[Update] CurrPorts 1.08

[Goeroeboeroe]

CurrPorts displays the list of all currently opened TCP/IP and UDP ports
on your local computer. For each port in the list, information about the
process that opened the port is also displayed, including the process
name, full path of the process, version information of the process
(product name, file description, and so on), the time that the process
was created, and the user that created it.
In addition, CurrPorts allows you to close unwanted TCP connections,
kill the process that opened the ports, and save the TCP/UDP ports
information to HTML file , XML file, or to tab-delimited text file.
CurrPorts also automatically mark with pink color suspicious TCP/UDP
ports owned by unidentified applications (Applications without version
information and icons)

Version 1.08:

* Fixed columns order bug.

Website/download: http://www.nirsoft.net/utils/cports.html

Peter

 

[Slarty]

CurrPorts displays the list of all currently opened TCP/IP and UDP ports
on your local computer. For each port in the list, information about the
process that opened the port is also displayed, including the process
name, full path of the process, version information of the process
(product name, file description, and so on), the time that the process
was created, and the user that created it.
In addition, CurrPorts allows you to close unwanted TCP connections,
kill the process that opened the ports, and save the TCP/UDP ports
information to HTML file , XML file, or to tab-delimited text file.
CurrPorts also automatically mark with pink color suspicious TCP/UDP
ports owned by unidentified applications (Applications without version
information and icons)

Version 1.08:

* Fixed columns order bug.

Website/download: http://www.nirsoft.net/utils/cports.html

Peter

Be very, very careful if you decide to run this application. Particularly
if it is active while you are using a browser. Pay special attention to
outgoing connections, not obviously related to this application, unless you
have specifically allowed them. You may, for example, suspect that an
outgoing netbios attempt at file and printer sharing **when those services
have been uninstalled, not just disabled** is rather peculiar. If you
decide to remove it after that, note that it does place a few entries in
the Registry although not installed.

Initially I suspected poor coding, since there is no apparent consistency
in the remote point to which connections are attempted, but A Squared flags
it as malware. Judge for yourself.

Cheers,

Roy

 

[Goeroeboeroe]

Be very, very careful if you decide to run this application. Particularly
if it is active while you are using a browser. Pay special attention to
outgoing connections, not obviously related to this application, unless you
have specifically allowed them. You may, for example, suspect that an
outgoing netbios attempt at file and printer sharing **when those services
have been uninstalled, not just disabled** is rather peculiar. If you
decide to remove it after that, note that it does place a few entries in
the Registry although not installed.

Initially I suspected poor coding, since there is no apparent consistency
in the remote point to which connections are attempted, but A Squared flags
it as malware. Judge for yourself.

Cheers,

Roy

Hi Roy,
Actually I don't understand what you mean. It's a program just to see
what is connecting to Internet. It never came in my mind that somebody
could be that stupid to start removing an application just because it
shows up in CurrPorts. But maybe you're right, people sometimes do
pretty stupid things.
About te malware-thing: this kind of applications is very often flagged
as malware. I've a whole collection of them. They use techniques that
are also use by malware. You can read about it on:
http://www.nirsoft.net/faq.html
http://www.nirsoft.net/false_positive_report.html
nirsoft is prettye welknown for this kind of programs, there's
absolutely no malware in it.

Regards
Peter

 

[Aaron]

Heh. I've actually seen this happen with other port mappers such as TCPview
and Activeports , it's not particular to currentports.

A2 free or paid? The paid one's 'IDS' system is well known for being very
sensitive, it used to flag even certain versions of firefox itself.

Hi Roy,
It's a program just to see what is connecting to Internet. It never
came in my mind that somebody could be that stupid to start removing an >

application just because it shows up in CurrPorts.

I don't think this is what Roy means. I think Roy is implying currentports
is the fishy one.

About te malware-thing: this kind of applications is very often
flagged as malware. I've a whole collection of them. They use
techniques that are also use by malware. You can read about it on:
http://www.nirsoft.net/faq.html
http://www.nirsoft.net/false_positive_report.html
nirsoft is prettye welknown for this kind of programs, there's
absolutely no malware in it.

I concur.

 

[Goeroeboeroe]

Heh. I've actually seen this happen with other port mappers such as TCPview
and Activeports , it's not particular to currentports.


A2 free or paid? The paid one's 'IDS' system is well known for being very
sensitive, it used to flag even certain versions of firefox itself.

application just because it shows up in CurrPorts.

I don't think this is what Roy means. I think Roy is implying currentports
is the fishy one.

I still don't understand it. CurrPorts gives no value what so all to a
connection, it just displays them, that's all. It doesn't indicate in
any way if it's a malware connection or anything like that.
So I really don't get how people can decide what kind of connection it
is, just by looking at it. But maybe I'm missing something?

Peter

 

[Slarty]

I still don't understand it. CurrPorts gives no value what so all to a
connection, it just displays them, that's all. It doesn't indicate in
any way if it's a malware connection or anything like that.
So I really don't get how people can decide what kind of connection it
is, just by looking at it. But maybe I'm missing something?

Have you considered that I was monitoring this activity using some other
application?No, nothing of this was shown in CurrPorts.

A 'live' log file open for viewing is revealing.

Cheers,

Roy

 

[Slarty]

Heh. I've actually seen this happen with other port mappers such as TCPview
and Activeports , it's not particular to currentports.

I've used, and still have both of those and have never observed this
behaviour.

I've only seen it happen, on more than one machine, while CurrPorts was
present and open.

Asquared can produce false positives, like any other security application.
I'm well aware of that, and the fact that NOD32, Ewido, and Spybot S&D, all
fully updated, reported nothing. I would have discounted Asquared's result,
except for what I saw with my own eyes. Failing an explanation of how or
why that should have happened I won't be using CurrPorts in the foreseeable
future.

I'll just leave it there.

Cheers,

Roy