how can I close port 1025 on win xp?

hi IM using win xp pro & maniged to class open ports but one(port 1025), I tried shuting all services but nothing is releated to this port but telephony & I need that service for dailup. Is there away around this?

thank you
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Port 1025 in my list appears to be used by a trojan. Try using symantec's online checking facilities at

26.02.03 Tech Xero
Port 1025 is often used for outgoing connections by services like DNS or SSH. On many operating systems 1025 is the first local port in the block used for outgoing connections.

Many applications don't care what port they use for a network connection, so they ask the operating system to assign the "next freely available port".

As more applications request more and more dynamic ports, the operating system will assign increasingly higher port numbers



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Have you download FPORT from sysinternals?

That program will map an open port back to the program or service that opened it. (proably "syshost")

My research says that the taskmanger service may be the requesting program. You could also play with disabling RPC services to shutdown whatever app is asking for that port. However, this isn't recommened for anyone who is not use to RPC services and how they work.

Good Luck :)
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

havoxAuthor Commented:
System:4     TCP     ******:1025     ******:0 LISTENING

system thats all I got & I know its releated to telephony service somehow.

can any one figure this out?!

thank you
It's the 1st "unregistered port"
blackjack isn't much of a registration :)- that's the 1st port that RPC service will use most times- If you look on the iana's site, you'll see blackjack as 1025, that is a pretty old program, and not typically found on XP- most consider it unregistered, and that is the 1st "random" port that ms will chose to use as a local port. Say you want to connect to a web site, www is port 80 right?
yes- the port that I am going to connect to on YOUR web server is port 80 of your box- my box will use some random port as the destination for the return traffic. The standard for HTTP is 80- your server port 80, will return my request's to my pc, on the port it left from, some random one, not necessarily 80 of my box.

Remote File Sharing is also assoicated with that port.
Probly has more to do with svchost.exe than anything.
Try fport from foundstone:

FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.

Pid Process Port Proto Path
392 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
8 System -> 139 TCP
8 System -> 445 TCP
508 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe
392 svchost -> 135 UDP C:\WINNT\system32\svchost.exe
8 System -> 137 UDP
8 System -> 138 UDP
8 System -> 445 UDP
224 lsass -> 500 UDP C:\WINNT\system32\lsass.exe
212 services -> 1026 UDP C:\WINNT\system32\services.exe
If Fport is only displaying system or syshost as the offending program and you have already disabled all unneeded services.

Your next step (if you want to dig deeper) is to run filemon.     

Run filemon and match up the pid that fport gave you (4 system) with a pid that filemon displayes. This might give you further clues to go on.
If you are concerned about the fact that the port is open, enable the firewall and disable access to that port from all computers.
Anyway.. If you still want to disable some TCP/UDP ports you can do with followin instructions:

Go to the "Newtwork Connections" -Folder, and right click connection, what you want to modify --> Properties.

Select Internet Protocol (TCP/IP), and click Properties --> Advanced --> Options --> Select "TCP/IP Filtering" --> Properties. Modify your TCP/UDP ports may you want them to be..
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.
In my experience with Windows XP Professional, port 1025 was opened by the "DHCP Client" service.  The Microsoft description of this service is "Manages network configuration by registering and updating IP addresses and DNS names."

Since other operating systems operate as DHCP clients without exposing port 1025, I suspect that Microsoft is doing something non-standard to "extend" the protocol so that it has additional features in a Microsoft environment.

Unfortunately, I haven't been able to find any way to close that port and still retain the DHCP functionality that you'll probably need for dial-up.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.