mysterious open ports, XP Home

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I'm trying to completely understand all of my systems internet activity for
security purposes --- if I know what is normal activity then if I were to
get infected, I would notice the change. I just disabled a ton of services
to pare down the number of processes that have ports open, but I STILL find
I have open ports even right after I reboot, without running any apps that
could attempt inet access.
-Can someone tell me why my XP home system would still have these ports
open?
-What is epmap?
-What is microsoft-ds ?
-What is listening on port zero? udp port 1025?

----------------------------------------
netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP user-d8c0c90a4c:epmap user-d8c:0 LISTENING
TCP user-d8c0c90a4c:microsoft-ds user-d8c:0 LISTENING
UDP user-d8c0c90a4c:microsoft-ds *:*
UDP user-d8c0c90a4c:1025 *:*

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Visit this site. It has all your answers:

http://www.google.com

"bluddihun" <th54@hotmail.com> wrote in message
news:v4xAd.588366$Pl.486445@pd7tw1no...
> I'm trying to completely understand all of my systems internet activity
> for security purposes --- if I know what is normal activity then if I were
> to get infected, I would notice the change. I just disabled a ton of
> services to pare down the number of processes that have ports open, but I
> STILL find I have open ports even right after I reboot, without running
> any apps that could attempt inet access.
> -Can someone tell me why my XP home system would still have these ports
> open?
> -What is epmap?
> -What is microsoft-ds ?
> -What is listening on port zero? udp port 1025?
>
> ----------------------------------------
> netstat -a
>
> Active Connections
>
> Proto Local Address Foreign Address State
> TCP user-d8c0c90a4c:epmap user-d8c:0 LISTENING
> TCP user-d8c0c90a4c:microsoft-ds user-d8c:0 LISTENING
> UDP user-d8c0c90a4c:microsoft-ds *:*
> UDP user-d8c0c90a4c:1025 *:*
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Yes, it does have SOME answers, like "Go to this nesgroup and ask the
experts."
"Dan Walker" <danjwalker@btinternet.com> wrote in message
news:cqumhf$hvd$3@news8.svr.pol.co.uk...
> Visit this site. It has all your answers:
>
> http://www.google.com
>
> "bluddihun" <th54@hotmail.com> wrote in message
> news:v4xAd.588366$Pl.486445@pd7tw1no...
>> I'm trying to completely understand all of my systems internet activity
>> for security purposes --- if I know what is normal activity then if I
>> were to get infected, I would notice the change. I just disabled a ton
>> of services to pare down the number of processes that have ports open,
>> but I STILL find I have open ports even right after I reboot, without
>> running any apps that could attempt inet access.
>> -Can someone tell me why my XP home system would still have these ports
>> open?
>> -What is epmap?
>> -What is microsoft-ds ?
>> -What is listening on port zero? udp port 1025?
>>
>> ----------------------------------------
>> netstat -a
>>
>> Active Connections
>>
>> Proto Local Address Foreign Address State
>> TCP user-d8c0c90a4c:epmap user-d8c:0 LISTENING
>> TCP user-d8c0c90a4c:microsoft-ds user-d8c:0 LISTENING
>> UDP user-d8c0c90a4c:microsoft-ds *:*
>> UDP user-d8c0c90a4c:1025 *:*
>>
>>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Funny, I found all the answers on Google in just a couple of minutes when
inputting the terms or looking for ports. Not one of them told me to come
to a newsgroup.

Tom
"bluddihun" <th54@hotmail.com> wrote in message
news:zcCAd.601948$Pl.55883@pd7tw1no...
| Yes, it does have SOME answers, like "Go to this nesgroup and ask the
| experts."
| "Dan Walker" <danjwalker@btinternet.com> wrote in message
| news:cqumhf$hvd$3@news8.svr.pol.co.uk...
| > Visit this site. It has all your answers:
| >
| > http://www.google.com
| >
| > "bluddihun" <th54@hotmail.com> wrote in message
| > news:v4xAd.588366$Pl.486445@pd7tw1no...
| >> I'm trying to completely understand all of my systems internet activity
| >> for security purposes --- if I know what is normal activity then if I
| >> were to get infected, I would notice the change. I just disabled a ton
| >> of services to pare down the number of processes that have ports open,
| >> but I STILL find I have open ports even right after I reboot, without
| >> running any apps that could attempt inet access.
| >> -Can someone tell me why my XP home system would still have these ports
| >> open?
| >> -What is epmap?
| >> -What is microsoft-ds ?
| >> -What is listening on port zero? udp port 1025?
| >>
| >> ----------------------------------------
| >> netstat -a
| >>
| >> Active Connections
| >>
| >> Proto Local Address Foreign Address State
| >> TCP user-d8c0c90a4c:epmap user-d8c:0 LISTENING
| >> TCP user-d8c0c90a4c:microsoft-ds user-d8c:0 LISTENING
| >> UDP user-d8c0c90a4c:microsoft-ds *:*
| >> UDP user-d8c0c90a4c:1025 *:*
| >>
| >>
| >
| >
|
|

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thank you. I think that guy was not too happy with my comments. I did what
you did. Google has kept my job as a sys admin for some time now!

Thanks
"Tom Pepper Willett" <tompepper@mvps.org> wrote in message
news:eeZt$pd7EHA.1400@TK2MSFTNGP11.phx.gbl...
> Funny, I found all the answers on Google in just a couple of minutes when
> inputting the terms or looking for ports. Not one of them told me to come
> to a newsgroup.
>
> Tom
> "bluddihun" <th54@hotmail.com> wrote in message
> news:zcCAd.601948$Pl.55883@pd7tw1no...
> | Yes, it does have SOME answers, like "Go to this nesgroup and ask the
> | experts."
> | "Dan Walker" <danjwalker@btinternet.com> wrote in message
> | news:cqumhf$hvd$3@news8.svr.pol.co.uk...
> | > Visit this site. It has all your answers:
> | >
> | > http://www.google.com
> | >
> | > "bluddihun" <th54@hotmail.com> wrote in message
> | > news:v4xAd.588366$Pl.486445@pd7tw1no...
> | >> I'm trying to completely understand all of my systems internet
> activity
> | >> for security purposes --- if I know what is normal activity then if I
> | >> were to get infected, I would notice the change. I just disabled a
> ton
> | >> of services to pare down the number of processes that have ports
> open,
> | >> but I STILL find I have open ports even right after I reboot, without
> | >> running any apps that could attempt inet access.
> | >> -Can someone tell me why my XP home system would still have these
> ports
> | >> open?
> | >> -What is epmap?
> | >> -What is microsoft-ds ?
> | >> -What is listening on port zero? udp port 1025?
> | >>
> | >> ----------------------------------------
> | >> netstat -a
> | >>
> | >> Active Connections
> | >>
> | >> Proto Local Address Foreign Address State
> | >> TCP user-d8c0c90a4c:epmap user-d8c:0 LISTENING
> | >> TCP user-d8c0c90a4c:microsoft-ds user-d8c:0 LISTENING
> | >> UDP user-d8c0c90a4c:microsoft-ds *:*
> | >> UDP user-d8c0c90a4c:1025 *:*
> | >>
> | >>
> | >
> | >
> |
> |
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I would like to know the answer to this question but would prefer to hear
from a Microsoft expert. Are there any out there?

"Dan Walker" wrote:

> Thank you. I think that guy was not too happy with my comments. I did what
> you did. Google has kept my job as a sys admin for some time now!
>
> Thanks
> "Tom Pepper Willett" <tompepper@mvps.org> wrote in message
> news:eeZt$pd7EHA.1400@TK2MSFTNGP11.phx.gbl...
> > Funny, I found all the answers on Google in just a couple of minutes when
> > inputting the terms or looking for ports. Not one of them told me to come
> > to a newsgroup.
> >
> > Tom
> > "bluddihun" <th54@hotmail.com> wrote in message
> > news:zcCAd.601948$Pl.55883@pd7tw1no...
> > | Yes, it does have SOME answers, like "Go to this nesgroup and ask the
> > | experts."
> > | "Dan Walker" <danjwalker@btinternet.com> wrote in message
> > | news:cqumhf$hvd$3@news8.svr.pol.co.uk...
> > | > Visit this site. It has all your answers:
> > | >
> > | > http://www.google.com
> > | >
> > | > "bluddihun" <th54@hotmail.com> wrote in message
> > | > news:v4xAd.588366$Pl.486445@pd7tw1no...
> > | >> I'm trying to completely understand all of my systems internet
> > activity
> > | >> for security purposes --- if I know what is normal activity then if I
> > | >> were to get infected, I would notice the change. I just disabled a
> > ton
> > | >> of services to pare down the number of processes that have ports
> > open,
> > | >> but I STILL find I have open ports even right after I reboot, without
> > | >> running any apps that could attempt inet access.
> > | >> -Can someone tell me why my XP home system would still have these
> > ports
> > | >> open?
> > | >> -What is epmap?
> > | >> -What is microsoft-ds ?
> > | >> -What is listening on port zero? udp port 1025?
> > | >>
> > | >> ----------------------------------------
> > | >> netstat -a
> > | >>
> > | >> Active Connections
> > | >>
> > | >> Proto Local Address Foreign Address State
> > | >> TCP user-d8c0c90a4c:epmap user-d8c:0 LISTENING
> > | >> TCP user-d8c0c90a4c:microsoft-ds user-d8c:0 LISTENING
> > | >> UDP user-d8c0c90a4c:microsoft-ds *:*
> > | >> UDP user-d8c0c90a4c:1025 *:*
> > | >>
> > | >>
> > | >
> > | >
> > |
> > |
> >
> >
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

The first and third ports you mention are owned by RPC. EPMap is the RPC
end-point mapper (the service that RPC clients connect to so they can learn
which port number an RPC service is listening on). 1025 can be any random
RPC service that might have started in your computer, but most liikely it's
an instance of SVCHOST.EXE containing the code that the DNS client uses when
it's communicating directly with Active Directory (*not* when performing
name resolution). The second port is SMB-over-IP, the protocol for file and
print sharing.

Generally you don't disable these services. If you have a firewall on your
network you normally wouldn't allow communications to these services from
the Internet.

Steve Riley
steriley@microsoft.com



> I would like to know the answer to this question but would prefer to
> hear from a Microsoft expert. Are there any out there?
>
> "Dan Walker" wrote:
>
>> Thank you. I think that guy was not too happy with my comments. I did
>> what you did. Google has kept my job as a sys admin for some time
>> now!
>>
>> Thanks
>> "Tom Pepper Willett" <tompepper@mvps.org> wrote in message
>> news:eeZt$pd7EHA.1400@TK2MSFTNGP11.phx.gbl...
>>> Funny, I found all the answers on Google in just a couple of minutes
>>> when inputting the terms or looking for ports. Not one of them told
>>> me to come to a newsgroup.
>>>
>>> Tom
>>> "bluddihun" <th54@hotmail.com> wrote in message
>>> news:zcCAd.601948$Pl.55883@pd7tw1no...
>>> | Yes, it does have SOME answers, like "Go to this nesgroup and ask
>>> the
>>> | experts."
>>> | "Dan Walker" <danjwalker@btinternet.com> wrote in message
>>> | news:cqumhf$hvd$3@news8.svr.pol.co.uk...
>>> | > Visit this site. It has all your answers:
>>> | >
>>> | > http://www.google.com
>>> | >
>>> | > "bluddihun" <th54@hotmail.com> wrote in message
>>> | > news:v4xAd.588366$Pl.486445@pd7tw1no...
>>> | >> I'm trying to completely understand all of my systems internet
>>> activity
>>> | >> for security purposes --- if I know what is normal activity
>>> then if I
>>> | >> were to get infected, I would notice the change. I just
>>> disabled a
>>> ton
>>> | >> of services to pare down the number of processes that have
>>> ports
>>> open,
>>> | >> but I STILL find I have open ports even right after I reboot,
>>> without
>>> | >> running any apps that could attempt inet access.
>>> | >> -Can someone tell me why my XP home system would still have
>>> these
>>> ports
>>> | >> open?
>>> | >> -What is epmap?
>>> | >> -What is microsoft-ds ?
>>> | >> -What is listening on port zero? udp port 1025?
>>> | >>
>>> | >> ----------------------------------------
>>> | >> netstat -a
>>> | >>
>>> | >> Active Connections
>>> | >>
>>> | >> Proto Local Address Foreign Address State
>>> | >> TCP user-d8c0c90a4c:epmap user-d8c:0 LISTENING
>>> | >> TCP user-d8c0c90a4c:microsoft-ds user-d8c:0 LISTENING
>>> | >> UDP user-d8c0c90a4c:microsoft-ds *:*
>>> | >> UDP user-d8c0c90a4c:1025 *:*
>>> | >>
>>> | >>
>>> | >
>>> | >
>>> |
>>> |