Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to close an open port 1

Status
Not open for further replies.

smartin35

IS-IT--Management
Nov 13, 2001
29
US
I have some PCs that are listening on port 12345. I was wondering if anyone knows how to stop that port from listening.

Thanks
 
What is listening on that port ( what process, for instance)

Have the PCs been recently scanned with a good spyware and virus detector..that port # looks suspicious..



[profile]

To Paraphrase:"The Help you get is proportional to the Help you give.."
 
Not sure how to tell what process is listening. When running a netstat -a command, it lust lists it as listening.

Antivirus and spyware are squared away. I found the port open by running a vulnerability scan.
 
Everything I've read about this port seems to associate it with a trojan, mostly "NetBus". Have you tried another virus scan besides the one you are currently running to make sure it is not missing something? Try Trend Micro's free online virus scanner.


Joey
A+, Network+, MCP
 
try "netstat -ano" it will also list the process ID that is listening on the ports.
Then using task manager check what process it is (you need to add the column with PID if it does not show by default)

CU
G.
 
Thanks for the netstat help. That was exactly what I needed.

Oddly enough the process using the port is tmlisten.exe and that process belongs to the virus scanner I am using (Officescan by Trend Micro). The question now is why would Trend use a port that is well know for trojans.
 
it looks like this is normal: (google: tmlisten.exe 12345)

when a programmer needs a port he can pick whatever he wants. If later on (or before) someone else chooses the same, that's bad luck. (this would only be a problem if you run both apps on same machine at the same time)

the link talks about DoS attack on the port which I hope is fixed by now, probably nothing to worry about. The article does show tmlisten effectively uses the port for administration reasons...

CU
G.
 
Thanks again for the help. It's odd to me that they would choose to use this port, but everything seems to be operatin as it should.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top