Help with IP scanner's "odd" results, please

Archived from groups: comp.security.firewalls (More info?)

While trying to troubleshoot some Remote Desktop problems, I decided it
would be a good idea to get an IP scanner and see what port 3389 (the MS
Remote Desktop server port) looked like on that machine. When I started
scanning, I got some results that I thought were odd. To make a long story
short, I ended up downloading 3 different scanners (GFI Languard, Advanced
Port Scanner, and AW Security Port Scanner). The odd thing is that when I
scan a given machine (and I have done this with quite few computers now) I
get different results. Is this normal? If so, how do I determine what is
correct.

Also, in a related issue, is there any way to tell specifically what each
instance svchost.exe is all about?

TIA for your help

James
1 answer Last reply
More about help scanner results please
  1. Archived from groups: comp.security.firewalls (More info?)

    James Bond <jbond@ue.com> wrote in
    news:Xns94E3A30D812Djbonduecom@216.168.3.44:

    > While trying to troubleshoot some Remote Desktop problems, I decided
    > it would be a good idea to get an IP scanner and see what port 3389
    > (the MS Remote Desktop server port) looked like on that machine. When
    > I started scanning, I got some results that I thought were odd. To
    > make a long story short, I ended up downloading 3 different scanners
    > (GFI Languard, Advanced Port Scanner, and AW Security Port Scanner).
    > The odd thing is that when I scan a given machine (and I have done
    > this with quite few computers now) I get different results. Is this
    > normal? If so, how do I determine what is correct.

    Yeah it's kind of the norm for the scanners with diffrent results being
    prodouced by them.

    >
    > Also, in a related issue, is there any way to tell specifically what
    > each instance svchost.exe is all about?

    Yeah, you can use Process Explorer and right-click on a svchost.exe and go
    to Properties and it will give you the whole nine yards about the running
    process and what's using the process (other running processes/programs the
    Threads) using the process at the time of execution.

    View/lower pane/dll

    It will tell you everything about the dlls being used and the directory
    it's located with the mouse-click on the dll. You can right-
    click/properties as well.

    http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

    That's about as close as you can get in finding out what any process is
    about that's running on the machine. :)

    If svchost.exe is not running out the system32 directory only --- not
    system32/whatever then it's a Trojan. That also includes dllhost.exe that
    will be a Trojan too.

    Duane :)
Ask a new question

Read More

Firewalls Remote Desktop IP Security Scanners Networking