Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

why is my port 500 listening to a remote ip I don't know

Posted on 2007-11-28
6
Medium Priority
?
697 Views
Last Modified: 2010-04-21
I'm using portExplorer and today I see that process Isass.exe is linstening on port 500 to ip 82.32.73.203:500 using UDP protocol.  I check the ip. It belongs to a company I have notthing to do with.  Can the expert please teach me on this one? OS: Windows 2000 Advance Server.
0
Comment
Question by:causewaybay
  • 3
  • 3
6 Comments
 
LVL 29

Expert Comment

by:Jan Springer
ID: 20376431
udp port 500 used for isakmp -> vpn connection

Are your AV software engine and dat  files up to date?
0
 

Author Comment

by:causewaybay
ID: 20381334
yes I use nod32 that updates itself automatically everyday.  I also use Zone Alarm.  Should I block port 500?  On this computer I host a web server and an FTP server.  Sometimes I use this computer to download BT.  But I don't see why I need vpn or isakmp.  The web site I host is not an interactive one.  Please advise.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 20381991
My gut is that you should firewall off all ports (could even be everything) that you do not want someone from the outside to establish a connection.

At a minimum, block TCP and UDP port 500 and scan your machine.  That IP with a connection to your machine is in the UK from what appears to be a cable customer.

Consider that you might be compromised and watch for connections leaving that machine once you block that port.  I've seen bad apps initiate a new connection from a newly firewalled machine and since that data has been established from the inside, the firewall lets it out.

What I also like to do is not only block what comes in but what ports on a machine can talk out.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 

Author Comment

by:causewaybay
ID: 20390227
Your suggestion is practical but this machine is hosting a web server and an ftp server.  The ftp server using port 21 is manually opened only when I demand it; but the web server is permanent and it is not only involving port 80, cause I'll be using interactive database as well.  Since none of the above is a serious business - they are more for experiment,  I don't mind loosening up the safety setting a little so I may study the traffic and learn more about security. The machine has worked safely over a few months until recently I start using it to download bitTorrent files.  I decide to reinstall the OS to make it clean (as I ghosted the C drive, reinstalling shouldn't be a time consuming task).  I shall post another thread asking for ports to close and open in my setting.  Do you think I shall report abuse with the ip address I got?
0
 
LVL 29

Accepted Solution

by:
Jan Springer earned 750 total points
ID: 20391214
I wouldn't bother.  Unless there's significant dollar loss, law enforcement won't be of any help.  And, my experience with reporting abuse to other networks, particularly foreign is just a waste of time -- and may even buy you more abuse.

There must be some way that you can define -- even loosely -- what ports you need open for outside and inside access to properly create a set of firewall rules.
0
 

Author Closing Comment

by:causewaybay
ID: 31411572
Dear Jesper, I disabled IPSec and that close port 500.  But you know what, the machine turn into an unbearable low speed; so all the same I have to reinstall it.  This time, I'll turn off IPSec right from the start.  Thank You!
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Screencast - Getting to Know the Pipeline

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question