15 total posts
Tango, Just A Thought...
Although I'm currently on a machine with ZA "Free", check this setting...Open ZA, click on the "Firewall" tab on the left side, then choose the "Main" tab at the top. Make sure BOTH the "Internet Zone Security" and "Trusted Zone Security" settings are set to "HIGH". Then click on the "Advanced" button and UNCHECK all boxes.
Hope this helps.
Thanks for the option but I tried that and the port is still open.
I even scanned with Norton Antivirus 2004. - Nothing
Adaware Pro - Nothing
Spybot - Nothing.
I need this hole sealed.
Have you (or someone else on your box)...
played any ONLINE card games?
If so that someone likely allows the use of the port.
Look through your advanced settings to see what is allowed.
I may be mistaken because I didn't fully understand what I've read, but I am under the impression that ports 80 and 25 are normal internet ports (80 for surfing and 25 for email) used by most ISPs....however, some ISPs are now changing them to be 1080 and 1025 or 1880 and 1225, etc.
Could this be a normal open port for him?
In response to your query when I usually get scanned by GRC the port is reported as 'stealthed' and I still get normal internet traffic so that is not the problem.
Yes Toni, it could well be as...
I attempted to indicate to him when mentioning casino games which are noted for using exactly that port because it is assigned by IANA for Network Blackjack.
Attempting to teach him to fish apparently didn't work (he didn't use the clue to look for what was using the port or what was new or running that wasn't last time he checked). Port 1025 is officially assigned to network blackjack and nothing else. In fact it will be used by the first program or service that tries to establish an outgoing or internal connection after a system boot. Concerning a non-compromised, stand-alone XP System this will usually be the svchost process respectively the system process itself, more or less chosen by chance (also often used by the task scheduler rpc component).
Ports can be used by anything besides what they are normally associated with and if someone is really curious or worried they can use readily available networking tools (netstat -an comes to mind) to monitor usage although netstat doesn't identify the actual process. Fports (one of Foundstone's free tools) does ID the process. Besides Network Blackjack (what IANA assigned it to) 1025 is often used by trojans and keyloggers (here are some common ones - Fraggle Rock, md5 Backdoor, NetSpy, Remote Storm), port 1025 is, by default. It is also often the assigned port for the Active Directory logon and directory replication interface--if this was the case here though he would surely know it as he would have had to have mapped it himself.
Thanks for the information. However to clarify.
1. I checked with my isp and they aren't using that particular port at the moment for internet traffic.
2. I don't have any online casino games on my computer.
3. I did a NETSTAT -an and it just tells me the port is listening and it is an active connection.*as if I don't already know that.*
4. I'm always notified if the task scheduler wants to access the internet because that.
Have you (or someone else on your box)
Never play online card games.
Tango, It's Probably Windows Updates...
Generally the 1025 port is used for "Remote Procedure Calls" and I believe that enabling the "Automatic Updates" for Windows Updates will keep the 1025 port open. Try turning OFF your "Automatic Updates" in the Control Panel/Automatic Updates icon and see if it stealths the port. I prefer to use the Windows Updates site manually so I don't have the problem.
Hope this helps.
Tango, It's Probably Windows Updates
Well I did as you suggested but my port is still open, even though the expert rules block incoming TCP Packets to this address.
Thanks any way.
this is a port that your particular ISP needs to have left open for its automatic antivirus/popup blocker/spam blocker updates as many ISPs are now offering these as 'extras' on their site for free to customers now. (Such as AOL, Netscape, Adelphia, etc)
Thanks to both of you for your help. The problem turned out to be the Task scheduler utility from Microsoft. I put it as a porgram which I will be notified about so that won't happen again.
Again thanks for your help.