Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

why is my port 500 listening to a remote ip I don't know

Posted on 2007-11-28
Last Modified: 2010-04-21
I'm using portExplorer and today I see that process Isass.exe is linstening on port 500 to ip using UDP protocol.  I check the ip. It belongs to a company I have notthing to do with.  Can the expert please teach me on this one? OS: Windows 2000 Advance Server.
Question by:causewaybay
  • 3
  • 3
LVL 28

Expert Comment

by:Jan Springer
ID: 20376431
udp port 500 used for isakmp -> vpn connection

Are your AV software engine and dat  files up to date?

Author Comment

ID: 20381334
yes I use nod32 that updates itself automatically everyday.  I also use Zone Alarm.  Should I block port 500?  On this computer I host a web server and an FTP server.  Sometimes I use this computer to download BT.  But I don't see why I need vpn or isakmp.  The web site I host is not an interactive one.  Please advise.
LVL 28

Expert Comment

by:Jan Springer
ID: 20381991
My gut is that you should firewall off all ports (could even be everything) that you do not want someone from the outside to establish a connection.

At a minimum, block TCP and UDP port 500 and scan your machine.  That IP with a connection to your machine is in the UK from what appears to be a cable customer.

Consider that you might be compromised and watch for connections leaving that machine once you block that port.  I've seen bad apps initiate a new connection from a newly firewalled machine and since that data has been established from the inside, the firewall lets it out.

What I also like to do is not only block what comes in but what ports on a machine can talk out.
Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center


Author Comment

ID: 20390227
Your suggestion is practical but this machine is hosting a web server and an ftp server.  The ftp server using port 21 is manually opened only when I demand it; but the web server is permanent and it is not only involving port 80, cause I'll be using interactive database as well.  Since none of the above is a serious business - they are more for experiment,  I don't mind loosening up the safety setting a little so I may study the traffic and learn more about security. The machine has worked safely over a few months until recently I start using it to download bitTorrent files.  I decide to reinstall the OS to make it clean (as I ghosted the C drive, reinstalling shouldn't be a time consuming task).  I shall post another thread asking for ports to close and open in my setting.  Do you think I shall report abuse with the ip address I got?
LVL 28

Accepted Solution

Jan Springer earned 250 total points
ID: 20391214
I wouldn't bother.  Unless there's significant dollar loss, law enforcement won't be of any help.  And, my experience with reporting abuse to other networks, particularly foreign is just a waste of time -- and may even buy you more abuse.

There must be some way that you can define -- even loosely -- what ports you need open for outside and inside access to properly create a set of firewall rules.

Author Closing Comment

ID: 31411572
Dear Jesper, I disabled IPSec and that close port 500.  But you know what, the machine turn into an unbearable low speed; so all the same I have to reinstall it.  This time, I'll turn off IPSec right from the start.  Thank You!

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question