?
Solved

socket23 on port 5000 (Im perplexed :-S)

Posted on 2003-02-19
6
Medium Priority
?
3,182 Views
Last Modified: 2007-12-19
Hi all,

Ok after a recent scan of my machine I have a port open that I cannot identify.

Superscan registers it as the socket23 trojan it is always on port 5000

now I have run fport and I dont see any associated appliction.

I have found the asociated PID and killed it but a new PID is just assigned to it.

I am running windows XP, any ideas people

Cheers
0
Comment
Question by:mrorange
  • 4
  • 2
6 Comments
 
LVL 1

Author Comment

by:mrorange
ID: 7982666
I am now thinking that this has something to do with the Network plug & play....
0
 
LVL 2

Accepted Solution

by:
Jason_Deckard earned 200 total points
ID: 7982669
Mr. Orange,

Quick question.  Was the application identified as a trojan because it listens on port 5000, or did a memory scan actually discover the socket23 trojan?  Is it possible this is another (legitimate) application using port 5000?

Thanks for any additional info.

-Jason
0
 
LVL 1

Author Comment

by:mrorange
ID: 7982683
ok no problem I found out what it was, that was really annoying me...

0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 1

Author Comment

by:mrorange
ID: 7982687
it was the network discovery, i have been able to disable it by running msconfig and disabling ssdp.

obviously my network plug and play wont functoin but i do this all manually...
0
 
LVL 1

Author Comment

by:mrorange
ID: 7982698
Yo uget the points for repliung so quickly...

Thanks any way... :-)

I like to be in control of all my ports :-P
0
 
LVL 2

Expert Comment

by:Jason_Deckard
ID: 7982729
Glad it worked out, and thank you for the points :)
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get the source code for a fully functional Access application shell with several popular security features that Access VBA application developers desire, but find difficult or impossible to figure out how to code. You get the source code for managi…

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question