Page 1 of 1
Weird Crap Listenin In On My Ports
Posted: Sun Aug 05, 2001 2:57 am
by Prey521
I'm gonna kick my bro's ass!!!!
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP client:epmap 000freexxx.com:0 LISTENING
TCP client:microsoft-ds 000freexxx.com:0 LISTENING
TCP client:1026 000freexxx.com:0 LISTENING
TCP client:netbios-ssn 000freexxx.com:0 LISTENING
UDP client:microsoft-ds *:*
UDP client:netbios-ns *:*
UDP client:netbios-dgm *:*
Posted: Sun Aug 05, 2001 2:59 am
by Brent
rip him a new one from me
Posted: Sun Aug 05, 2001 3:00 am
by DVD Rewinder
Microsoft(R) Windows 98
(C)Copyright Microsoft Corp 1981-1998.
C:\WINDOWS\Desktop>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP main:4899 MAIN:0 LISTENING
TCP main:1201 MAIN:0 LISTENING
TCP main:1211 MAIN:0 LISTENING
TCP main:1903 MAIN:0 LISTENING
TCP main:137 MAIN:0 LISTENING
TCP main:138 MAIN:0 LISTENING
TCP main:nbsession MAIN:0 LISTENING
TCP main:1201 64.12.**.**:5190 ESTABLISHED
TCP main:1211 64.12.**.***:5190 ESTABLISHED
UDP main:1903 *:*
UDP main:nbname *:*
UDP main:nbdatagram *:*
C:\WINDOWS\Desktop>
I *'ed out those ip addresses.. arent positive what they are..
Posted: Sun Aug 05, 2001 3:08 am
by Prey521
How do I stop all that BS from listening in?
Posted: Sun Aug 05, 2001 3:09 am
by DVD Rewinder
Originally posted by Prey521
How do I stop all that BS from listening in?
try restarting?
are you behind a router?
maybe its a virus
Posted: Sun Aug 05, 2001 3:13 am
by CoolJ
How do they listen?
Cookies?
Virii?
Trojan?
Whats listening do?
Posted: Sun Aug 05, 2001 3:18 am
by EvilAngel
Looks like I'm listening to myself ?
Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-1999.
D:\>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP psychosis:epmap psychosis:0 LISTENING
TCP psychosis:microsoft-ds psychosis:0 LISTENING
TCP psychosis:1026 psychosis:0 LISTENING
TCP psychosis:1027 psychosis:0 LISTENING
TCP psychosis:3691 psychosis:0 LISTENING
TCP psychosis:4062 psychosis:0 LISTENING
TCP psychosis
op3 psychosis:0 LISTENING
TCP psychosis:netbios-ssn psychosis:0 LISTENING
TCP psychosis:netbios-ssn psychosis:0 LISTENING
TCP psychosis:3691 pop04.earthlink.net
op3 CLOSE_WAIT
TCP psychosis:4062 [url]http://www.pcstats.com:http[/url] ESTABLISHED
UDP psychosis:bootpc *:*
UDP psychosis:epmap *:*
UDP psychosis:microsoft-ds *:*
UDP psychosis:1025 *:*
UDP psychosis:1028 *:*
UDP psychosis:3850 *:*
UDP psychosis:netbios-ns *:*
UDP psychosis:netbios-dgm *:*
UDP psychosis:isakmp *:*
UDP psychosis:netbios-ns *:*
UDP psychosis:netbios-dgm *:*
UDP psychosis:isakmp *:*
What does it all mean?
Posted: Sun Aug 05, 2001 3:25 am
by Prey521
No Router, running ICS. Just did a scan and now trojan was found. Just rebooted and all that BS is still there
Posted: Sun Aug 05, 2001 3:25 am
by drdoug99
WOW, I did that Netstat -a thingy. and like I had 15 LISTENING things, and 5 ESTABLISHED items.
then I did it again, and only 10 were LISTENING, and 2 were ESTABLISHED.
how do I copy the text from a DOS window? besides typing by hand.
Posted: Sun Aug 05, 2001 3:28 am
by DVD Rewinder
Originally posted by drdoug99
WOW, I did that Netstat -a thingy. and like I had 15 LISTENING things, and 5 ESTABLISHED items.
then I did it again, and only 10 were LISTENING, and 2 were ESTABLISHED.
how do I copy the text from a DOS window? besides typing by hand.
click the dotted square, then select what you want, and click the copy button. then come here and ctrl-v
Posted: Sun Aug 05, 2001 3:29 am
by EvilAngel
I cleared my cookies and rebooted, without connecting to the net I ran netstat and this is what was up
Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-1999.
D:\>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP psychosis:epmap psychosis:0 LISTENING
TCP psychosis:microsoft-ds psychosis:0 LISTENING
TCP psychosis:1026 psychosis:0 LISTENING
TCP psychosis:1027 psychosis:0 LISTENING
TCP psychosis
op3 psychosis:0 LISTENING
TCP psychosis:netbios-ssn psychosis:0 LISTENING
UDP psychosis:bootpc *:*
UDP psychosis:epmap *:*
UDP psychosis:microsoft-ds *:*
UDP psychosis:1025 *:*
UDP psychosis:1028 *:*
UDP psychosis:netbios-ns *:*
UDP psychosis:netbios-dgm *:*
UDP psychosis:isakmp *:*
Reconneted and this is what I have running now, PCSTATS is established?? WTF?
Active Connections
Proto Local Address Foreign Address State
TCP psychosis:epmap psychosis:0 LISTENING
TCP psychosis:microsoft-ds psychosis:0 LISTENING
TCP psychosis:1026 psychosis:0 LISTENING
TCP psychosis:1027 psychosis:0 LISTENING
TCP psychosis:1061 psychosis:0 LISTENING
TCP psychosis op3 psychosis:0 LISTENING
TCP psychosis:netbios-ssn psychosis:0 LISTENING
TCP psychosis:netbios-ssn psychosis:0 LISTENING
TCP psychosis:1061 [url]http://www.pcstats.com:http[/url] ESTABLISHED
UDP psychosis:epmap *:*
UDP psychosis:microsoft-ds *:*
UDP psychosis:1025 *:*
UDP psychosis:1028 *:*
UDP psychosis:1029 *:*
UDP psychosis:netbios-ns *:*
UDP psychosis:netbios-dgm *:*
UDP psychosis:isakmp *:*
UDP psychosis:netbios-ns *:*
UDP psychosis:netbios-dgm *:*
UDP psychosis:isakmp *:*
D:\>
Posted: Sun Aug 05, 2001 3:33 am
by Banshee
I have pcstats established here too
Weird
Posted: Sun Aug 05, 2001 3:37 am
by CoolJ
C:\WINDOWS\Desktop>netstat
Active Connections
Proto Local Address Foreign Address State
TCP t5e3z5:1398 proxy.buf.adelphia.net:8080 TIME_WAIT
TCP t5e3z5:1399 proxy.buf.adelphia.net:8080 TIME_WAIT
TCP t5e3z5:1400 proxy.buf.adelphia.net:8080 TIME_WAIT
TCP t5e3z5:1402 proxy.buf.adelphia.net:8080 TIME_WAIT
TCP t5e3z5:1403 proxy.buf.adelphia.net:8080 TIME_WAIT
TCP t5e3z5:1404 proxy.buf.adelphia.net:8080 TIME_WAIT
TCP t5e3z5:1409 proxy.buf.adelphia.net:8080 ESTABLISHED
TCP t5e3z5:1411 proxy.buf.adelphia.net:8080 ESTABLISHED
TCP t5e3z5:1413 proxy.buf.adelphia.net:8080 ESTABLISHED
TCP t5e3z5:1414 proxy.buf.adelphia.net:8080 ESTABLISHED
Posted: Sun Aug 05, 2001 3:38 am
by Banshee
After rebooting:
C:\WINDOWS>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP vaio:641 VAIO:0 LISTENING
TCP vaio:135 VAIO:0 LISTENING
TCP vaio:653 VAIO:0 LISTENING
TCP vaio:1028 supportcentral.sel.sony.com:80 TIME_WAIT
TCP vaio:nbsession VAIO:0 LISTENING
TCP vaio:1025 VAIO:0 LISTENING
UDP vaio:1026 *:*
UDP vaio:nbname *:*
UDP vaio:nbdatagram *:*
C:\WINDOWS>
Posted: Sun Aug 05, 2001 3:39 am
by drdoug99
here's a pic. I don't know if those IP's need to be deleted or what.
why would those websites be established to me?? I just installed windows XP RC2 like an hour ago, Speedguide is like the only website I've been to.
but that pic is like 10 minutes old. now those websites arent connected, I only have like 5 listening things now.
and Zone Alarm Pro didnt' detect anything, so I guess I'm save.
Posted: Sun Aug 05, 2001 3:41 am
by Cornbread
are all you guys runnin' win2k? does this have anything to do with that "code red" crap? just wondering?
Posted: Sun Aug 05, 2001 3:47 am
by EvilAngel
The only way I could get rid of pcstats is to add their IP add to my Advanced settings in BID... now it's gone... whoa..
Posted: Sun Aug 05, 2001 3:49 am
by colour
some http: connections can be due to banner adds.
Posted: Sun Aug 05, 2001 7:48 am
by SannieRose
Originally posted by DVD Rewinder
Microsoft(R) Windows 98
(C)Copyright Microsoft Corp 1981-1998.
C:\WINDOWS\Desktop>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP main:137 MAIN:0 LISTENING
TCP main:138 MAIN:0 LISTENING
TCP main:nbsession MAIN:0 LISTENING
UDP main:nbname *:*
UDP main:nbdatagram *:*
C:\WINDOWS\Desktop>
I *'ed out those ip addresses.. arent positive what they are..
DVDRewinder, ports 137, 138, and 139 are your NetBios ports - most vulnerable to Trojans! But you're in luck! You have Win 98. You can do something about all that crap listening at your ports.
Microsh*t figured this out and prevented NetBios closing in later versions:
Go
here and test your PC's security then
here and close those NetBios ports. Configure your firewall to block (outgoing)
nbdatagram, nbname (UDP and TCP) and then reboot, run netstat -n and you will have
1-2 ports listening.
Sweeeet 
Here's what I have listening and I'm on the net and a ftp server:
Microsoft(R) Windows 98
(C)Copyright Microsoft Corp 1981-1999.
C:\WINDOWS\Desktop>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP topapc:3200 0.0.0.0:0 LISTENING
UDP topapc:3200 *:*
C:\WINDOWS\Desktop>
Posted: Sun Aug 05, 2001 7:53 am
by SannieRose
Originally posted by drdoug99
...why would those websites be established to me?? I just installed windows XP RC2 like an hour ago, Speedguide is like the only website I've been to.
Windows XP is as close to total domination of your PC that Microsh*t can get. Good luck
Posted: Sun Aug 05, 2001 8:50 am
by Dakota
I've got my system locked down pretty tight....Love it!!
C:\WINDOWS\Desktop>netstat -a
Active Connections
Proto Local Address Foreign Address State
UDP xxxxxx:1026 *:*
C:\WINDOWS\Desktop>
Posted: Sun Aug 05, 2001 9:12 am
by Banshee
I added pcstats to restricted zones in ZAP. It blocked the connection to me but now i can't get to the site to vote for sg
Everytime i load a page on SG with that link at the bottom, i get an alert in ZA:
Your computer was prevented from connecting to a restricted site (
http://www.pcstats.com).
Posted: Sun Aug 05, 2001 9:29 am
by Chris
The image for the vote button is being drawn from their site "
http://www.pcstats.com/top100img/top100.gif " so as long as you have a speedguide page open your going to have pcstats open also.
