Page 1 of 2 12 LastLast
Results 1 to 20 of 27

Thread: port 5000

  1. #1
    mikemean's Avatar
    Join Date
    Nov 2000
    Location
    406
    Posts
    8,705

    port 5000

    I did an online security check at 2 different sites and they both said that port 5000 is a trojan port. So I scanned for viri and trojans and none were found. How do I close port 5000?

  2. #2
    R.I.P. 2013-11-22 blebs's Avatar
    Join Date
    Dec 2000
    Location
    North Canton, Ohio
    Posts
    12,819
    port 5000 Back Door Setup, BioNet Lite, Blazer5, Bubbel, ICKiller, Ra1d, Sockets des Troie

    Are you not running a firewall?
    If not, get a copy of ZA and do not allow server rights for anything. Make it ask you if it's allowed to access the internet.

  3. #3
    mikemean's Avatar
    Join Date
    Nov 2000
    Location
    406
    Posts
    8,705
    Originally posted by blebs99
    port 5000 Back Door Setup, BioNet Lite, Blazer5, Bubbel, ICKiller, Ra1d, Sockets des Troie

    Are you not running a firewall?
    If not, get a copy of ZA and do not allow server rights for anything. Make it ask you if it's allowed to access the internet.
    I am running a fire wall! That's what I don't get. I found out the trojan info you stated, and ran the trojan scan but it didn't find anything. I don't get it. Virus scan didn't find anything either.

  4. #4
    Senior Member Juggernaut's Avatar
    Join Date
    Aug 2000
    Location
    Parts Unknown
    Posts
    1,645
    If you reboot and not open up anything, is it still open? Or does it open when you start running some programs...check what programs are starting in your Startup and see if anything seems out of the ordinary.

    Make sure you're Anti-Trojan and Virus Protection software are both up to date (just had to get that out there for anyone else that may be reading this...I know u probably have done that).

    Also, keep in mind that firewall's do not actually close down ports, they just block people from accessing them...the ports are still actually open, just people can't access them because of the firewall.

  5. #5
    mikemean's Avatar
    Join Date
    Nov 2000
    Location
    406
    Posts
    8,705
    Everything is updated. I have restarted several times and the port is still open. I just did another virus scan from SARC it found nothing, but there security scan found the same thing again.


    Results of Security Risk Scan


    Network Vulnerability Scan
    Safe Show Details
    Hide Details
    Scan Description:
    Attempts to create a connection with, or test for access to your computer to see if unknown or unauthorized Internet communication is allowed.

    Scan Results:
    The scan did not create a connection with your computer. Your computer contains a firewall or other security measure that prevented the connection. This means your computer is safe from Internet attacks aimed at gaining access to your computer.



    Internet connections to your computer are made through ports. To learn more about the status of ports on your computer, see: Network Vulnerability port status


    NetBIOS Availability Scan
    Safe Show Details
    Hide Details
    Scan Description:
    Attempts to create a connection with, or test for access to your computer's information.

    Scan Results:
    The scan could not access your computer's information. However, this does not mean you are completely safe. A properly configured personal firewall will prevent your computer's information from being visible to hackers.

    Internet connections to your computer can be made through NetBIOS ports. To learn more about preventing connections to your NetBIOS ports, see: NetBIOS Information and Configuration Instructions.

    Active Trojan Horse Scan
    At Risk! Show Details
    Hide Details

    Scan Description:
    Attempts to create a connection with, or test for access to your computer through methods commonly used by Trojan horses.

    Scan Results:
    WARNING!! The scan was able to make a connection with your computer. This means that there is a good chance that you have a Trojan horse application on your computer that is exposing you to hacker attacks.

    To Fix This Problem:

    Install a personal firewall on your computer
    Scan your computer with an anti-virus program
    Trojan horse applications allow access to your computer through ports. To learn more about the status of ports on your computer, see: Active Trojan Horse port status


    Anti-Virus Product Scan
    Safe Show Details
    Hide Details
    Scan Description:
    Searches your computer for a recent version of a commonly used anti-virus program. The results show if an anti-virus program was detected and whether or not it is a recent version.

    Scan Results:
    You are at low risk from computer viruses. Your PC has a recent version of a commonly used anti-virus program. Current anti-virus software helps to provide comprehensive protection from computer viruses.

    Anti-Virus Definition Scan
    Safe Show Details
    Hide Details
    Scan Description:
    Checks the date of virus definitions for software detected in the Anti-Virus Product Scan. Definitions older than two weeks are considered out of date. Current virus definitions are an essential component of any virus protection system. Anti-virus software uses virus definitions to detect and repair viruses.

    Scan Results:
    Your computer contains recent virus definitions. Current virus definitions help to provide comprehensive protection from computer viruses.

    Browser Privacy Scan
    At Risk! Show Details
    Hide Details

    Scan Description:
    Checks whether your Web browser releases information about the site you last visited to other Web sites.

    Scan Results:
    You are at risk of exposing your Web browsing history to other Web sites that you visit.

    To Fix This Problem:

    Install a personal firewall program that blocks the transmission of personal information
    If you have a personal firewall installed, it may not support or be properly configured to protect this information

  6. #6
    Elite Member TonyT's Avatar
    Join Date
    Jan 2000
    Location
    Fairfax, VA
    Posts
    10,338
    Ports 1-1024 are for reserved services, and almost never appear as the source. (originating port used in an attack or probe)

    Ports closely after 1024 (i.e. 1024-5000) are the ones most commonly seen. These are the "dynamic" range that are assigned to applications that don't care what port they use for their connection. You probably have a service or application that runs at startup that is bound to that port.

    Do a netstat -a and check if anything is listening on that port on your machine.
    No one has any right to force data on you
    and command you to believe it or else.
    If it is not true for you, it isn't true.

    LRH

  7. #7
    mikemean's Avatar
    Join Date
    Nov 2000
    Location
    406
    Posts
    8,705
    This is the netstat -a -n that I did and the red circle is the port 5000

  8. #8
    R.I.P. 2013-11-22 blebs's Avatar
    Join Date
    Dec 2000
    Location
    North Canton, Ohio
    Posts
    12,819
    Try and shut down all start up programs, reboot, and before you open anything run netstat -an again and see if it still shows up. I don't think you have a trojan, but it would sure arouse my suspicions too! See what happens.
    What you have above is local on your computer, so I'd have to think that it is something running at start up. I'm going to look around a bit and see what else I can find.

    The one thing that I see that does bother me is 137,138, and 139. Are you using file or print sharing or netbios? If not, do you want to close those?

    137 ??? Possible Netbios name (DoS attacks).
    139 ??? Possibly attempting to exploit Windows File and Print Sharing.

    Here is the most logical answer that I found-
    Yahoo Messenger Chat
    IN TCP 5000 - 5001

  9. #9
    mikemean's Avatar
    Join Date
    Nov 2000
    Location
    406
    Posts
    8,705
    Ok, I went and disabled netbios and it is still there. I also do not have file and print sharing on. I also do not have yahoo chat installed.

  10. #10
    R.I.P. 2013-11-22 blebs's Avatar
    Join Date
    Dec 2000
    Location
    North Canton, Ohio
    Posts
    12,819
    I don't know Mike. Perhaps Ken can shed some of his knowledge on the matter. TonyT is another that is excellent with this kind of thing. Stef maybe able to figure it also.

    I know I'm scratching my head, like you are about now!
    Sorry to let you down, but I don't have any other ideas.

  11. #11
    R.I.P. 2016-11-23 Croc's Avatar
    Join Date
    Jan 2001
    Location
    Up top East side Downunder
    Posts
    7,819
    Anything like NetMonitor running?
    Any Plug n Play devices the require access? Some use this port.

    Croc.
    Croc.
    It will be long, it will be hard and there will be no withdrawal.
    Winston Churchill
    Remember: Wherever you go in life, you take yourself with you.

  12. #12
    guy_de_lusignan
    Guest
    Try running a program like StartUp Master (http://inin-wap.avalon.hr/zdravko/startup.htm). This will show you everything that's running when you boot your system, not just what's in the StartUp folder.

  13. #13
    Security Specialist greEd's Avatar
    Join Date
    May 2001
    Location
    Maryland
    Posts
    807
    I don't know of a way to trace ports to programs directly in windows but you can with *nix operating systems, that would give us a start so we know exactly what is porting 5000. I will keep looking and hopefully someone else will come across somthing also.

    Ok ... found something (Active Ports) I have never used it but maybe someone else can give you some feedback.

    http://www.ntutility.com/freeware.html
    "I'm doing a (free) operating system (just a hobby, won't be big and professional...) for AT clones... It's not portable and it probably [won't ever] support anything other than AT hard disks, as thats all I have :-(." --Posted on Usenet August 1991 by Linus Trovalds
    http://www.computerglitch.net
    curiosity builds security | dd if=/dev/zero of=/dev/hda bs=512 count=100
    EOF

  14. #14
    Senior Member bug's Avatar
    Join Date
    Nov 1999
    Location
    Lulu Island, BC
    Posts
    1,599
    maybe you need a router?

  15. #15
    mikemean's Avatar
    Join Date
    Nov 2000
    Location
    406
    Posts
    8,705
    Originally posted by greEd
    I don't know of a way to trace ports to programs directly in windows but you can with *nix operating systems, that would give us a start so we know exactly what is porting 5000. I will keep looking and hopefully someone else will come across somthing also.

    Ok ... found something (Active Ports) I have never used it but maybe someone else can give you some feedback.

    http://www.ntutility.com/freeware.html
    THANKS!!!! That program showed me what was using port 5000. I am on XP and svchost.exe is using port 5000. What is svchost?

  16. #16
    Senior Member bug's Avatar
    Join Date
    Nov 1999
    Location
    Lulu Island, BC
    Posts
    1,599

  17. #17
    R.I.P. 2013-11-22 blebs's Avatar
    Join Date
    Dec 2000
    Location
    North Canton, Ohio
    Posts
    12,819
    Originally posted by mikemean


    THANKS!!!! That program showed me what was using port 5000. I am on XP and svchost.exe is using port 5000. What is svchost?
    http://support.microsoft.com/default...;EN-US;q250320

    There ya go. I learned something out of this one too!

  18. #18
    mikemean's Avatar
    Join Date
    Nov 2000
    Location
    406
    Posts
    8,705
    Thanks guys. So basically I really don't have anything to worry about then?

  19. #19
    R.I.P. 2013-11-22 blebs's Avatar
    Join Date
    Dec 2000
    Location
    North Canton, Ohio
    Posts
    12,819
    Seems to be the answer is no.
    You do have all the patches installed on that thing don't you?
    If not, I would visit MS windows update and get up to date.
    You should be fine.

  20. #20
    New Member
    Join Date
    Feb 2001
    Location
    Ontario
    Posts
    6
    In XP, ports 5000 and 1900 are associated with UP&P. This is the subject of the recent news releases about MS security problems and even the FBI got involved. Since you will probably never need or use UP&P, even the FBI suggests you shut it down and close the ports. Here is an easy way to do it. Run>services.msc and check the list for SSDP discovery and UP&P. Right click on each and go to properties and then choose disable in the drop down menu. This will close both ports. You can always enable them later if you ever need them.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •