Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

port listener xp

2273 Views 4 Replies 2 Participants Last post by  ha123
I have downloaded a programme called port listener xp because I have a problem with a potential trojan and would like to monitor
one or two ports - however there are no instructions with this programme and when I run it ZA asks if I would like to enable it as a server, this I am a bit reluctant to do. It would appear that this works by spoofing a port and alerting me when that port is accessed, it also sends the intruder a message - this I would rather not do. I just want a programme that monitors a port and alerts me and then maybe I can close it.
Maybe there's a better programme out there that works with win98. I would really like to know how to close a specific port.
Not open for further replies.
1 - 5 of 5 Posts
Don't use it; I don't know why it should need to run as a server. You can get a similar program from System Internals called tcpview that will list your open ports. They also have something called PortMon, but I don't think PortMon works on XP if you have that, anyway.
Thankyou Rog - I was a bit wary. Perhaps these programmes need to act as servers in order to spoof a port and send a message to the hackers, not sure about this as I'm not an IT genius.
I tried another prog called port block which appears to do the same job. As an experiment I allowed it to act as a server and the port I needed to block - 1524 - appeared in the netstat window as ingreslock and also another port I specified.
That you see is the problem, I have ingreslock connections from time to time and a search on google is alarming.
Something took the bait ip no and this after a search led to something called BLACKHOLE - 1.IANA.ORG special use.
I need to shut port 1524 and maybe one other, and I would also like to know what blackhole is.
You are going to see a lot of probes to various ports, but your firewall should prevent access. If something is "listening" however, it indicates an internal process which may or may not be normal.

Personally I wouln't get too spooked by that kind of thing, but it's good to review the possiblities and see if you can tie it to any programs you have installed. There is a lot of similar discussion in this Google>Groups search, you might want to have a gander:

Google Groups is a good source to explore both those issues if you haven't used it, but I for one doubt there is anything really abnormal there.
Thanks for the pointers Rog, never heard of google groups, looks like lots of useful info to lighten my darkness.
1 - 5 of 5 Posts
Not open for further replies.