/tcpview.shtml
> http://www.safer-networking.org/
>

Steve,

The mystery is solved. I used Internet explorer to try to connect to
207.33.111.82. That failed, but it triggered a popup from my firewall
advising that this address was trying to make contact with ntoskrnl on
my machine, and did I want to allow the connection.

Since the mystery connection had *never* left any tracks in my firewall
log (which would allow me to back trace it) I said "yes" to the firewall
in order to leave a backtraceable track in the firewall traffic log.

No need to backtrace - the address shows in the traffic log as
"ssupdates.sygate.com". The connection is used to determine if my
firewall is up to date, version and patch wise. The firewall doesn't
report the connection to reduce the "noise factor" I guess.

I'm happy again. Thanks again for your help on the issue, and a general
thank you for your input to this board.

John.

Relevant Pages

  • Re: AS4.2/WM5/OUTLOOK2K3 suddenly not syncing, please help
    ... there is a connection EXIST between the device because I ... connection on port 26675 but on the PPC the port number keeps ... Outlook, countless times of reinstalling Activesync, removing Windows ... Firewall set to NO). ...
    (microsoft.public.pocketpc.activesync)
  • RE: FTP Window of opportunity?
    ... target on the line when in reality it was just a firewall lying to them. ... The connection connects and then immediately ... Subject: FTP Window of opportunity? ... the FTP port shows up. ...
    (Pen-Test)
  • Re: keeping ports open
    ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ...
    (microsoft.public.security)
  • Re: How to Maintain an IIS Server?
    ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
    (microsoft.public.inetserver.iis.security)
  • Re: CEICW fails at firewall config
    ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ...
    (microsoft.public.windows.server.sbs)