Results 1 to 4 of 4

Thread: Inexplicable port listening

  1. #1
    azimuth Guest

    Default Inexplicable port listening

    One of the active program icons in Zone Alarm says that "Generic Host Process [etc.]" is listening to UDP ports 1027 and 1028. I've identified the process responsible as svchost.exe (SYSTEM). This file resides, as expected, in the /system32 folder.

    But why is it listening to those ports? From what I've read, these ports are used by Windows Messenger, and are often exploited for scareware spam. I'm absolutely, positively paranoid about PC security, but while I'm certain my PC isn't playing unwitting host to some cybernasty, I feel really uncomfortable about this.

    Operating System:Windows XP Home Edition
    Software Version:
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: Inexplicable port listening

    Hi!generally services listening are not a security concerns. In fact, most of the time they do not listen to the internet but to your own system or LAN.So the first test you should do is to see if you have any port opened to the outside world.Run ShieldUP (www.grc.com) and check that port 1027 and 1028are not opened.Next run TCPView to understand what they are actually listening to.Are they listening to the internet or localhost, 127.0.0.0.0, 0.0.0.0, etc...?If it is listening not to the internet is perfectly fine and normal.TCPview here:http://technet.microsoft.com/en-us/s.../bb897437.aspxCheers,Fax

    Message Edited by fax on 02-28-2008 06:52 PM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    azimuth Guest

    Default Re: Inexplicable port listening

    Thank you so much for such a prompt response. According to netstat, the service is listening to the localhost, so I'll stop worrying about it.

    It's worth mentioning, however, that I run my laptop as an ICS gateway, and if I check "Allow internet servers" in the advanced options menu, TCP port 135 sits open to the internet. I was very alarmed when I first saw this on the ShieldsUp test, and finally tracked it down to that option. I know most ISPs restrict access to that port by default, but it might be worth documenting.

    Thanks again.

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: Inexplicable port listening

    You're welcome!!Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •