Win2k system(8) Listening to port 1028

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,
I just used netstat -an to see what are the open port on one of my
win2k system and I saw this strange open port 1028:

TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING

Using TCPview I saw that the port is used by system(8). And it's is
always listening to this port. Last week I saw that port 1029 and 1032
were also used instead.

I have another win2k machine and this port is closed.

I didn't find any standard services that used this port. except:
Microsoft Local Security Authority (LSA) but it's supposed to be
listening using the udp protocol.

I find it strange that system(8) is using TCP on that port and that
this port is closed on my other system (I have disabled many services
on both machines, so there can be some differences on the
configuration). Anyway is this a normal behavior? any information will
be welcome.

Thanks in advance
1 answer Last reply
More about win2k system listening port 1028
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    It is not unusual to see ports in the under 1030 and over 1025 range to be
    used or listening as they are often used for services installed on your
    computer. What will help is to download TCPView, Process Explorer, and
    Autoruns from SysInternals to find out more information. TCPView for
    instance will display the associated executable for the listening port which
    may help you determine what is going on. Process Explorer and Autoruns are
    also very helpful in tracking down processes and can show the publisher of
    an executable and if the file is digitally signed or not. Of course routine
    malware and spyware scans can help identify and remove rouge applications
    that may be using unexplained ports. --- Steve

    http://www.sysinternals.com/Utilities/TcpView.html --- TCPView and link to
    SysInternals.

    <someone92@hotmail.com> wrote in message
    news:1123973008.239393.37120@g43g2000cwa.googlegroups.com...
    > Hi,
    > I just used netstat -an to see what are the open port on one of my
    > win2k system and I saw this strange open port 1028:
    >
    > TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
    >
    > Using TCPview I saw that the port is used by system(8). And it's is
    > always listening to this port. Last week I saw that port 1029 and 1032
    > were also used instead.
    >
    > I have another win2k machine and this port is closed.
    >
    > I didn't find any standard services that used this port. except:
    > Microsoft Local Security Authority (LSA) but it's supposed to be
    > listening using the udp protocol.
    >
    > I find it strange that system(8) is using TCP on that port and that
    > this port is closed on my other system (I have disabled many services
    > on both machines, so there can be some differences on the
    > configuration). Anyway is this a normal behavior? any information will
    > be welcome.
    >
    > Thanks in advance
    >
Ask a new question

Read More

Security Microsoft Windows