F
Faraz Azhar
Hello,
I have Windows XP Pro. I used an IP scanner to check all the computers
on the network and it shows 3 computers on the network (including
mine), all showing the unusual open ports 7, 9, 13, 17, 19, and 139.
I used a winsock control to connect to that port (to my computer and
other computers on the network as well).
First I connected at port 19. As soon as I got connected, I started
recieving extreme amount of data. The data was repeatedly this:
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgh
"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghi
#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij
$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijk
%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkl
&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklm
'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmn
()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmno
)*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnop
*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopq
+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqr
,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrs
-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrst
../0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstu
/0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuv
0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvw
123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwx
23456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxy
This data came and came and came until i disconnected the socket
myself. WHat is this port for ? is it a worm or something ? Ive heard
of the blaster worm, and I have applied the required windows update
and other procedures for it.
Then I connected to port 17. Everytime I connected, the port gave one
of the following messages and then self-disconnected.
1. "My spelling is Wobbly. It's good spelling but it Wobbles, and the
letters
get in the wrong places." A. A. Milne (1882-1958)
2. "Assassination is the extreme form of censorship."
George Bernard Shaw (1856-1950)
3. "In Heaven an angel is nobody in particular." George Bernard Shaw
(1856-1950)
The above three are only samples. It shows a new 'saying' everytime i
connect.
Then I tried connected port 13. Everytime I connected, it returned my
computers extact time (in date and time complete figures) and then
disconnected.
Then Port 9 didnt do anything. I tried connected and sending some
bogus data but nothing happened. Port 7 however, whatever I sent to
that port, always came back. I mean like it was duplicating. Whatever
data i was sending to Port 7, it was returning the same to me. Port
139 also didnt do anything, same as port 9.
Are these worm-opened ports ? Ive never installed any cracks/3rd party
softwares/ocx, etc. Its just a plain ol WinXP which is plenty updated
(not completely updated windows). And wht about other people on the
network? Their ports are also opened.
Im on an internet network. There is an ISA Server at 192.168.0.1 we
all connect to that to access internet. We all have installed MS
Firewall Client and McAfee VirusSan (fully updated).
Does microsoft issue any type of list that shows which ports are
usually opened in a computer by microsoft products?
- Faraz Azhar
I have Windows XP Pro. I used an IP scanner to check all the computers
on the network and it shows 3 computers on the network (including
mine), all showing the unusual open ports 7, 9, 13, 17, 19, and 139.
I used a winsock control to connect to that port (to my computer and
other computers on the network as well).
First I connected at port 19. As soon as I got connected, I started
recieving extreme amount of data. The data was repeatedly this:
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgh
"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghi
#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij
$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijk
%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkl
&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklm
'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmn
()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmno
)*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnop
*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopq
+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqr
,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrs
-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrst
../0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstu
/0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuv
0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvw
123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwx
23456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxy
This data came and came and came until i disconnected the socket
myself. WHat is this port for ? is it a worm or something ? Ive heard
of the blaster worm, and I have applied the required windows update
and other procedures for it.
Then I connected to port 17. Everytime I connected, the port gave one
of the following messages and then self-disconnected.
1. "My spelling is Wobbly. It's good spelling but it Wobbles, and the
letters
get in the wrong places." A. A. Milne (1882-1958)
2. "Assassination is the extreme form of censorship."
George Bernard Shaw (1856-1950)
3. "In Heaven an angel is nobody in particular." George Bernard Shaw
(1856-1950)
The above three are only samples. It shows a new 'saying' everytime i
connect.
Then I tried connected port 13. Everytime I connected, it returned my
computers extact time (in date and time complete figures) and then
disconnected.
Then Port 9 didnt do anything. I tried connected and sending some
bogus data but nothing happened. Port 7 however, whatever I sent to
that port, always came back. I mean like it was duplicating. Whatever
data i was sending to Port 7, it was returning the same to me. Port
139 also didnt do anything, same as port 9.
Are these worm-opened ports ? Ive never installed any cracks/3rd party
softwares/ocx, etc. Its just a plain ol WinXP which is plenty updated
(not completely updated windows). And wht about other people on the
network? Their ports are also opened.
Im on an internet network. There is an ISA Server at 192.168.0.1 we
all connect to that to access internet. We all have installed MS
Firewall Client and McAfee VirusSan (fully updated).
Does microsoft issue any type of list that shows which ports are
usually opened in a computer by microsoft products?
- Faraz Azhar