Re: Why these ports are running on a Windows Server 2003?

From: Steven L Umbach (
Date: 10/17/05

  • Next message: marc ochsenmeier: "Re: Indexing Service and EFS..."
    Date: Sun, 16 Oct 2005 19:43:32 -0500

    A lot depends on what you have installed on that server as applications and
    services. The above 1024 ports are generally used as a client port randomly
    selected to connect to a server service though trojans are also known to use
    them. If connected, the server address/port used could also be of help in
    finding out what is going on. There are some free tools from SysInternals
    called SysInternals called TCPView and Process Explorer that can be very
    helpful in identifying port use by mapping to the process/executable and
    showing the publisher name that can help you determine if it is a legitimate
    process or application [hopefully you have a baseline or documentation to
    compare to] though unless the file used for the process is digitally signed
    you can not be 100 percent sure that the publisher name is what it says but
    not being digitally signed does not mean that it is bogus either.

    I would certainly question these and as an administrator be able identify if
    all of them are legitimate or not with the help of the tools I mentioned.
    For instance why is 1119 Chat/Game Protocol showing as a process
    on a server? You could also search Google for any port or description you
    have listed if you need further assistance in trying to track them down
    which is what I do. Of course the server should be scanned with a quality
    malware program and a spyware program such as Microsoft AntiSpyware, AdAware
    SE, etc which can help in identifying malware, spyware and suspicious
    programs. If it appears that a lot of these processes are accessing the
    internet and should not be consider using a firewall that has a block all
    default outbound rule and then you define the exceptions for authorized
    access. The Windows 2003 Security Guide also has guidance on how to create
    and assign an ipsec filtering policy for a Windows 2003 Server based on it's
    role. Software Restriction Policies can also be implemented to stop the
    installation of and use of unauthorized software.--- Steve
       --- XP and Windows 2003 Software Restriction Policies

    "Doug Fox" <> wrote in message
    > Did an internal port scan on a number of Windows Server 2003 and found the
    > following ports, but they seems weired. Any
    > comments/suggestions/information are thankful.
    > 85 (MIT ML Device)
    > 264 (BGMP)
    > 039 (Streamlined Blackhole)
    > 1041 (AK2 Product)
    > 1043 (BONIC Client Control)
    > $1051 (Optima VNET)
    > 1052 (Dynamic DNS Tools)
    > 1074 (FASTechnologies License Manager)
    > 1098 (RMI Activation)
    > 1106 (ISOIPSIGPORT-1)
    > 1119 ( Chat/Game Protocol)
    > 1208 (SEAGULL AIS)
    > 1264 (PRAT)
    > 1302 (Cl3-Software-2)
    > 1360 (MIMER)
    > 1366 (Novell NetWare Comm Service Platform) - We don't have Novell stuff
    > on
    > our network!!
    > 1378 Elan License Manager
    > 4000 (Terabase)
    > 5998 (Asp module for Apache servers(
    > 6001 (Rainbow SuperPro Net network Services)
    > 6071 (SSDTP)
    > 6502 (BoKS Servm)
    > 6503 (BoKS Clntd)
    > 6504 ??
    > Best regards,

  • Next message: marc ochsenmeier: "Re: Indexing Service and EFS..."