Re: HALP! My XP's ports are unusually opened!!

From: Marc Reynolds [MSFT] (marcrey_at_online.microsoft.com)
Date: 02/26/04 

Date: Thu, 26 Feb 2004 07:28:04 -0600

Your best bet is to download tcpview from www.sysinternals.com to help you
map open ports back to the services that opened them. 

-- 
Thanks,
Marc Reynolds
Microsoft Technical Support
This posting is provided "AS IS" with no warranties, and confers no rights.
"Faraz Azhar" <itz_faraz@hotmail.com> wrote in message
news:7808b5d7.0402260012.258adf63@posting.google.com...
> Hello,
>
> I have Windows XP Pro. I used an IP scanner to check all the computers
> on the network and it shows 3 computers on the network (including
> mine), all showing the unusual open ports 7, 9, 13, 17, 19, and 139.
>
> I used a winsock control to connect to that port (to my computer and
> other computers on the network as well).
>
> First I connected at port 19. As soon as I got connected, I started
> recieving extreme amount of data. The data was repeatedly this:
>
>  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
> !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgh
> "#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghi
> #$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij
> $%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijk
> %&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkl
> &'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklm
> '()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmn
> ()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmno
> )*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnop
> *+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopq
> +,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqr
> ,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrs
> -./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrst
> ./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstu
> /0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuv
> 0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvw
> 123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwx
> 23456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxy
>
>
>
> This data came and came and came until i disconnected the socket
> myself. WHat is this port for ? is it a worm or something ? Ive heard
> of the blaster worm, and I have applied the required windows update
> and other procedures for it.
>
>
> Then I connected to port 17. Everytime I connected, the port gave one
> of the following messages and then self-disconnected.
>
> 1. "My spelling is Wobbly.  It's good spelling but it Wobbles, and the
> letters
>  get in the wrong places." A. A. Milne (1882-1958)
>
> 2. "Assassination is the extreme form of censorship."
>  George Bernard Shaw (1856-1950)
>
> 3. "In Heaven an angel is nobody in particular." George Bernard Shaw
> (1856-1950)
>
>
> The above three are only samples. It shows a new 'saying' everytime i
> connect.
>
>
>
> Then I tried connected port 13. Everytime I connected, it returned my
> computers extact time (in date and time complete figures) and then
> disconnected.
>
>
>
> Then Port 9 didnt do anything. I tried connected and sending some
> bogus data but nothing happened. Port 7 however, whatever I sent to
> that port, always came back. I mean like it was duplicating. Whatever
> data i was sending to Port 7, it was returning the same to me. Port
> 139 also didnt do anything, same as port 9.
>
>
> Are these worm-opened ports ? Ive never installed any cracks/3rd party
> softwares/ocx, etc. Its just a plain ol WinXP which is plenty updated
> (not completely updated windows). And wht about other people on the
> network? Their ports are also opened.
>
> Im on an internet network. There is an ISA Server at 192.168.0.1 we
> all connect to that to access internet. We all have installed MS
> Firewall Client and McAfee VirusSan (fully updated).
>
> Does microsoft issue any type of list that shows which ports are
> usually opened in a computer by microsoft products?
>
>
> - Faraz Azhar

Relevant Pages

  • RE: SBS 2003, ISA 2004
    ... ISA and IIS try listening on these two ports. ... by default the Web Proxy is listening on port 8080 ... of the local network adapter. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Is Zotob A MS Plot . . . .
    ... If the reason is that they left port 445 open and got exploited via FTP ... I certainly blame Microsoft. ... generally can to protect those computers. ...
    (microsoft.public.windowsxp.general)
  • HALP! My XPs ports are unusually opened!!
    ... I have Windows XP Pro. ... I used an IP scanner to check all the computers ... on the network and it shows 3 computers on the network (including ... First I connected at port 19. ...
    (microsoft.public.windowsxp.network_web)
  • RE: Printing from the DMZ zone
    ... Telnet to port 9100 after I followed your instructions. ... printer in internal network to DMZ via SBS standard edition. ... The Network Connection Properties has 4 tabs. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: port forwarding in SBS2003 network.
    ... then you can enter the Service name, Protocol and Port. ... If you only have one network card on the SBS Server, ... Microsoft CSS Online Newsgroup Support ... newsgroups so that they can be resolved in an efficient and timely manner. ...
    (microsoft.public.windows.server.sbs)