heavy traffic on port 1025
From: Erwin Michiels (ErwinMichiels_at_discussions.microsoft.com)
Date: 07/31/04
- Next message: Jmet1223: "File Permission - Help please"
- Previous message: Doug Knox MS-MVP: "Re: unable to logon after windows XP security update"
- Next in thread: Star Fleet Admiral Q: "Re: heavy traffic on port 1025"
- Reply: Star Fleet Admiral Q: "Re: heavy traffic on port 1025"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Jul 2004 20:39:02 -0700
Many people seem to have noticed heavy traffic on port 1025. This traffic is caused by the task scheduler service hosted by svchost.exe. This service opens port 1025 by default. There are two ways to block this traffic:
1) disable task scheduler service and reboot; be aware it is possible that prefetch, system restore and bootvis won't work properly anymore;
2) deny inbound traffic for svchost.exe using TCP on the local ports 1024-65535; you can use a firewall like Agnitum Outpost 1.0 (freeware) to configure your system this way ( http://www.agnitum.com/download/outpost1.html ).
To exploit task scheduler listening on port 1025, you can even download a tool from the net: remoxec from http://www.securityfriday.com/tools/Remoxec.html . This explains probably the amount of scans of port 1025.
- Next message: Jmet1223: "File Permission - Help please"
- Previous message: Doug Knox MS-MVP: "Re: unable to logon after windows XP security update"
- Next in thread: Star Fleet Admiral Q: "Re: heavy traffic on port 1025"
- Reply: Star Fleet Admiral Q: "Re: heavy traffic on port 1025"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
