how do i find the port?

Fanianni · Trooper Joined: Jan 14, 2004 Posts: 16 Location: UK

Hi , Ive allowed this site to scan my ports for viruses, 2 have been found, i think, now i dont know how to find whats using these ports coz im not very pc no how

there port 80 and 8080

i just need to know how to check where they both are

Im doin a scan right now to double check. coz i only just found out my McAcfee virus scanner isnt workin properly, all coz system32 folder kept loadin on startup! well its needs something called naifiltr.sys to sort it out or to reinstall! well that a problem diferent to the port problem, maybe i should start another thread, lol.

thanxx to any1 that answers[/b]

Paul · Admin Joined: Feb 22, 2002 Posts: 4508 Location: USA

Hi port 80 and 8080 are typically used for web server daemons. Are you running a web server? What other processes do you have up and running?

Fanianni · Guest

hi Paul, Im not too sure about the web server

but my IP is NTL normal dial up,its a cable company other here in the UK, i can not get broadband because it isnt in my area

My other processes are:

Name User name

svchost.exe local service
svchost.exe network service
svchost.exe system
IEXPLORE.EXE my name
svchost.exe system
lsass.exe system
services.exe system
winlogin.exe system
csrss.exe system
smss.exe system
Avconsol.exe system
WKCALREM.EXE my name
MHPRMIND.EXE my name
WZQKPICK.EXE my name
Webshotstray.exe my name
taskmgr.exe my name
System SYSTEM
System Idle Process SYSTEM

Thanxx for your help
Sharon (fani) [/u]

Paul · Admin Joined: Feb 22, 2002 Posts: 4508 Location: USA

Hi Sharon, can you run this in your DOS command line:

netstat -an

And paste back results?

Fanianni · Trooper Joined: Jan 14, 2004 Posts: 16 Location: UK

hi paul, Im unable to copy and paste the results.

Any advice on how to

or is there any other way other than writing it all down

thanxx Fani

Paul · Admin Joined: Feb 22, 2002 Posts: 4508 Location: USA

Sure, try this:

netstat -an > netstat.txt

The file 'netstat.txt' will be created in the directory you run netstat from.

Fanianni · Trooper Joined: Jan 14, 2004 Posts: 16 Location: UK

Hi again Paul... this is what I've come up with:

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3540 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3001 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3002 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3003 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5180 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:3005 *:*
UDP 0.0.0.0:3006 *:*
UDP 0.0.0.0:3014 *:*
UDP 0.0.0.0:3336 *:*
UDP 62.255.205.18:123 *:*
UDP 62.255.205.18:2234 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:2234 *:*
UDP 127.0.0.1:3631 *:*

Regards Fanianni

Paul · Admin Joined: Feb 22, 2002 Posts: 4508 Location: USA

That is rather interesting since you have none showing. When you run the scanner from the site, does you adequately report your IP?

Fanianni · Trooper Joined: Jan 14, 2004 Posts: 16 Location: UK

Hi Paul, all i did was click on the 'Trojan TCP Scan' in the CCSP Toolkit list at the side here. How do you adequately report your IP? because the IP address their saying is not mine!
thanx sharon

Paul · Admin Joined: Feb 22, 2002 Posts: 4508 Location: USA

Hi Sharon, do me a favor and run this:

http://computercops.biz/modules.php?name=Reveal_IP

Does it report it correctly? If so, I know what I need to do to update the code.

Thanks

Fanianni · Trooper Joined: Jan 14, 2004 Posts: 16 Location: UK

Hi Paul, sorry to say that the IP address that your link gives me is still different to the one shown in my network connection, the address your site gives me is: 62.253.64.9, where mine is showing as:
62.255.108.199, dont know whats going on?
Regards Sharon

Paul · Admin Joined: Feb 22, 2002 Posts: 4508 Location: USA

Ok it seems that your true IP is not being passed on in the TCP/IP packets you are sending to the site. The script currently only runs server side in checking the originating IP address. If your packets are routed thru an 'anonymous' proxy server, then your real IP is stripped out. This means the proxy server was itself scanned by us, and those ports were found to be open.

Fanianni · Trooper Joined: Jan 14, 2004 Posts: 16 Location: UK

hi Paul, thank you for that information, so will I not be able to have my ports scanned at all by you?
Thanks Sharon

Paul · Admin Joined: Feb 22, 2002 Posts: 4508 Location: USA

Hi Sharon, I'm moving this week to my new home so once I'm settled in by next week I can begin coding again. I've been contemplating the use of javascript to obtain the IP from the client side. Of course this has certain issues that need to be addressed. However, there are certain things I need to start enhancing as early as next week and that includes the scanners.

Fanianni · Trooper Joined: Jan 14, 2004 Posts: 16 Location: UK

Hi paul, so its a case of watch this space then. Anyway thats good to know, I shal keep a look out.
Thanks for your help
Sharon


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 533 pages served in previous 5 minutes. Page Generation: 0.387 seconds.