Sign in with
Sign up | Sign in
Your question

Help with IP scanner's "odd" results, please

Last response: in Networking
Share
Anonymous
a b 8 Security
May 8, 2004 8:59:05 AM

Archived from groups: comp.security.firewalls (More info?)

While trying to troubleshoot some Remote Desktop problems, I decided it
would be a good idea to get an IP scanner and see what port 3389 (the MS
Remote Desktop server port) looked like on that machine. When I started
scanning, I got some results that I thought were odd. To make a long story
short, I ended up downloading 3 different scanners (GFI Languard, Advanced
Port Scanner, and AW Security Port Scanner). The odd thing is that when I
scan a given machine (and I have done this with quite few computers now) I
get different results. Is this normal? If so, how do I determine what is
correct.

Also, in a related issue, is there any way to tell specifically what each
instance svchost.exe is all about?

TIA for your help

James

More about : scanner odd results

Anonymous
a b 8 Security
May 8, 2004 9:55:35 AM

Archived from groups: comp.security.firewalls (More info?)

James Bond <jbond@ue.com> wrote in
news:Xns94E3A30D812Djbonduecom@216.168.3.44:

> While trying to troubleshoot some Remote Desktop problems, I decided
> it would be a good idea to get an IP scanner and see what port 3389
> (the MS Remote Desktop server port) looked like on that machine. When
> I started scanning, I got some results that I thought were odd. To
> make a long story short, I ended up downloading 3 different scanners
> (GFI Languard, Advanced Port Scanner, and AW Security Port Scanner).
> The odd thing is that when I scan a given machine (and I have done
> this with quite few computers now) I get different results. Is this
> normal? If so, how do I determine what is correct.

Yeah it's kind of the norm for the scanners with diffrent results being
prodouced by them.

>
> Also, in a related issue, is there any way to tell specifically what
> each instance svchost.exe is all about?

Yeah, you can use Process Explorer and right-click on a svchost.exe and go
to Properties and it will give you the whole nine yards about the running
process and what's using the process (other running processes/programs the
Threads) using the process at the time of execution.

View/lower pane/dll

It will tell you everything about the dlls being used and the directory
it's located with the mouse-click on the dll. You can right-
click/properties as well.

http://www.sysinternals.com/ntw2k/freeware/procexp.shtm...

That's about as close as you can get in finding out what any process is
about that's running on the machine. :) 

If svchost.exe is not running out the system32 directory only --- not
system32/whatever then it's a Trojan. That also includes dllhost.exe that
will be a Trojan too.

Duane :) 
!