T
TomH
Any input from any knowledgable individuals is gratefully accepted!!!
My winxp home, standalone, most-services-disabled and
all-unnecessary-apps-uninstalled to reduce attack surfaces system still has
rather a lot of ports open that I don't think should be open.
Especially some of these UDP ports, I can't think of any legitimate
processes running on my system that have any business appropriating 19
megabytes of RAM, and then opening a UDP port, yet there are two processes
labeling themselves svchost (sometimes there are upwards of five of these,
similarly named processes in memory at one time!) that are doing exactly
that.
I know, I have scanned and scanned and scanned, and I have BHOdemon,
TCMonitor, Zonealarm, all of which tell me my system is clean.
output from netstat:
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 824
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:1025 *:* 952
UDP 24.86.74.167:123 *:* 888
UDP 127.0.0.1:123 *:* 888
The pids of are mostly those of the aforementioned svchost processes, of
which, right now there are 5.
All svchost processes have appropriated a total of roughly 30 Mb of RAM.
My winxp home, standalone, most-services-disabled and
all-unnecessary-apps-uninstalled to reduce attack surfaces system still has
rather a lot of ports open that I don't think should be open.
Especially some of these UDP ports, I can't think of any legitimate
processes running on my system that have any business appropriating 19
megabytes of RAM, and then opening a UDP port, yet there are two processes
labeling themselves svchost (sometimes there are upwards of five of these,
similarly named processes in memory at one time!) that are doing exactly
that.
I know, I have scanned and scanned and scanned, and I have BHOdemon,
TCMonitor, Zonealarm, all of which tell me my system is clean.
output from netstat:
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 824
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:1025 *:* 952
UDP 24.86.74.167:123 *:* 888
UDP 127.0.0.1:123 *:* 888
The pids of are mostly those of the aforementioned svchost processes, of
which, right now there are 5.
All svchost processes have appropriated a total of roughly 30 Mb of RAM.