mysterious open ports, XP Home

B

bluddihun

I'm trying to completely understand all of my systems internet activity for
security purposes --- if I know what is normal activity then if I were to
get infected, I would notice the change. I just disabled a ton of services
to pare down the number of processes that have ports open, but I STILL find
I have open ports even right after I reboot, without running any apps that
could attempt inet access.
-Can someone tell me why my XP home system would still have these ports
open?
-What is epmap?
-What is microsoft-ds ?
-What is listening on port zero? udp port 1025?

----------------------------------------
netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP user-d8c0c90a4c:epmap user-d8c:0 LISTENING
TCP user-d8c0c90a4c:microsoft-ds user-d8c:0 LISTENING
UDP user-d8c0c90a4c:microsoft-ds *:*
UDP user-d8c0c90a4c:1025 *:*
 
T

Tom Pepper Willett

Funny, I found all the answers on Google in just a couple of minutes when
inputting the terms or looking for ports. Not one of them told me to come
to a newsgroup.

Tom
| Yes, it does have SOME answers, like "Go to this nesgroup and ask the
| experts."
| | > Visit this site. It has all your answers:
| >
| > http://www.google.com
| >
| > | >> I'm trying to completely understand all of my systems internet activity
| >> for security purposes --- if I know what is normal activity then if I
| >> were to get infected, I would notice the change. I just disabled a ton
| >> of services to pare down the number of processes that have ports open,
| >> but I STILL find I have open ports even right after I reboot, without
| >> running any apps that could attempt inet access.
| >> -Can someone tell me why my XP home system would still have these ports
| >> open?
| >> -What is epmap?
| >> -What is microsoft-ds ?
| >> -What is listening on port zero? udp port 1025?
| >>
| >> ----------------------------------------
| >> netstat -a
| >>
| >> Active Connections
| >>
| >> Proto Local Address Foreign Address State
| >> TCP user-d8c0c90a4c:epmap user-d8c:0 LISTENING
| >> TCP user-d8c0c90a4c:microsoft-ds user-d8c:0 LISTENING
| >> UDP user-d8c0c90a4c:microsoft-ds *:*
| >> UDP user-d8c0c90a4c:1025 *:*
| >>
| >>
| >
| >
|
|
 
D

Dan Walker

Thank you. I think that guy was not too happy with my comments. I did what
you did. Google has kept my job as a sys admin for some time now!

Thanks
 
G

Guest

I would like to know the answer to this question but would prefer to hear
from a Microsoft expert. Are there any out there?
 
S

Steve Riley [MSFT]

The first and third ports you mention are owned by RPC. EPMap is the RPC
end-point mapper (the service that RPC clients connect to so they can learn
which port number an RPC service is listening on). 1025 can be any random
RPC service that might have started in your computer, but most liikely it's
an instance of SVCHOST.EXE containing the code that the DNS client uses when
it's communicating directly with Active Directory (*not* when performing
name resolution). The second port is SMB-over-IP, the protocol for file and
print sharing.

Generally you don't disable these services. If you have a firewall on your
network you normally wouldn't allow communications to these services from
the Internet.

Steve Riley
(e-mail address removed)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

mysterious open ports 6
svchost processes --- OK, but 5 of them? using 30 Mb of RAM?, listening on multiple UDP ports? 1
Closing Ports on Computer 1
Remote Desktop Protocol Error between XP pro PC and NT Server 4.0 4
Windows Ports 4
Firewall Log 1
my system is infected 1
What are these ports? 7

Top