Solved

why is my port 500 listening to a remote ip I don't know

Posted on 2007-11-28
6
695 Views
Last Modified: 2010-04-21
I'm using portExplorer and today I see that process Isass.exe is linstening on port 500 to ip 82.32.73.203:500 using UDP protocol.  I check the ip. It belongs to a company I have notthing to do with.  Can the expert please teach me on this one? OS: Windows 2000 Advance Server.
0
Comment
Question by:causewaybay
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 29

Expert Comment

by:Jan Springer
ID: 20376431
udp port 500 used for isakmp -> vpn connection

Are your AV software engine and dat  files up to date?
0
 

Author Comment

by:causewaybay
ID: 20381334
yes I use nod32 that updates itself automatically everyday.  I also use Zone Alarm.  Should I block port 500?  On this computer I host a web server and an FTP server.  Sometimes I use this computer to download BT.  But I don't see why I need vpn or isakmp.  The web site I host is not an interactive one.  Please advise.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 20381991
My gut is that you should firewall off all ports (could even be everything) that you do not want someone from the outside to establish a connection.

At a minimum, block TCP and UDP port 500 and scan your machine.  That IP with a connection to your machine is in the UK from what appears to be a cable customer.

Consider that you might be compromised and watch for connections leaving that machine once you block that port.  I've seen bad apps initiate a new connection from a newly firewalled machine and since that data has been established from the inside, the firewall lets it out.

What I also like to do is not only block what comes in but what ports on a machine can talk out.
0
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

 

Author Comment

by:causewaybay
ID: 20390227
Your suggestion is practical but this machine is hosting a web server and an ftp server.  The ftp server using port 21 is manually opened only when I demand it; but the web server is permanent and it is not only involving port 80, cause I'll be using interactive database as well.  Since none of the above is a serious business - they are more for experiment,  I don't mind loosening up the safety setting a little so I may study the traffic and learn more about security. The machine has worked safely over a few months until recently I start using it to download bitTorrent files.  I decide to reinstall the OS to make it clean (as I ghosted the C drive, reinstalling shouldn't be a time consuming task).  I shall post another thread asking for ports to close and open in my setting.  Do you think I shall report abuse with the ip address I got?
0
 
LVL 29

Accepted Solution

by:
Jan Springer earned 250 total points
ID: 20391214
I wouldn't bother.  Unless there's significant dollar loss, law enforcement won't be of any help.  And, my experience with reporting abuse to other networks, particularly foreign is just a waste of time -- and may even buy you more abuse.

There must be some way that you can define -- even loosely -- what ports you need open for outside and inside access to properly create a set of firewall rules.
0
 

Author Closing Comment

by:causewaybay
ID: 31411572
Dear Jesper, I disabled IPSec and that close port 500.  But you know what, the machine turn into an unbearable low speed; so all the same I have to reinstall it.  This time, I'll turn off IPSec right from the start.  Thank You!
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question