how can I close port 1025 on win xp?

Posted on 2003-02-26
Medium Priority
Last Modified: 2013-12-04
hi IM using win xp pro & maniged to class open ports but one(port 1025), I tried shuting all services but nothing is releated to this port but telephony & I need that service for dailup. Is there away around this?

thank you
Question by:havox
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 8024897
Port 1025 in my list appears to be used by a trojan. Try using symantec's online checking facilities at


26.02.03 Tech Xero

Accepted Solution

donnyr10 earned 100 total points
ID: 8024975
Port 1025 is often used for outgoing connections by services like DNS or SSH. On many operating systems 1025 is the first local port in the block used for outgoing connections.

Many applications don't care what port they use for a network connection, so they ask the operating system to assign the "next freely available port".

As more applications request more and more dynamic ports, the operating system will assign increasingly higher port numbers



Assisted Solution

Ghost_Hacker earned 100 total points
ID: 8026690
Have you download FPORT from sysinternals?

That program will map an open port back to the program or service that opened it. (proably "syshost")

My research says that the taskmanger service may be the requesting program. You could also play with disabling RPC services to shutdown whatever app is asking for that port. However, this isn't recommened for anyone who is not use to RPC services and how they work.

Good Luck :)
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!


Author Comment

ID: 8030720
System:4     TCP     ******:1025     ******:0 LISTENING

system thats all I got & I know its releated to telephony service somehow.

can any one figure this out?!

thank you

Expert Comment

ID: 8031029
It's the 1st "unregistered port" http://www.iana.org/assignments/port-numbers
blackjack isn't much of a registration :)- that's the 1st port that RPC service will use most times- If you look on the iana's site, you'll see blackjack as 1025, that is a pretty old program, and not typically found on XP- most consider it unregistered, and that is the 1st "random" port that ms will chose to use as a local port. Say you want to connect to a web site, www is port 80 right?
yes- the port that I am going to connect to on YOUR web server is port 80 of your box- my box will use some random port as the destination for the return traffic. The standard for HTTP is 80- your server port 80, will return my request's to my pc, on the port it left from, some random one, not necessarily 80 of my box.

Remote File Sharing is also assoicated with that port.
Probly has more to do with svchost.exe than anything.
Try fport from foundstone: http://www.foundstone.com/knowledge/proddesc/fport.html

FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.

Pid Process Port Proto Path
392 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
8 System -> 139 TCP
8 System -> 445 TCP
508 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe
392 svchost -> 135 UDP C:\WINNT\system32\svchost.exe
8 System -> 137 UDP
8 System -> 138 UDP
8 System -> 445 UDP
224 lsass -> 500 UDP C:\WINNT\system32\lsass.exe
212 services -> 1026 UDP C:\WINNT\system32\services.exe

Expert Comment

ID: 8032923
If Fport is only displaying system or syshost as the offending program and you have already disabled all unneeded services.

Your next step (if you want to dig deeper) is to run filemon.


Run filemon and match up the pid that fport gave you (4 system) with a pid that filemon displayes. This might give you further clues to go on.

Expert Comment

ID: 8035318
If you are concerned about the fact that the port is open, enable the firewall and disable access to that port from all computers.

Expert Comment

ID: 8057075
Anyway.. If you still want to disable some TCP/UDP ports you can do with followin instructions:

Go to the "Newtwork Connections" -Folder, and right click connection, what you want to modify --> Properties.

Select Internet Protocol (TCP/IP), and click Properties --> Advanced --> Options --> Select "TCP/IP Filtering" --> Properties. Modify your TCP/UDP ports may you want them to be..

Expert Comment

ID: 9070834
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.

Expert Comment

ID: 10626909
In my experience with Windows XP Professional, port 1025 was opened by the "DHCP Client" service.  The Microsoft description of this service is "Manages network configuration by registering and updating IP addresses and DNS names."

Since other operating systems operate as DHCP clients without exposing port 1025, I suspect that Microsoft is doing something non-standard to "extend" the protocol so that it has additional features in a Microsoft environment.

Unfortunately, I haven't been able to find any way to close that port and still retain the DHCP functionality that you'll probably need for dial-up.

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month13 days, 13 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question