Re: heavy traffic on port 1025

From: Star Fleet Admiral Q (Star_Fleet_Admiral_Q(NO-SPAM)_at_(FORGET-SPAM)hotmail.com)
Date: 07/31/04

Next message: Doug Knox MS-MVP: "Re: Windows XP SP2"
Previous message: Michael: "Windows XP SP2"
In reply to: Erwin Michiels: "heavy traffic on port 1025"
Next in thread: Doug Knox MS-MVP: "Re: heavy traffic on port 1025"
Reply: Doug Knox MS-MVP: "Re: heavy traffic on port 1025"
Reply: Erwin Michiels: "Re: heavy traffic on port 1025"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 31 Jul 2004 01:12:09 -0400

Question - if task scheduler is using port 1025, then why are you
telling everyone to block all the other ports 1024 and 1026-65535?
They may have other important applications running on those ports and
what you've told them just broke them - and yes, most people on these
groups are not "tech savey" so next there will be a post "My
such-n-such all of sudden quit working" - be mindful of your audience
when suggesting.

-- 
Star Fleet Admiral Q @ your service
--------------------------------------------------------
"Erwin Michiels" <ErwinMichiels@discussions.microsoft.com> wrote in
message news:E2B7FF8B-0FC3-47FF-A25F-03C32B19F0A1@microsoft.com...
> Many people seem to have noticed heavy traffic on port 1025. This
traffic is caused by the task scheduler service hosted by svchost.exe.
This service opens port 1025 by default. There are two ways to block
this traffic:
>
> 1) disable task scheduler service and reboot; be aware it is
possible that prefetch, system restore and bootvis won't work properly
anymore;
>
> 2) deny inbound traffic for svchost.exe using TCP on the local ports
1024-65535; you can use a firewall like Agnitum Outpost 1.0 (freeware)
to configure your system this way (
http://www.agnitum.com/download/outpost1.html ).
>
> To exploit task scheduler listening on port 1025, you can even
download a tool from the net: remoxec from
http://www.securityfriday.com/tools/Remoxec.html . This explains
probably the amount of scans of port 1025.

Next message: Doug Knox MS-MVP: "Re: Windows XP SP2"
Previous message: Michael: "Windows XP SP2"
In reply to: Erwin Michiels: "heavy traffic on port 1025"
Next in thread: Doug Knox MS-MVP: "Re: heavy traffic on port 1025"
Reply: Doug Knox MS-MVP: "Re: heavy traffic on port 1025"
Reply: Erwin Michiels: "Re: heavy traffic on port 1025"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: heavy traffic on port 1025
... > connections to VNC hosts on my home network, ... > To see what program is trying to access port 1025. ... > Per user Group Policy Restrictions for XP Home and XP Pro ... >> Question - if task scheduler is using port 1025, ...
(microsoft.public.windowsxp.security_admin)
[Full-Disclosure] RE: SMB overflow attacks
... > I believe the windows task scheduler will bind to a port above 1024. ... The OP asked why System binds a high port. ...
(Full-Disclosure)
Re: Task Schedular TCP port
... I've just stopped Task Scheduler and neither of the open ports closed. ... The 1025+ range on Windows is usually RPC-based services, ... > have port open in the first place. ... > I have found that the Task Scheduler service opens a TCP port (usually ...
(microsoft.public.security)
Re: heavy traffic on port 1025
... To see what program is trying to access port 1025. ... It may be task scheduler, ... > traffic is caused by the task scheduler service hosted by svchost.exe. ... system restore and bootvis won't work properly ...
(microsoft.public.windowsxp.security_admin)
Re: Backdoor.berbew.p now totally paranoid
... It will show you what file is opening what port and is communicating to what site. ... If you are using WinME or WinXP, disable System Restore ...
(microsoft.public.security.virus)