Connessioni su porta 135

**Lancill** · 30-12-2003, 18:13

Ciao a tutti, guardando il netstat -n ho visto che sul pc ci sono troppe connessioni in ascolto sulla porta 135 da parte dello stesso range di IP... guardate qui, aperto solo messenger, scheda di rete in ascolto e forum di html.it (che sono le ultime righe):

codice:

Proto  Indirizzo locale       Indirizzo esterno       Stato
TCP    80.117.13.90:135       64.198.2.130:4597      ESTABLISHED
TCP    80.117.13.90:135       68.248.140.2:3469      ESTABLISHED
TCP    80.117.13.90:135       80.116.12.173:3561     ESTABLISHED
TCP    80.117.13.90:135       80.116.69.126:1623     ESTABLISHED
TCP    80.117.13.90:135       80.116.93.52:4728      ESTABLISHED
TCP    80.117.13.90:135       80.116.98.2:4721       ESTABLISHED
TCP    80.117.13.90:135       80.116.101.31:4751     ESTABLISHED
TCP    80.117.13.90:135       80.116.117.70:4147     ESTABLISHED
TCP    80.117.13.90:135       80.116.119.137:4479    ESTABLISHED
TCP    80.117.13.90:135       80.116.138.199:3122    ESTABLISHED
TCP    80.117.13.90:135       80.116.142.30:1532     ESTABLISHED
TCP    80.117.13.90:135       80.116.163.77:1546     ESTABLISHED
TCP    80.117.13.90:135       80.116.171.13:2779     ESTABLISHED
TCP    80.117.13.90:135       80.116.172.112:3165    ESTABLISHED
TCP    80.117.13.90:135       80.116.183.71:4441     ESTABLISHED
TCP    80.117.13.90:135       80.116.201.102:4521    ESTABLISHED
TCP    80.117.13.90:135       80.116.203.20:4043     ESTABLISHED
TCP    80.117.13.90:135       80.116.220.204:4126    ESTABLISHED
TCP    80.117.13.90:135       80.116.221.206:3486    ESTABLISHED
TCP    80.117.13.90:135       80.116.223.175:4067    ESTABLISHED
TCP    80.117.13.90:135       80.116.224.225:1729    ESTABLISHED
TCP    80.117.13.90:135       80.116.225.142:4845    ESTABLISHED
TCP    80.117.13.90:135       80.116.231.26:1446     ESTABLISHED
TCP    80.117.13.90:135       80.116.232.199:4543    ESTABLISHED
TCP    80.117.13.90:135       80.116.234.167:3613    ESTABLISHED
TCP    80.117.13.90:135       80.116.247.234:1064    ESTABLISHED
TCP    80.117.13.90:135       80.116.248.43:4140     ESTABLISHED
TCP    80.117.13.90:135       80.116.249.73:4743     ESTABLISHED
TCP    80.117.13.90:135       80.116.249.226:2449    ESTABLISHED
TCP    80.117.13.90:135       80.116.249.232:3931    ESTABLISHED
TCP    80.117.13.90:135       80.116.252.100:3893    ESTABLISHED
TCP    80.117.13.90:135       80.116.253.15:4417     ESTABLISHED
TCP    80.117.13.90:135       80.116.253.57:3588     ESTABLISHED
TCP    80.117.13.90:135       80.116.255.84:4986     ESTABLISHED
TCP    80.117.13.90:135       80.117.0.35:1347       ESTABLISHED
TCP    80.117.13.90:135       80.117.2.51:3914       ESTABLISHED
TCP    80.117.13.90:135       80.117.2.110:4252      ESTABLISHED
TCP    80.117.13.90:135       80.117.3.40:2070       ESTABLISHED
TCP    80.117.13.90:135       80.117.4.188:3816      ESTABLISHED
TCP    80.117.13.90:135       80.117.4.219:3829      ESTABLISHED
TCP    80.117.13.90:135       80.117.9.23:3782       ESTABLISHED
TCP    80.117.13.90:135       80.117.9.23:3806       ESTABLISHED
TCP    80.117.13.90:135       80.117.9.139:4823      ESTABLISHED
TCP    80.117.13.90:135       80.117.13.21:4189      ESTABLISHED
TCP    80.117.13.90:135       80.117.13.92:2433      ESTABLISHED
TCP    80.117.13.90:135       80.117.13.127:4024     ESTABLISHED
TCP    80.117.13.90:135       80.117.13.127:4044     ESTABLISHED
TCP    80.117.13.90:135       80.117.13.162:2158     ESTABLISHED
TCP    80.117.13.90:135       80.117.13.162:2178     ESTABLISHED
TCP    80.117.13.90:135       80.117.13.228:4160     ESTABLISHED
TCP    80.117.13.90:135       80.117.13.228:4181     ESTABLISHED
TCP    80.117.13.90:135       80.117.21.36:1789      ESTABLISHED
TCP    80.117.13.90:135       80.117.21.206:3256     ESTABLISHED
TCP    80.117.13.90:135       80.117.22.59:4857      ESTABLISHED
TCP    80.117.13.90:135       80.117.22.99:4276      ESTABLISHED
TCP    80.117.13.90:135       80.117.22.103:4006     ESTABLISHED
TCP    80.117.13.90:135       80.117.23.239:3667     ESTABLISHED
TCP    80.117.13.90:135       80.117.23.248:3776     ESTABLISHED
TCP    80.117.13.90:135       80.117.25.65:1965      ESTABLISHED
TCP    80.117.13.90:135       80.117.27.170:3744     ESTABLISHED
TCP    80.117.13.90:135       80.117.28.36:2029      ESTABLISHED
TCP    80.117.13.90:135       80.117.28.69:1482      ESTABLISHED
TCP    80.117.13.90:135       80.117.29.83:2062      ESTABLISHED
TCP    80.117.13.90:135       80.117.29.211:1178     ESTABLISHED
TCP    80.117.13.90:135       80.117.29.246:2033     ESTABLISHED
TCP    80.117.13.90:135       80.138.33.94:1593      ESTABLISHED
TCP    80.117.13.90:445       80.117.222.195:3776    ESTABLISHED
TCP    80.117.13.90:3029      207.46.106.88:1863     ESTABLISHED
TCP    80.117.13.90:4436      212.110.12.173:80      ESTABLISHED
TCP    80.117.13.90:4437      212.110.13.98:80       ESTABLISHED
TCP    80.117.13.90:4438      213.152.192.212:80     ESTABLISHED

la 135 è la porta epmap, ma ho visto che viene sfruttata anche dal Blaster...
ora visto che io non sono infetto, sono attacchi da altri pc? Da notare che il mio firewall mi segnala migliaia di tentativi al giorno di intrusione sulle porte del blaster.

Grazie in anticipo

**olly** · 30-12-2003, 18:18

Cos'è la porta epmap??

**Lancill** · 30-12-2003, 18:34

volevo dire servizio epmap: dovrebbe essere il DCE Endpoint Resolution, cioè il mapper dell'endpoint gestito dal servizio RPC (Remote Procedure Call) e una delle vulnerabilità dell'RPC veniva sfruttata proprio dal blaster.

**olly** · 30-12-2003, 18:35

ascolta perchè nn riesco a visualizzare le connessioni attive??

Digito il comando dal prompt dei comandi, mi appare la schermata nera con scritto i valori solo per alcuni secondi e basta....

**olly** · 30-12-2003, 18:41

:quipy:

**Lancill** · 30-12-2003, 18:42

non digitare il comando da esegui, apri la finestra del prompt dei comandi (Start->Programmi->Accessori->Prompt dei comandi) e poi digita il comando.

**olly** · 30-12-2003, 18:48

3296,97,98,99: queste sono le mie porte aperte ...

Come faccio a sapere a che programma è associata ciascuna porta??

**olly** · 30-12-2003, 19:07

http://scan.sygatetech.com/stealthscan.html

prova a farti una scansione con questo programma per vedere come sono le tue porte. Ciao.

**Lancill** · 30-12-2003, 19:43

97 udp swift-rvf Swift Remote Virtural File
98 tcp linuxconf linuxconf
98 tcp tacnews TAC News
98 udp tacnews TAC News
99 tcp Hidden [trojan] Hidden
99 tcp metagram Metagram Relay
99 udp metagram Metagram Relay
3296 tcp rib-slm Rib License Manager
3296 udp rib-slm Rib License Manager

su google trovai un'elenco enorme (128 pagine in .doc di porte e servizi associati!)

**Lancill** · 30-12-2003, 20:38

Originariamente inviato da olly
http://scan.sygatetech.com/stealthscan.html

prova a farti una scansione con questo programma per vedere come sono le tue porte. Ciao.

con il firewall attivato tutto chiuso

Discussione: Connessioni su porta 135

Strumenti discussione

Ricerca discussione

Visualizza

Connessioni su porta 135

Permessi di invio