Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2372
  • Last Modified:

how can I close port 1025 on win xp?

hi IM using win xp pro & maniged to class open ports but one(port 1025), I tried shuting all services but nothing is releated to this port but telephony & I need that service for dailup. Is there away around this?

thank you
2 Solutions
Port 1025 in my list appears to be used by a trojan. Try using symantec's online checking facilities at


26.02.03 Tech Xero
Port 1025 is often used for outgoing connections by services like DNS or SSH. On many operating systems 1025 is the first local port in the block used for outgoing connections.

Many applications don't care what port they use for a network connection, so they ask the operating system to assign the "next freely available port".

As more applications request more and more dynamic ports, the operating system will assign increasingly higher port numbers


Have you download FPORT from sysinternals?

That program will map an open port back to the program or service that opened it. (proably "syshost")

My research says that the taskmanger service may be the requesting program. You could also play with disabling RPC services to shutdown whatever app is asking for that port. However, this isn't recommened for anyone who is not use to RPC services and how they work.

Good Luck :)
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

havoxAuthor Commented:
System:4     TCP     ******:1025     ******:0 LISTENING

system thats all I got & I know its releated to telephony service somehow.

can any one figure this out?!

thank you
It's the 1st "unregistered port" http://www.iana.org/assignments/port-numbers
blackjack isn't much of a registration :)- that's the 1st port that RPC service will use most times- If you look on the iana's site, you'll see blackjack as 1025, that is a pretty old program, and not typically found on XP- most consider it unregistered, and that is the 1st "random" port that ms will chose to use as a local port. Say you want to connect to a web site, www is port 80 right?
yes- the port that I am going to connect to on YOUR web server is port 80 of your box- my box will use some random port as the destination for the return traffic. The standard for HTTP is 80- your server port 80, will return my request's to my pc, on the port it left from, some random one, not necessarily 80 of my box.

Remote File Sharing is also assoicated with that port.
Probly has more to do with svchost.exe than anything.
Try fport from foundstone: http://www.foundstone.com/knowledge/proddesc/fport.html

FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.

Pid Process Port Proto Path
392 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
8 System -> 139 TCP
8 System -> 445 TCP
508 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe
392 svchost -> 135 UDP C:\WINNT\system32\svchost.exe
8 System -> 137 UDP
8 System -> 138 UDP
8 System -> 445 UDP
224 lsass -> 500 UDP C:\WINNT\system32\lsass.exe
212 services -> 1026 UDP C:\WINNT\system32\services.exe
If Fport is only displaying system or syshost as the offending program and you have already disabled all unneeded services.

Your next step (if you want to dig deeper) is to run filemon.


Run filemon and match up the pid that fport gave you (4 system) with a pid that filemon displayes. This might give you further clues to go on.
If you are concerned about the fact that the port is open, enable the firewall and disable access to that port from all computers.
Anyway.. If you still want to disable some TCP/UDP ports you can do with followin instructions:

Go to the "Newtwork Connections" -Folder, and right click connection, what you want to modify --> Properties.

Select Internet Protocol (TCP/IP), and click Properties --> Advanced --> Options --> Select "TCP/IP Filtering" --> Properties. Modify your TCP/UDP ports may you want them to be..
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.
In my experience with Windows XP Professional, port 1025 was opened by the "DHCP Client" service.  The Microsoft description of this service is "Manages network configuration by registering and updating IP addresses and DNS names."

Since other operating systems operate as DHCP clients without exposing port 1025, I suspect that Microsoft is doing something non-standard to "extend" the protocol so that it has additional features in a Microsoft environment.

Unfortunately, I haven't been able to find any way to close that port and still retain the DHCP functionality that you'll probably need for dial-up.

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now