Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Trojan Port

Status
Not open for further replies.
bobo0605

bobo0605

MIS
Dec 4, 2003
71
US
Hello, I am doing some Vulnerability scan on the internal network using Angry IP and GFI Languard. I ran into a couple of 2003 servers with SP2 that had port 808 (Winhole) and some other ports that were open. I configured ipsec on these server and enabled the firewall and ran the security configuration app. I cannot get this port to close, the other ports are not showing up as vulnerabilities anymore so i think everything is configured right. Also, the security configuration is showin these ports as being blocked but the scanners tell a different story. Any idead here would be appreciated!!
 
Sort by date Sort by votes
What is listening on those ports? Do a "netstat -b" and see what the program is.
 
Upvote 0 Downvote
I ran netstat -b and didn't see port 808 however i did run netstat -a and saw port 8081 listening on itself.
 
Upvote 0 Downvote
winhole is a trojan - What sort of anti-virus / anti-malware softare are you running on that server?
 
Upvote 0 Downvote
i would look into another virus program and run it on that server and see what it comes up with. We use Sophos ( and it has caught everything before it even installed. We even added their puremessage software which is the antivirus for exchange 2003.

Some users swear by McAfee but its not the greatest. In my opinion it doesnt do the greatest at scanning.



Wm. Reynolds
RRWDS | TxPSS


- - - - - - - - - - - - -
Network Error:
Hit any user to continue
 
Upvote 0 Downvote
I will give it a try, I tried some other software and did't find anything. The port 8081 i found out that McAfee was using.
 
Upvote 0 Downvote
I ran sophos and it didn't detect anything. Not sure what to do next.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MasterRacker
  • Locked
  • Question
Can't start default site - port 80 in use.
Replies
6
Views
162
MasterRacker
MasterRacker
Andy542
  • Locked
  • Question
Opening Port 443 on the server
Replies
1
Views
103
iggsterman
iggsterman
1DMF
  • Locked
  • Question
IIS rewrite to remove port number
Replies
1
Views
95
1DMF
1DMF
grofaty
  • Locked
  • Question
How to get IP address and IP port from EventViewer with command from command line?
Replies
0
Views
57
grofaty
grofaty
topdabadawg
  • Locked
  • Question
ISA 2004 Port opening
Replies
0
Views
37
topdabadawg
topdabadawg

Part and Inventory Search

Sponsor

Back
Top