Re: responses on port 41523

Hard to say what is going on if you initially have found no listening
process. What you could do is use portqry from another computer on your
network to see what is found and install the port reporter service on the
computer to log port activity and review the logs to see if that port has
been used and if so by what process [if using Windows 2003 as Windows 2000
only reports port use]. Of course a routine scan for malware and spyware
would be a good idea if it has not been done in a while. --- Steve

http://support.microsoft.com/default.aspx?kbid=832919 -- Portqry command
line port scanner.
http://www.microsoft.com/downloads/details.aspx?FamilyID=69BA779B-BAE9-4243-B9D6-63E62B4BCD2E&displaylang=en
--- Port Reporter

"nutso fasst" <no.replies@xxxxxxxx> wrote in message
news:Ooe9jSCWGHA.1192@xxxxxxxxxxxxxxxxxxxxxxx
Hello.

For a while I inadvertently had ports open in a firewall on an NT box
connected to the Internet. There were no services on the ports.

Firewall logs showed unblocked connection attempts with no
responses...except for one port: 41523. An occasional probe of 41523 would
typically consist of a connection attempt, one response, then another
connection attempt with no response. Sometimes there would be a third
connection attempt with no response.

Netstat showed nothing listening on 41523, and I don't see any indication
the system was compromised. But why a response only on that port, and only
to the first attempt to connect?

Is this just the TCP/IP stack replying with RST, then ignoring subsequent
connection attempts? Could the reply be due to the type of scan, which I
suspect has to do with the ARCserve Backup port 41523 vulnerability?

thanx,
nf






.

Relevant Pages

  • Re: Best Plan of action for 2 forest.......
    ... PortQry reports the status of a port in one of the following ways: ... ..LISTENING This response indicates that a process is listening on the target ...
    (microsoft.public.windows.server.active_directory)
  • Re: Socket and cycle problem
    ... listening this port countinously. ... So I need make some loop to print data from 3883 port permanent. ... the data it receives from each connection after the remote side drops ... If you were to use the socket module, then it would look something like this: ...
    (comp.lang.python)
  • Re: Conditional Accept and Overlapped I/O Question
    ... it is imperative to hide the listening port on the server ... connection requests will come in from the same thread on the client side. ...
    (microsoft.public.win32.programmer.networks)
  • Re: Correction
    ... Normally to physically disconnect is just a matter of reaching for the ... >> I have an ADSL connection which polls my computer from time to time, ... > disallow each and every port with Windows Firewall? ...
    (microsoft.public.windowsxp.messenger)
  • Re: Using Remote Desktop From an SBS Domain
    ... when you tried to RDP while attached directly to a port on your router? ... Internet to initiate an IP conversation with your computer. ... This situation is different than if you ran your own NAT connection sharing ...
    (microsoft.public.windows.server.sbs)
Quantcast