Win2k system(8) Listening to port 1028

Archived from groups: microsoft.public.win2000.security (More info?)

It is not unusual to see ports in the under 1030 and over 1025 range to be
used or listening as they are often used for services installed on your
computer. What will help is to download TCPView, Process Explorer, and
Autoruns from SysInternals to find out more information. TCPView for
instance will display the associated executable for the listening port which
may help you determine what is going on. Process Explorer and Autoruns are
also very helpful in tracking down processes and can show the publisher of
an executable and if the file is digitally signed or not. Of course routine
malware and spyware scans can help identify and remove rouge applications
that may be using unexplained ports. --- Steve

http://www.sysinternals.com/Utilities/TcpView.html --- TCPView and link to
SysInternals.

<someone92@hotmail.com> wrote in message
news:1123973008.239393.37120@g43g2000cwa.googlegroups.com...
> Hi,
> I just used netstat -an to see what are the open port on one of my
> win2k system and I saw this strange open port 1028:
>
> TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
>
> Using TCPview I saw that the port is used by system(8). And it's is
> always listening to this port. Last week I saw that port 1029 and 1032
> were also used instead.
>
> I have another win2k machine and this port is closed.
>
> I didn't find any standard services that used this port. except:
> Microsoft Local Security Authority (LSA) but it's supposed to be
> listening using the udp protocol.
>
> I find it strange that system(8) is using TCP on that port and that
> this port is closed on my other system (I have disabled many services
> on both machines, so there can be some differences on the
> configuration). Anyway is this a normal behavior? any information will
> be welcome.
>
> Thanks in advance
>