Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

port listener xp

2273 Views 4 Replies 2 Participants Last post by  ha123
H
I have downloaded a programme called port listener xp because I have a problem with a potential trojan and would like to monitor
one or two ports - however there are no instructions with this programme and when I run it ZA asks if I would like to enable it as a server, this I am a bit reluctant to do. It would appear that this works by spoofing a port and alerting me when that port is accessed, it also sends the intruder a message - this I would rather not do. I just want a programme that monitors a port and alerts me and then maybe I can close it.
Maybe there's a better programme out there that works with win98. I would really like to know how to close a specific port.
Save
Like
Status
Not open for further replies.
1 - 5 of 5 Posts
Rollin' Rog
Don't use it; I don't know why it should need to run as a server. You can get a similar program from System Internals called tcpview that will list your open ports. They also have something called PortMon, but I don't think PortMon works on XP if you have that, anyway.

http://www.sysinternals.com/
Save
Like
H
Thankyou Rog - I was a bit wary. Perhaps these programmes need to act as servers in order to spoof a port and send a message to the hackers, not sure about this as I'm not an IT genius.
I tried another prog called port block which appears to do the same job. As an experiment I allowed it to act as a server and the port I needed to block - 1524 - appeared in the netstat window as ingreslock and also another port I specified.
That you see is the problem, I have ingreslock connections from time to time and a search on google is alarming.
Something took the bait ip no 160.254.11.223 and this after a search led to something called BLACKHOLE - 1.IANA.ORG special use.
I need to shut port 1524 and maybe one other, and I would also like to know what blackhole is.
Save
Like
Rollin' Rog
You are going to see a lot of probes to various ports, but your firewall should prevent access. If something is "listening" however, it indicates an internal process which may or may not be normal.

Personally I wouln't get too spooked by that kind of thing, but it's good to review the possiblities and see if you can tie it to any programs you have installed. There is a lot of similar discussion in this Google>Groups search, you might want to have a gander:

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=port+1524&sa=N&tab=wg

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=BLACKHOLE+-+1.IANA.ORG&sa=N&tab=wg

Google Groups is a good source to explore both those issues if you haven't used it, but I for one doubt there is anything really abnormal there.
Save
Like
H
Thanks for the pointers Rog, never heard of google groups, looks like lots of useful info to lighten my darkness.
Save
Like
1 - 5 of 5 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top