Re: heavy traffic on port 1025
From: Erwin Michiels (ErwinMichiels_at_discussions.microsoft.com)
Date: 07/31/04
- Next message: JLR: "RE: Secure Delivery Plug In"
- Previous message: Redblanchard: "Requires that I use an admin account to install softwary...BUT I AM!"
- In reply to: Star Fleet Admiral Q: "Re: heavy traffic on port 1025"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 31 Jul 2004 07:07:03 -0700
Please read carefull: "deny inbound traffic for svchost.exe using TCP on the local ports 1024-65535", this means ONLY for svchost.exe using TCP on the local ports 1024-65535; maybe I didn't emphasize this enough. As said you can do this using a firewall like Agnitum Outpost 1.0 (freeware).
I suggested the whole range of ports above 1024, because svchost.exe USUALLY runs on 1025, but actually it uses the first free port above 1024 when booting. So that can be another port also.
Sir, @ your service, sir.
"Star Fleet Admiral Q" wrote:
> Question - if task scheduler is using port 1025, then why are you
> telling everyone to block all the other ports 1024 and 1026-65535?
> They may have other important applications running on those ports and
> what you've told them just broke them - and yes, most people on these
> groups are not "tech savey" so next there will be a post "My
> such-n-such all of sudden quit working" - be mindful of your audience
> when suggesting.
>
>
> Star Fleet Admiral Q @ your service
> --------------------------------------------------------
> "Erwin Michiels" <ErwinMichiels@discussions.microsoft.com> wrote in
> message news:E2B7FF8B-0FC3-47FF-A25F-03C32B19F0A1@microsoft.com...
> > Many people seem to have noticed heavy traffic on port 1025. This
> traffic is caused by the task scheduler service hosted by svchost.exe.
> This service opens port 1025 by default. There are two ways to block
> this traffic:
> >
> > 1) disable task scheduler service and reboot; be aware it is
> possible that prefetch, system restore and bootvis won't work properly
> anymore;
> >
> > 2) deny inbound traffic for svchost.exe using TCP on the local ports
> 1024-65535; you can use a firewall like Agnitum Outpost 1.0 (freeware)
> to configure your system this way (
> http://www.agnitum.com/download/outpost1.html ).
> >
> > To exploit task scheduler listening on port 1025, you can even
> download a tool from the net: remoxec from
> http://www.securityfriday.com/tools/Remoxec.html . This explains
> probably the amount of scans of port 1025.
- Next message: JLR: "RE: Secure Delivery Plug In"
- Previous message: Redblanchard: "Requires that I use an admin account to install softwary...BUT I AM!"
- In reply to: Star Fleet Admiral Q: "Re: heavy traffic on port 1025"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
