Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

TCP Port

Status
Not open for further replies.
Guest_imported

Guest_imported

New member
Jan 1, 1970
0
Hi,

does anybode known Port 1089 ServerSocks trojan? This Port ist open (i'am haveing w2k server)whithout remot IP or remote Port. Services.exe uses him.
What is this the port?

Thanks
Forsher
 
Sort by date Sort by votes
TCP 1089 is not a special Trojan Port. But there are some Trojan Horse Programs where the Portnr. could be edited like BackdoorG.

If you do not trust to the situation you should make a complete scan of your computer either online or with really actual definitions.

Perhaps it makes sense to install a Trojan watch on your computer (like Trojan-Check).

hnd
hasso55@yahoo.com

 
Upvote 0 Downvote
Hi,

i know that TCP 1089 is a free Port not spacial for Trojan.I've used SuperScan; nmap; nessus and Cyborcop but only SuperScan 3.00 recognized this Port as ServerSocks trojan the Rest says unknown.
could be really a Trojan or is the SuperScan silly?

Forsher
 
Upvote 0 Downvote
nmap, Nessus and CyberCop all use a static 'services' file that associates a given port number with a service. This is fine, except that any application can be run on any port, simply by modifying the application's configuration. For instance, I have a friend who runs his web server on port 91, because his ISP blocks access to port 80 inbound (cable provider).

It could be that SuperScan actually attempts to connect with the open port and recognizes the prompt or responses as the trojan. I have used NetBus and BO2K in a lab environment, and it is a trivial exercise to reconfigure the port assignments.

Run an Anti-virus program, like McAfee or Norton on that machine to see if they detect the trojan. Unfortunately though, these programs can be simply defeated as well, and it is entirely possible that a knowlegable intruder knows this, and changed both the listening port, and enough of the trojan to defeat the AV programs as well.

If you are truly concerned about this, install ServerSocks on a machine that is not accessible over the internet, and telnet to the port that you installed it on. See what it returns for a prompt after the connection. Then do the same to your port 1089. If the prompt is the same or similar, then the trojan is probably installed.

pansophic
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
540
XLNTech1
XLNTech1
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
463
Nitta84
Nitta84
Impersonator
  • Locked
  • Question
UDP Hacking port 53
Replies
1
Views
201
RodneyMcSnow
RodneyMcSnow
RMurr34
  • Locked
  • Question
ASA Config - Open port 3389 for all IPs
Replies
1
Views
175
iggsterman
iggsterman
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
133
hall5942
hall5942

Part and Inventory Search

Sponsor

Back
Top