win 2k port 1025 scans

**Spirit-X** · 03-Sep-2007, 07:15 AM

1) Port 1025 is the first dynamically assigned address given to applications that use non-defined ports. You will often see outbound connections from 1025.

2) For the reason above, certain trojans use port 1025 (Fraggle Rock, md5 Backdoor, NetSpy, Remote Storm).

3) There is a *very* old bug that uses this service, unless someone has discovered it's mostly unpatched I doubt it is this (The Port 1025 Problem). Also this is a DoS attack more than an exploit, so unless someone has found a new way to use it, it would be pretty much useless anyway.

3) Port 1025 is used for RFS remote_file_sharing, if there is a yet undocumented exploit for this service I'm not sure as I haven't been checking lately. It could just be people searching for RFS remote file shares? (Info Here)

03-Sep-2007, 07:15 AM	#1 (permalink)
Spirit-X Fixed Error! Posts: 2,598 Join Date: Jul 2007 Rep Power: 4 IM:	win 2k port 1025 scans 1) Port 1025 is the first dynamically assigned address given to applications that use non-defined ports. You will often see outbound connections from 1025. 2) For the reason above, certain trojans use port 1025 (Fraggle Rock, md5 Backdoor, NetSpy, Remote Storm). 3) There is a very old bug that uses this service, unless someone has discovered it's mostly unpatched I doubt it is this (The Port 1025 Problem). Also this is a DoS attack more than an exploit, so unless someone has found a new way to use it, it would be pretty much useless anyway. 3) Port 1025 is used for RFS remote_file_sharing, if there is a yet undocumented exploit for this service I'm not sure as I haven't been checking lately. It could just be people searching for RFS remote file shares? (Info Here)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)