Attention: The forums will be placed on read only mode this Saturday (Oct. 20, 2018)

During this outage (6:30 AM to 8 PM PDT) the forums will be placed on read only mode. We apologize for this inconvenience. Click here to read details

Computer Help forum

General discussion

Port 1025 Not Being Blocked By Zone Alarm

by tango_fox1 / February 23, 2005 12:00 PM PST

Hello Everyone,

I have a slight problem. I recently went to for my usual firewall check up to see how it's working. But to my my surpise my port 1025 is open even though I have ZoneAlarm blocking incoming TCP SYN packets to ports 1025-1030 and outgoing signals from 1025.

I need some help so that I can restore my usual pristine security scan.

Additionally GRC's message had in this text

network blackjack}


Specs are
Win 2k SP-4 fully updated
Zone Alarm Pro Version
Norton Anti Virus
Adaware Pro v. 6.0
Spybot Search & Destroy .

Any help would be greatly appreciated.

Discussion is locked
You are posting a reply to: Port 1025 Not Being Blocked By Zone Alarm
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Port 1025 Not Being Blocked By Zone Alarm
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Tango, Just A Thought...
by Grif Thomas Forum moderator / February 23, 2005 1:13 PM PST

Although I'm currently on a machine with ZA "Free", check this setting...Open ZA, click on the "Firewall" tab on the left side, then choose the "Main" tab at the top. Make sure BOTH the "Internet Zone Security" and "Trusted Zone Security" settings are set to "HIGH". Then click on the "Advanced" button and UNCHECK all boxes.

Hope this helps.


Collapse -
Still Open
by tango_fox1 / February 23, 2005 7:19 PM PST

Thanks for the option but I tried that and the port is still open.

I even scanned with Norton Antivirus 2004. - Nothing

Adaware Pro - Nothing

Spybot - Nothing.

I need this hole sealed.

Collapse -
Have you (or someone else on your box)...
by Edward ODaniel / February 24, 2005 2:01 AM PST

played any ONLINE card games?

If so that someone likely allows the use of the port.

Look through your advanced settings to see what is allowed.

Collapse -
Read this!
by Edward ODaniel / February 24, 2005 2:03 AM PST
Collapse -
by TONI H / February 24, 2005 6:05 AM PST
In reply to: Read this!

I may be mistaken because I didn't fully understand what I've read, but I am under the impression that ports 80 and 25 are normal internet ports (80 for surfing and 25 for email) used by most ISPs....however, some ISPs are now changing them to be 1080 and 1025 or 1880 and 1225, etc.

Could this be a normal open port for him?


Collapse -
by tango_fox1 / February 24, 2005 10:23 AM PST
In reply to: Curious

In response to your query when I usually get scanned by GRC the port is reported as 'stealthed' and I still get normal internet traffic so that is not the problem.

Collapse -
Yes Toni, it could well be as...
by Edward ODaniel / February 25, 2005 1:14 AM PST
In reply to: Curious

I attempted to indicate to him when mentioning casino games which are noted for using exactly that port because it is assigned by IANA for Network Blackjack.

Attempting to teach him to fish apparently didn't work (he didn't use the clue to look for what was using the port or what was new or running that wasn't last time he checked). Port 1025 is officially assigned to network blackjack and nothing else. In fact it will be used by the first program or service that tries to establish an outgoing or internal connection after a system boot. Concerning a non-compromised, stand-alone XP System this will usually be the svchost process respectively the system process itself, more or less chosen by chance (also often used by the task scheduler rpc component).

Ports can be used by anything besides what they are normally associated with and if someone is really curious or worried they can use readily available networking tools (netstat -an comes to mind) to monitor usage although netstat doesn't identify the actual process. Fports (one of Foundstone's free tools) does ID the process. Besides Network Blackjack (what IANA assigned it to) 1025 is often used by trojans and keyloggers (here are some common ones - Fraggle Rock, md5 Backdoor, NetSpy, Remote Storm), port 1025 is, by default. It is also often the assigned port for the Active Directory logon and directory replication interface--if this was the case here though he would surely know it as he would have had to have mapped it himself.

Collapse -
Yes Toni,
by tango_fox1 / February 25, 2005 7:55 AM PST

Thanks for the information. However to clarify.

1. I checked with my isp and they aren't using that particular port at the moment for internet traffic.

2. I don't have any online casino games on my computer.
never have.

3. I did a NETSTAT -an and it just tells me the port is listening and it is an active connection.*as if I don't already know that.*

4. I'm always notified if the task scheduler wants to access the internet because that.

Collapse -
Have you (or someone else on your box)
by tango_fox1 / February 24, 2005 3:37 AM PST

Never play online card games.

Collapse -
Tango, It's Probably Windows Updates...
by Grif Thomas Forum moderator / February 24, 2005 12:21 PM PST

Generally the 1025 port is used for "Remote Procedure Calls" and I believe that enabling the "Automatic Updates" for Windows Updates will keep the 1025 port open. Try turning OFF your "Automatic Updates" in the Control Panel/Automatic Updates icon and see if it stealths the port. I prefer to use the Windows Updates site manually so I don't have the problem.

Hope this helps.


Collapse -
Tango, It's Probably Windows Updates
by tango_fox1 / February 24, 2005 7:45 PM PST

Well I did as you suggested but my port is still open, even though the expert rules block incoming TCP Packets to this address.

Thanks any way.

Collapse -
Wondering if
by TONI H / February 24, 2005 11:05 PM PST

this is a port that your particular ISP needs to have left open for its automatic antivirus/popup blocker/spam blocker updates as many ISPs are now offering these as 'extras' on their site for free to customers now. (Such as AOL, Netscape, Adelphia, etc)


Collapse -
Problem Solved
by tango_fox1 / February 25, 2005 2:42 PM PST

Thanks to both of you for your help. The problem turned out to be the Task scheduler utility from Microsoft. I put it as a porgram which I will be notified about so that won't happen again.

Again thanks for your help.

Collapse -
Good going (and fishing ;-) ...
by Edward ODaniel / February 25, 2005 10:43 PM PST
In reply to: Problem Solved

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!