viska wrote:
batista90 wrote:
and that dont take much since default in all in and out move in computers is port 1268..otherwice known as port 4

huh?
Checking, with ShieldsUp! from
http://www.grc.com I can see that port 1268 is listed as "propel-msgsys" with no further information, which I suspect implies that it is either an exploit that has got into you machine via this port, or maybe just normal handling (all ports from 1024 upwards, to the maximum 65535, are typically allocated dynamically).
On further inverstigation, "propel-msgsys" has something to do with the
http://propel.com/ software, I believe. I'd guess it is no longer in use by them, though.
I have no idea what port 4 might have to do with it. It has not got any predefined meaning, so far as GRC says. Indeed, it is very definitely shown as "unassigned" in the official lists for ports 0-1023. I would be very suspicious of it being in use at all. Any usage would almost certainly be improper.
If you take the GRC test (all service ports), you should see everything as "stealth". If not, you are probably infected and open to more infections.
I fail the test, because I am currently running a web server. Of all the posts, just my port 80 (http) is open - and it regularly gets attacked, which my firewall and Apache handle.
Interestingly, it's been a couple of days since the last attack got as far as Apache:
Code:
189.81.46.167 - - [07/Mar/2008:13:01:08 +0000]
"B\x92\xed\x97P\x97r`\x0fr\x84?\x
a4\x804\xc8\xd8\xf3'" 501 358 "-" "-"
That's an example of someone (in São Paulo, Brazil) trying to exploit a current open security hole in Microsoft servers (probably) or an ancient, filled one in Apache.
_________________
"Striking up conversations with strangers is an autistic person's version of extreme sports."
Kamran Nazeer