Open Tcp Port 1025 Blackjack
Is this anything to worry about?
As of now, I have 10 megs of the following logs, and still climbing.
Jun 7 22:28:21 paradox kernel: [IPTABLES DROP] : IN=eth0 OUT= MAC=00:05:5d:80:e8:92:00:04:5a:26:6d:b3:08:00 SRC=207.69.200.211 DST=192.168.1.201 LEN=195 TOS=0x00 PREC=0x00 TTL=51 ID=20057 PROTO=UDP SPT=53 DPT=1025 LEN=175
Jun 7 22:28:26 paradox kernel: [IPTABLES DROP] : IN=eth0 OUT= MAC=00:05:5d:80:e8:92:00:04:5a:26:6d:b3:08:00 SRC=207.69.200.210 DST=192.168.1.201 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=9575 PROTO=UDP SPT=53 DPT=1025 LEN=20
I have no idea of what they’re trying to do, but UDP ports 53 and 1025 (blackjack) seem to be of interest. The kicker is, these ports are not open on my router, so how are they seeping through, and why? I recently setup a caching name-server, which uses port 53, but again, I don’t have that port open on the outside.
Iptables is dropping the packets, but that because I’ve blocked their class C. My question is, are they somehow using my name server, or is this type of probe common? Should I close off these ports, and how?
Thanks,
Dave H
As of now, I have 10 megs of the following logs, and still climbing.
Jun 7 22:28:21 paradox kernel: [IPTABLES DROP] : IN=eth0 OUT= MAC=00:05:5d:80:e8:92:00:04:5a:26:6d:b3:08:00 SRC=207.69.200.211 DST=192.168.1.201 LEN=195 TOS=0x00 PREC=0x00 TTL=51 ID=20057 PROTO=UDP SPT=53 DPT=1025 LEN=175
Jun 7 22:28:26 paradox kernel: [IPTABLES DROP] : IN=eth0 OUT= MAC=00:05:5d:80:e8:92:00:04:5a:26:6d:b3:08:00 SRC=207.69.200.210 DST=192.168.1.201 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=9575 PROTO=UDP SPT=53 DPT=1025 LEN=20
I have no idea of what they’re trying to do, but UDP ports 53 and 1025 (blackjack) seem to be of interest. The kicker is, these ports are not open on my router, so how are they seeping through, and why? I recently setup a caching name-server, which uses port 53, but again, I don’t have that port open on the outside.
Iptables is dropping the packets, but that because I’ve blocked their class C. My question is, are they somehow using my name server, or is this type of probe common? Should I close off these ports, and how?
Thanks,
Dave H
Verify open TCP ports found by local port enumerators: Disabled: When enabled, if a local port enumerator (for example, WMI or netstat) finds a port, the scanner also verifies that the port is open remotely. This approach helps determine if some form of access control is being used (for example, TCP wrappers or a firewall). Hi: Anybody knows something about the 1025 port? I make a portscan using nmap 2.53 over some servers of one of my networks and I've encountered the port 1025 UDP prot. And the name 'blackjack' returned as the name service. Thanks in advance! Here's my guess: You're using bind and you blocked UDP port 1-1024 with your firewall.
Open Tcp Port 1025 Blackjack Download
Hi folks,
Hopefully, someone can help me with an 'Open Port' using the GRC.com Site's check for Stealthed Ports. All my ports used to be stealthed using Norton Firewall 2003 but now I've got Port 1025 open! It seems to be something to do with 'Network Blackjack' [not something I've ever used] and the Trojans 'Fraggle Rock' 'MD5 Backdoor' 'Netspy' & 'Remote Alarm' could be connected through here from what I've read??
I've run Norton AV, SpyBot S&D plus an online trojan scanner - everything appears clean. I then installed 'Active Ports' which showed the following running during a normal surfing session using XP Pro & a DUN connection. Does this make sense?
System 4 0.0.0.0 445 LISTEN UDP
System 4 0.0.0.0 445 LISTEN TCP
System 4 0.0.0.0 1026 LISTEN TCP
svchost.exe 772 0.0.0.0 135 LISTEN TCP C:WINDOWSsystem32svchost.exe
svchost.exe 796 0.0.0.0 1025 LISTEN TCP C:WINDOWSSystem32svchost.exe
svchost.exe 856 0.0.0.0 1030 LISTEN UDP C:WINDOWSSystem32svchost.exe
svchost.exe 856 0.0.0.0 1039 LISTEN UDP C:WINDOWSSystem32svchost.exe
svchost.exe 856 0.0.0.0 1040 LISTEN UDP C:WINDOWSSystem32svchost.exe
BigFix.exe 1768 127.0.0.1 1044 LISTEN UDP C:Program FilesBigFixBigFix.exe
iexplore.exe 1404 127.0.0.1 2082 LISTEN UDP C:Program FilesInternet Exploreriexplore.exe
ccPxySvc.exe 1348 127.0.0.1 1027 LISTEN TCP C:Program FilesNorton Internet SecurityccPxySvc.exe
ccApp.exe 1540 127.0.0.1 1028 LISTEN TCP C:Program FilesCommon FilesSymantec SharedccApp.exe
I tried closing the svchost.exe using Port 1025 in Active Ports but my system froze, I needed to restart and I'm back to normal. The only thing that I've done recently was install a Network Card [it's got LAN Wake-Up - I don't know if that's significant or not ] as I'm going to upgrade to ADSL using a Netgear DG814 Modem/Firewall/Router. I'm worried about using Broadband if I've got an Open Port, I'd like to be fully stealthed if possible.
Any advice would be gratefully received.
Thanks,
George
PS Hopefully I've supplied enough info here.
Hopefully, someone can help me with an 'Open Port' using the GRC.com Site's check for Stealthed Ports. All my ports used to be stealthed using Norton Firewall 2003 but now I've got Port 1025 open! It seems to be something to do with 'Network Blackjack' [not something I've ever used] and the Trojans 'Fraggle Rock' 'MD5 Backdoor' 'Netspy' & 'Remote Alarm' could be connected through here from what I've read??
I've run Norton AV, SpyBot S&D plus an online trojan scanner - everything appears clean. I then installed 'Active Ports' which showed the following running during a normal surfing session using XP Pro & a DUN connection. Does this make sense?
System 4 0.0.0.0 445 LISTEN UDP
System 4 0.0.0.0 445 LISTEN TCP
System 4 0.0.0.0 1026 LISTEN TCP
svchost.exe 772 0.0.0.0 135 LISTEN TCP C:WINDOWSsystem32svchost.exe
svchost.exe 796 0.0.0.0 1025 LISTEN TCP C:WINDOWSSystem32svchost.exe
svchost.exe 856 0.0.0.0 1030 LISTEN UDP C:WINDOWSSystem32svchost.exe
svchost.exe 856 0.0.0.0 1039 LISTEN UDP C:WINDOWSSystem32svchost.exe
svchost.exe 856 0.0.0.0 1040 LISTEN UDP C:WINDOWSSystem32svchost.exe
BigFix.exe 1768 127.0.0.1 1044 LISTEN UDP C:Program FilesBigFixBigFix.exe
iexplore.exe 1404 127.0.0.1 2082 LISTEN UDP C:Program FilesInternet Exploreriexplore.exe
ccPxySvc.exe 1348 127.0.0.1 1027 LISTEN TCP C:Program FilesNorton Internet SecurityccPxySvc.exe
ccApp.exe 1540 127.0.0.1 1028 LISTEN TCP C:Program FilesCommon FilesSymantec SharedccApp.exe
I tried closing the svchost.exe using Port 1025 in Active Ports but my system froze, I needed to restart and I'm back to normal. The only thing that I've done recently was install a Network Card [it's got LAN Wake-Up - I don't know if that's significant or not ] as I'm going to upgrade to ADSL using a Netgear DG814 Modem/Firewall/Router. I'm worried about using Broadband if I've got an Open Port, I'd like to be fully stealthed if possible.
Any advice would be gratefully received.
Thanks,
George
PS Hopefully I've supplied enough info here.