Solved

why is my port 500 listening to a remote ip I don't know

Posted on 2007-11-28
6
684 Views
Last Modified: 2010-04-21
I'm using portExplorer and today I see that process Isass.exe is linstening on port 500 to ip 82.32.73.203:500 using UDP protocol.  I check the ip. It belongs to a company I have notthing to do with.  Can the expert please teach me on this one? OS: Windows 2000 Advance Server.
0
Comment
Question by:causewaybay
  • 3
  • 3
6 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 20376431
udp port 500 used for isakmp -> vpn connection

Are your AV software engine and dat  files up to date?
0
 

Author Comment

by:causewaybay
ID: 20381334
yes I use nod32 that updates itself automatically everyday.  I also use Zone Alarm.  Should I block port 500?  On this computer I host a web server and an FTP server.  Sometimes I use this computer to download BT.  But I don't see why I need vpn or isakmp.  The web site I host is not an interactive one.  Please advise.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 20381991
My gut is that you should firewall off all ports (could even be everything) that you do not want someone from the outside to establish a connection.

At a minimum, block TCP and UDP port 500 and scan your machine.  That IP with a connection to your machine is in the UK from what appears to be a cable customer.

Consider that you might be compromised and watch for connections leaving that machine once you block that port.  I've seen bad apps initiate a new connection from a newly firewalled machine and since that data has been established from the inside, the firewall lets it out.

What I also like to do is not only block what comes in but what ports on a machine can talk out.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:causewaybay
ID: 20390227
Your suggestion is practical but this machine is hosting a web server and an ftp server.  The ftp server using port 21 is manually opened only when I demand it; but the web server is permanent and it is not only involving port 80, cause I'll be using interactive database as well.  Since none of the above is a serious business - they are more for experiment,  I don't mind loosening up the safety setting a little so I may study the traffic and learn more about security. The machine has worked safely over a few months until recently I start using it to download bitTorrent files.  I decide to reinstall the OS to make it clean (as I ghosted the C drive, reinstalling shouldn't be a time consuming task).  I shall post another thread asking for ports to close and open in my setting.  Do you think I shall report abuse with the ip address I got?
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 250 total points
ID: 20391214
I wouldn't bother.  Unless there's significant dollar loss, law enforcement won't be of any help.  And, my experience with reporting abuse to other networks, particularly foreign is just a waste of time -- and may even buy you more abuse.

There must be some way that you can define -- even loosely -- what ports you need open for outside and inside access to properly create a set of firewall rules.
0
 

Author Closing Comment

by:causewaybay
ID: 31411572
Dear Jesper, I disabled IPSec and that close port 500.  But you know what, the machine turn into an unbearable low speed; so all the same I have to reinstall it.  This time, I'll turn off IPSec right from the start.  Thank You!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now