Jump to content

scgt1

Members
 View Profile  See their activity

  • Posts

    23

  • Joined

  • Last visited

 Content Type 

Posts posted by scgt1

    Secure browser handover is slow as can be IE Takes forever to actually open the window then also load up the page

    in ESET Internet Security & ESET Smart Security Premium

    Posted

    I recently had to reactive my Eset IS due to license expiration. I'm on version 14.0.22.0 and I'm not sure if it updated after inserting a new activation key or not. The problem I'm having all of a sudden now is while on Firefox (v86) if I insert an address that should automatically load up a secure browser such as chase.com the handover from normal browser to secured browser takes forever.

    The main window will say it's opening secured browser and it just sits there forever before it actually opens the secured browser window. Then that window will take forever to fully load up the page.

    I didn't have these issues until I added a new activation key so not sure if Eset IS updated after doing so or not but something is a miss with it taking forever and a day to open the secured browser window then actually load something up in it. Normal browsing is unchanged and normal.

    Unable to access Phatwalletforums for a few weeks since Eset IS update

    in ESET Internet Security & ESET Smart Security Premium

    Posted

    Just now, itman said:

    I have no issue accessing that web site on Win 10 20H2 using FireFox and Eset IS ver. 14.0.22:

    Eset_Web_Site.thumb.png.e9ef7d5657f496758220f86bff4f37f0.png

    Very odd since a Firefox refresh should have corrected any issues if it were browser related but considering Edge won't load it either that kinda rules out the browser being the issue and the fact I can access it on my mobile device just fine outside of the Eset environment.

    Unable to access Phatwalletforums for a few weeks since Eset IS update

    in ESET Internet Security & ESET Smart Security Premium

    Posted

    I'm currently on ver. 14.0.22.0 and it seems ever since it updated I haven't been able to access https://phatwalletforums.com

    Doesn't matter what browser I use. IE Newest FF or EDGE I can access the site just fine on FF with my mobile which isn't running Eset IS for mobile I just have this issue on my desktop that is running Eset IS. I've refreshed Firefox also to no avail. I'm pretty sure this issue stems from Eset IS not allowing the page to load. I receive this error no matter the browser used.

     

    Secure Connection Failed

    An error occurred during a connection to phatwalletforums.com. SSL received a record that exceeded the maximum permissible length.

    Error code: SSL_ERROR_RX_RECORD_TOO_LONG

        The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
        Please contact the website owners to inform them of this problem.

    ICMP flood Attack

    in ESET Internet Security & ESET Smart Security Premium

    Posted · Edited by scgt1

    Had a wild hair and ran the Shields up tests upnp, file sharing, common ports, all service ports on my cell and every test passed with flying colors. I'm not running a mobile version of Eset and just using the default android security on it.

    My game rig passes the common port test and has the 443 port as stealth so not sure why it shows closed on my daily unless it has something to do with the VPN service. My game rig also passes the all service ports test where as mentioned before it fails on the closed 443. Both my daily and game rig are on the same home network along with the dish boxes. So why one shows 443 as open and the other doesn't.........

    Both my phone and the game rig aren't ran through the VPN and are just protected with the routers security so they show the actual broadcast IP where my daily shows the assigned IP from the VPN service. So it may be the VPN service that has something to do with 443 being closed and not stealth. 

     

    Well turning off the firewall on the VPN Client (is said to not allow traffic when the client isn't connected) then disconnecting from the vpn client and running the common ports test again I pass and 443 shows secured. While running the all service ports 443 shows secured also. So I guess it's something to get with Windscribe about.

    ICMP flood Attack

    in ESET Internet Security & ESET Smart Security Premium

    Posted · Edited by scgt1

    39 minutes ago, itman said:

    As I stated previously in this thread if your share files and devices with other people on your home network, the Eset network setting should be Private; otherwise, it should be Public.

    As far as any VPN connection, that should be Public. Note - I am assuming your VPN connection is not to your work place.

    Ok I set the wired Network 1 to Home/Office and the WindscripeVPN connection to Public again removing 3 other rogue connections. This is all on a home network not work place.

    27 minutes ago, itman said:

    Appears it is constantly pinging for connectivity purposes - hopefully. Only way to stop that would be to uninstall the software and that hopefully would stop it. You might consider a "paid" VPN. 

    I am paying for the lifetime WindscripeVPN service. It has what they claim is a built-in firewall that doesn't allow connections unless the application is connected but I've occasionally been able to still load web pages when it isn't connected. I wrote into them on this matter but haven't received a message back.

    I also unblocked my R7000 from the Network Connection/Troubleshooting Wizard.

    I've scanned the home network with Eset and it tells me no threats were found yet this computer and the touter show a yellow exclamation point and state: Traffic blocked. Some traffic from this device has been blocked by the firewall.

    Flip side I guess after resetting the router I haven't seen the ARP Poisoning attack notices anymore and don't see anything odd in the router log yet either.

    ICMP flood Attack

    in ESET Internet Security & ESET Smart Security Premium

    Posted · Edited by scgt1

    12 minutes ago, itman said:

    I believe Dish is associated with AT&T.

    I have Uverse. It does indeed use port 443 on the WAN side on the router for inbound communication. Something I am not keen on but can't do anything about.

    Bottom line - you're OK.

    FYI - When you do the GRC Shields Up test. Make sure all applications are shutdown including your e-mail client. 

    I'll have to try that again with all the extra background stuff off.

    I've removed all the extra network listings in Eset to what I believe are the home and virtual (windscribevpn) What should these be set as public or private? I've also ran a network scan/tree with eset and the router doesn't come up as a notice anymore but my main desktop (the one I'm on) does and states traffic blocked.

    I really don't want to spend a day reloading this computer again but it's seeming that I'm heading down that road. Would probably be best to do all 3 of them just to make sure. I obviously need to make sure the router is completely secure first though or I'm just taking a leak toward the wind. lol

    I'm not seeing anymore of the notices in the router log since I reset it either but I also haven't turned off windscribeVPN client either or rebooted yet.

    Turn off windscribevpn client and the stupid ICMP threat popup from Eset for the router again.

     

    ICMP flood Attack

    in ESET Internet Security & ESET Smart Security Premium

    Posted

    Can't add anything else to the above post because it keeps putting the cursor in what I pasted.

    The All Service ports test yields the same as above just 443 as Closed the rest of the ports are secured unlike a few posts up where a bunch were open.

    This is also what it had to say about the same test:

    Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.
    transpixel.gif
    graypixel.gif
    transpixel.gif
    Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)
    transpixel.gif
    graypixel.gif
    transpixel.gif
    Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

    So still having some form of issue I think which with the router being hard reset and having to completely set it up again I would think it's the computers on the home network. I wish they taught this when I was in school I would know what I'm doing with this junk.

    ICMP flood Attack

    in ESET Internet Security & ESET Smart Security Premium

    Posted

    Well I reset my router and had a heck of a time getting back into it to set it up. Couldn't access it via any of the 3 pc's or my phone which have regularly been on the network prior to the rest. I pulled out my old surface RT tablet and was finally able to connect to the default connection without issue. Makes me wonder if I have 3 pc's and my cell infected with something.

    I've gone back through all the settings with changing my router's IP this go around considering all the freakin problems that have been appearing as of late with these notices out of nowhere which are now on 3 pc's (The ICMP flood issue geared toward the router).

    I've ran shields up tests again on my daily and got the same UPNP exposure results that say I can't be seen. Now only port 443 shows up in the common ports test but states:

    443 transpixel.gif
    HTTPS     		transpixel.gif
    Closed

    Your computer has responded that this port exists but is currently closed to connections

    ICMP flood Attack

    in ESET Internet Security & ESET Smart Security Premium

    Posted · Edited by scgt1

    39 minutes ago, NOD said:

    Cache poisoning attacks are not resolved with DNSSEC?
    Verify DNSSEC compliance : https://dnssec.vs.uni-due.de/

    https://developers.google.com/speed/public-dns/docs/security

     Nice to think it can spoof your own Ip's to make you think it's something on your own network. To make me feel even more secure:

    No, your DNS resolver does NOT validate DNSSEC signatures.

    I'm about to find some place to hire a security/network professional to fix this . It's all way over my head. I'm quite sure after reading on that Google page about the cache poisoning attacks I've already allowed it through with Eset. :-(

    FYI my AirVPN sub was coming due in July and I picked up a lifetime winscribe VPN sub a few days back for cheap so I just installed that this morning and I've removed AirVPN but nothing seems to have changed. So I don't think the VPN service had anything to do with it.

    Since switching to a different VPN client I'm running some of the security tests:

    File Sharing:

    1.gif Attempting connection to your computer. . .
    Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!
    reddash.gif Your Internet port 139 does not appear to exist!
    One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
    reddash.gif Unable to connect with NetBIOS to your computer.
    All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

     

    UPNP:

    THE EQUIPMENT AT THE TARGET IP ADDRESS
    DID NOT RESPOND TO OUR UPnP PROBES!

    Common Ports:

    FAILED Ports 21,22,80,143, and 443 are open

    All Service Ports:

    21,22,80,143,443, and 587

    Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.
    transpixel.gif
    graypixel.gif
    transpixel.gif
    Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)
    transpixel.gif
    graypixel.gif
    transpixel.gif
    Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

    Looks like I'm less secure with this VPN or something is on the system/router now that is mucking with more. I only had ports 88 and 89 open prior I believe.

     

    ICMP flood Attack

    in ESET Internet Security & ESET Smart Security Premium

    Posted

    I too have a bunch of networks showing up in Eset on my daily/media server while we just have two showing up on my fiances pc and my game rig.

    Eset SS on my fiances computer and my game rig both show:

    Wired Network 1 Home or Office Network inherited from Network Adapter

    Wired Network 2 Home of Office Network Inherited from Network Adapter

    While my daily shows the attached image. Looking up the in Network and Sharing center I only show two active networks. The first being Private Network using the Realtech network adapter and the second using TAP Windows Adapter 9. The unidentified network shows no network connectivity yet there is data up and down active on it. I'm not sure if that is the tunneling adapter that AirVPN uses or not.

     

     

     

    Networks.jpg

    ICMP flood Attack

    in ESET Internet Security & ESET Smart Security Premium

    Posted · Edited by scgt1

    So I turn off UPNP on the router and now I'm getting this pop up from Eset and another one for a duplicate IP on the home network I didn't catch that one in time before it went away though.

    The below "computer" is both my 65" Samsung tv and the Dish hopper in the living room. I'm also getting these notices on my fiances computer since turning off UPNP on the router. If I turn it back on these notices stop.

    turn off upnp on router leads to hopper and samsung tv.jpg

    ICMP flood Attack

    in ESET Internet Security & ESET Smart Security Premium

    Posted

    17 minutes ago, itman said:

    You don't have a problem. The router is dropping/blocking those requests on the WAN side of the router. In other words, they are not getting through to your internal network.

    Are these ok though:

    [UPnP set event: Public_UPNP_C3] from source (My actual computers IP on the network)

    [LAN access from remote] from 67.148.153.40:49792 to 192.168.***.***:5101, Saturday, Jun 10,2017 00:41:13 (Dish Hopper IP)
    [LAN access from remote] from 67.148.153.44:54215 to 192.168.***.***:5101, Saturday, Jun 10,2017 00:35:37 (Dish Hopper IP)

    [LAN access from remote] from 65.55.158.119:3544 to 192.168.***.***:63694, Friday, Jun 09,2017 21:20:18 (My actual computer IP on the network)

     

    I don't know what those from IP's are.

    ICMP flood Attack

    in ESET Internet Security & ESET Smart Security Premium

    Posted

    6 hours ago, itman said:

    Agreed.

    You need to examine the source of the echo requests which can on be done by examining the router's firewall log for like activity. If external flooding activity is occurring, it needs to be stopped by the router firewall.

    Again, most router firewalls are configured to drop incoming ICMP echo requests by default. Of course, routers can be misconfigured or hacked.

    The above that I posted is from the Log. Not exactly where to go from here since if what your saying is in fact what is going on then this is an issue obviously and somehow needs to be stopped. Getting a bit over my head though.

    ICMP flood Attack

    in ESET Internet Security & ESET Smart Security Premium

    Posted

    I wouldn't be so sure on the excluding the router from the icmp detection bit. I just checked my log for the heck of it and had these:

    [Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:56:15
    [Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:56:00
    [Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:55:50
    [Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:54:31
    [Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:54:21
    [Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:53:57
    [Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:52:25
    [Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:52:11
    [Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:52:01
    [Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:51:51
    [Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:51:37
    [Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:51:25
    [Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:51:10
    [Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:50:57
    [Self2WAN ICMP type b Detected!] To prevent from revealing router's activity, this packet is drop Thursday, Jun 08,2017 21:50:25

    Eset 10 network protection problems

    in ESET Internet Security & ESET Smart Security Premium

    Posted · Edited by scgt1

    Same issue here for the past couple of days. If I click them to turn them on it says I will be disabling them. This is on any of the 3 choices FW, IDS, or Botnet.

     

    Can't even connect to the internet on the pc that does have this problem. Shows network but no internet. Try to uninstall eset and it just sits there looking at me like I'm stupid. Can't uninstall in safe mode because the service to do so doesn't run in safe mode.

    After about 15-20 minutes last night the uninstall finally finished and I shut down for the night. This morning I install a fresh install of Eset. I no longer have the 3 items red but what I do have now is the stupic ICMP Flood attach error. That of which I haven't had on this pc. Of course like just about everyone else it's related to my router (R7000 in my case) I was on ver 9 something before this problem started happening on my daily. Est SS just updated to 10 on my game rig which is when the 3 red items started with last night being the first time I couldn't even get on over the past couple of days. After removing Eset SS I was able to connect online without issue. Which I'm still able now but there is some issue with v 10 to cause this icmp flood attack error directed at our routers I believe considering it wasn't a problem on v9.

     

    ICMP flood Attack

    in ESET Internet Security & ESET Smart Security Premium

    Posted

    Not the only one with this problem as you have stated. I think this started with the last Eset update or maybe even the Creators Update for Win 10. I'm on AirVPN though so I only get the message when not connected through AirVPN which is at boot up as the Eddie program is loading. Once I connect through Air the stupid Eset window goes away and doesn't come back unless I disconnect from AirVPN in the Eddie client.

    Having a new issue with Eset though in showing a red box with a 3 in it for Setup. It's showing my Firewall, IDS, Botnet are all red. If I click them it says are you sure you want to disable them. So they aren't off or are they?

    ICMP Flood Attacks????

    in ESET Internet Security & ESET Smart Security Premium

    Posted

    20 hours ago, itman said:

    Port 88 is used by Xbox Live 360.

    Port 89 only use I know of is:

    port 89 is a dedicated services port used as a Telnet Gateway between Mass Institue of Technology (MIT) and ___ University (SU)

    Note that if you are using a router, the GRC test is reflecting the inbound port status of the router.

    Your Flood attacks are most likely due to this:

    Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

    Again, this can be controlled via router firewall settings. However with some ISP provided routers, ICMP Echo Reply requests are allowed since the ISP uses such to ensure connectivity exists.

    So the two ports that are open are ok?

    What would I need to do with the router settings for the ping reply? Using R7000 retail non ISP provided.

    ICMP Flood Attacks????

    in ESET Internet Security & ESET Smart Security Premium

    Posted · Edited by scgt1

    On 1/7/2017 at 9:27 AM, itman said:

    Normally, your router should be configured to block external ICMP echo requests. You can test if that is functional by going to this web site: https://www.grc.com/shieldsup then click on the "Proceed" tab in the displayed web page. Then select the "Common Ports" scan. When it completes, note the results of the "Echo Ping" test. It should state that you passed. If you didn't pass, then your router is not properly configured to prevent ICMP Flood attacks. The router is your first line of defense against ICMP Flood attacks.

    If you passed the Echo Ping test, then a number of other scenarios might be occurring. An external DDoS attack might be occurring against your router and it is overwhelming the capability of the router to block such traffic. You should examine your router's log file to determine if this is the case. If an external DDoS ICMP Flood attack is occurring, you need to create a router firewall rule, assuming your router has a configurable firewall, to block all inbound traffic for the IP addresses that are the source of the DDoS attack.

    If an external DDoS attack is not the case, then it is possible that your router is "misbehaving." It is normal for some routers to issue an ICMP echo request to establish connectivity with a target device. If there is a problem with this request being acknowledged by the targeted device, it could be the router is stuck in a loop where it is repeatedly sending ICMP echo request transactions and Eset's IPS protection is interpreting this activity as an ICMP Flood attack. 

    I have recently been getting this notice while my computer is connecting to AirVPN after reboot. (The VPN service has it's own tunneling adapter which bypasses the windows network from my understanding. Running the link above I yield the following results:

    Solicited TCP Packets: PASSED — No TCP packets were received from your system as a direct result of our attempts to elicit some response from any of the ports listed below — they are all either fully stealthed or blocked by your ISP. However . . .
    transpixel.gif
    graypixel.gif
    transpixel.gif
    Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)
    transpixel.gif
    graypixel.gif
    transpixel.gif
    Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

    transpixel.gifI will add that with using AirVPN I'm claimed to be actually invisible. My IP that comes up is the one from AirVPN and not my actual IP address nor my routers.

    While running the other test (upnp) from that page I got these results:

     

    THE EQUIPMENT AT THE TARGET IP ADDRESS
    DID NOT RESPOND TO OUR UPnP PROBES!

    File Sharing test:

    1.gif Attempting connection to your computer. . .
    Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!
    reddash.gif Your Internet port 139 does not appear to exist!
    One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
    reddash.gif Unable to connect with NetBIOS to your computer.
    All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

     

     

    darkredpixel.gif

     

    Service port check yielded the following:

    0 / <nil> / Reserved 1 / tcpmux / TCP Port Service Multiplexer 2 / compressnet / Management Utility 3 / compressnet / Compression Process 4 5 / rje / Remote Job Entry 6 7 / echo / Echo 8 9 / discard / Discard 10 11 / systat / Active Users 12 13 / daytime / Daytime 14 15 16 17 / qotd / Quote of the Day 18 / msp / Message Send Protocol 19 / chargen / Character Generator 20 / ftp-data / File Transfer Protocol / Default Data Channel 21 / ftp / File Transfer Protocol / Control Channel 22 / ssh / SSH Remote Login Protocol 23 / telnet / Telnet 24 / privmail / Private Mail System 25 / smtp / Simple Mail Transfer Protocol 26 27 / nsw-fe / NSW User System FE 28 / - / (Used by 'Amanda' Trojan) 29 / msg-icp / MSG ICP 30 / - / (Used by 'Agent 40421' Trojan) 31 / msg-auth / MSG Authentication 31
    32  32 33 / dsp / Display Support Protocol 34 35 / privprnt / Private Printer Server 36 37 / time / Time 38 / rap / Route Access Protocol 39 / rlp / Resource Location Protocol 40 41 / graphics / Graphics 42 / nameserver / Host Name Server 43 / nicname / Who Is 44 / mpm-flags / Message Processing Module / Flags 45 / mpm / Message Processing Module / Receive 46 / mpm-snd / Message Processing Module / Send 47 / ni-ftp / NI FTP 48 / auditd / Digital Audit Daemon 49 / tacacs / Login Host Protocol 50 / re-mail-ck / Remote Mail Checking Protocol 51 / la-maint / IMP Logical Address Maintenance 52 / xns-time / XNS Time Protocol 53 / domain / Domain Name Server 54 / xns-ch / XNS Clearinghouse 55 / isi-gl / ISI Graphics Language 56 / xns-auth / XNS Authentication 57 / privterm / Private Terminal Access 58 / xns-mail / XNS Mail 59 / privfs / Private File Service 60 61 / ni-mail / NI MAIL 62 / acas / ACA Services 63 / whois++ / whois++ 63
    64  64 / covia / Communications Integrator (CI) 65 / tacacs-ds / TACACS-Database Service 66 / sql*net / Oracle SQL*NET 67 / bootps / Bootstrap Protocol Server 68 / bootpc / Bootstrap Protocol Client 69 / tftp / Trivial File Transfer 70 / gopher / Gopher 71 / netrjs-1 / Remote Job Service 72 / netrjs-2 / Remote Job Service 73 / netrjs-3 / Remote Job Service 74 / netrjs-4 / Remote Job Service 75 / privdial / Private Dial Out Service 76 / deos / Distributed External Object Store 77 / privRJE / Private RJE Service 78 / vettcp / vettcp 79 / finger / Finger 80 / http / World Wide Web HTTP Protocol 81 / hosts2-ns / HOSTS2 Name Server 82 / xfer / XFER Utility 83 / mit-ml-dev / MIT ML Device 84 / ctf / Common Trace Facility 85 / mit-ml-dev / MIT ML Device 86 / mfcobol / Micro Focus Cobol 87 / privlnk / Private Terminal Link 88 / kerberos / Kerberos 89 / su-mit-tg / SU/MIT Telnet Gateway 90 / dnsix / DNSIX Securit Attribute Token Map 91 / mit-dov / MIT Dover Spooler 92 / npp / Network Printing Protocol 93 / dcp / Device Control Protocol 94 / objcall / Tivoli Object Dispatcher 95 / supdup / SUPDUP 95
    96  96 / dixie / DIXIE Protocol Specification 97 / swift-rvf / Swift Remote Virtural File Protocol 98 / tacnews / TAC News 99 / metagram / Metagram Relay 100 101 / hostname / NIC Host Name Server 102 / iso-tsap / ISO-TSAP Class 0 103 / gppitnp / Genesis Point-to-Point Trans Net 104 / acr-nema / ACR-NEMA Digital Imag. & Comm. 300 105 / csnet-ns / Mailbox Name Nameserver 106 / 3com-tsmux / 3COM-TSMUX 107 / rtelnet / Remote Telnet Service 108 / snagas / SNA Gateway Access Server 109 / pop2 / Post Office Protocol - Version 2 110 / pop3 / Post Office Protocol - Version 3 111 / sunrpc / SUN Remote Procedure Call 112 / mcidas / McIDAS Data Transmission Protocol 113 / ident / Authentication Service 114 / audionews / Audio News Multicast 115 / sftp / Simple File Transfer Protocol 116 / ansanotify / ANSA REX Notify 117 / uucp-path / UUCP Path Service 118 / sqlserv / SQL Services 119 / nntp / Network News Transfer Protocol 120 / cfdptkt / CFDPTKT 121 / erpc / Encore Expedited Remote Pro.Call 122 / smakynet / SMAKYNET 123 / ntp / Network Time Protocol 124 / ansatrader / ANSA REX Trader 125 / locus-map / Locus PC-Interface Net Map Ser 126 / nxedit / NXEdit 127 / locus-con / Locus PC-Interface Conn Server 127
    128  128 / gss-xlicen / GSS X License Verification 129 / pwdgen / Password Generator Protocol 130 / cisco-fna / cisco FNATIVE 131 / cisco-tna / cisco TNATIVE 132 / cisco-sys / cisco SYSMAINT 133 / statsrv / Statistics Service 134 / ingres-net / INGRES-NET Service 135 / epmap / DCE endpoint resolution 136 / profile / PROFILE Naming System 137 / netbios-ns / NetBIOS Name Service 138 / netbios-dgm / NetBIOS Datagram Service 139 / netbios-ssn / NetBIOS Session Service 140 / emfis-data / EMFIS Data Service 141 / emfis-cntl / EMFIS Control Service 142 / bl-idm / Britton-Lee IDM 143 / imap / Internet Message Access Protocol 144 / uma / Universal Management Architecture 145 / uaac / UAAC Protocol 146 / iso-tp0 / ISO-IP0 147 / iso-ip / ISO-IP 148 / jargon / Jargon 149 / aed-512 / AED 512 Emulation Service 150 / sql-net / SQL-NET 151 / hems / HEMS 152 / bftp / Background File Transfer Protocol 153 / sgmp / SGMP 154 / netsc-prod / NETSC 155 / netsc-dev / NETSC 156 / sqlsrv / SQL Service 157 / knet-cmp / KNET/VM Command/Message Protocol 158 / pcmail-srv / PCMail Server 159 / nss-routing / NSS-Routing 159
    160  160 / sgmp-traps / SGMP-TRAPS 161 / snmp / SNMP 162 / snmptrap / SNMPTRAP 163 / cmip-man / CMIP Manager 164 / cmip-agent / CMIP Agent 165 / xns-courier / Xerox 166 / s-net / Sirius Systems 167 / namp / NAMP 168 / rsvd / RSVD 169 / send / SEND 170 / print-srv / Network PostScript 171 / multiplex / Network Innovations Multiplex 172 / cl/1 / Network Innovations CL/1 173 / xyplex-mux / Xyplex 174 / mailq / MAILQ 175 / vmnet / VMNET 176 / genrad-mux / GENRAD-MUX 177 / xdmcp / X Display Manager Control Protocol 178 / nextstep / NextStep Window Server 179 / bgp / Border Gateway Protocol 180 / ris / Intergraph 181 / unify / Unify 182 / audit / Unisys Audit SITP 183 / ocbinder / OCBinder 184 / ocserver / OCServer 185 / remote-kis / Remote-KIS 186 / kis / KIS Protocol 187 / aci / Application Communication Interface 188 / mumps / Plus Five's MUMPS 189 / qft / Queued File Transport 190 / gacp / Gateway Access Control Protocol 191 / prospero / Prospero Directory Service 191
    192  192 / osu-nms / OSU Network Monitoring System 193 / srmp / Spider Remote Monitoring Protocol 194 / irc / Internet Relay Chat Protocol 195 / dn6-nlm-aud / DNSIX Network Level Module Audit 196 / dn6-smm-red / DNSIX Session Mgt Module Audit Redir 197 / dls / Directory Location Service 198 / dls-mon / Directory Location Service Monitor 199 / smux / SMUX 200 / src / IBM System Resource Controller 201 / at-rtmp / AppleTalk Routing Maintenance 202 / at-nbp / AppleTalk Name Binding 203 / at-3 / AppleTalk Unused 204 / at-echo / AppleTalk Echo 205 / at-5 / AppleTalk Unused 206 / at-zis / AppleTalk Zone Information 207 / at-7 / AppleTalk Unused 208 / at-8 / AppleTalk Unused 209 / qmtp / The Quick Mail Transfer Protocol 210 / z39.50 / ANSI Z39.50 211 / 914c/g / Texas Instruments 914C/G Terminal 212 / anet / ATEXSSTR 213 / ipx / IPX 214 / vmpwscs / VM PWSCS 215 / softpc / Insignia Solutions 216 / CAIlic / Computer Associates Int'l License Server 217 / dbase / dBASE Unix 218 / mpp / Netix Message Posting Protocol 219 / uarps / Unisys ARPs 220 / imap3 / Interactive Mail Access Protocol v3 221 / fln-spx / Berkeley rlogind with SPX auth 222 / rsh-spx / Berkeley rshd with SPX auth 223 / cdc / Certificate Distribution Center 223
    224  224 / masqdialer / masqdialer 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 / direct / Direct 243 / sur-meas / Survey Measurement 244 / inbusiness / inbusiness 245 / link / LINK 246 / dsp3270 / Display Systems Protocol 247 / subntbcst_tftp / SUBNTBCST_TFTP 248 / bhfhs / bhfhs 249 250 251 252 253 254 255 255
    256  256 / rap / RAP 257 / set / Secure Electronic Transaction 258 / yak-chat / Yak Winsock Personal Chat 259 / esro-gen / Efficient Short Remote Operations 260 / openport / Openport 261 / nsiiops / IIOP Name Service over SSL 262 / arcisdms / Arcisdms 263 / hdap / HDAP 264 / bgmp / BGMP 265 / x-bone-ctl / X-Bone CTL 266 / sst / SCSI on ST 267 / td-service / Tobit David Service Layer 268 / td-replica / Tobit David Replica 269 270 271 272 273 274 275 276 277 278 279 280 / http-mgmt / http-mgmt 281 / personal-link / Personal Link 282 / cableport-ax / Cable Port A/X 283 / rescap / rescap 284 / corerjd / corerjd 285 / - / (Used by 'WCTrojan' Trojan) 286 / fxp-1 / FXP-1 287 / k-block / K-BLOCK 287
    288  288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 / novastorbakcup / Novastor Backup 309 / entrusttime / EntrustTime 310 / bhmds / bhmds 311 / asip-webadmin / AppleShare IP WebAdmin 312 / vslmp / VSLMP 313 / magenta-logic / Magenta Logic 314 / opalis-robot / Opalis Robot 315 / dpsi / DPSI 316 / decauth / decAuth 317 / zannet / Zannet 318 / pkix-timestamp / PKIX TimeStamp 319 / ptp-event / PTP Event 319
    320  320 / ptp-general / PTP General 321 / pip / PIP 322 / rtsps / RTSPS 323 324 325 326 327 328 329 330 331 332 333 / texar / Texar Security Port 334 / - / (Used by 'Backage' Trojan) 335 336 337 338 339 340 341 342 343 344 / pdap / Prospero Data Access Protocol 345 / pawserv / Perf Analysis Workbench 346 / zserv / Zebra server 347 / fatserv / Fatmen Server 348 / csi-sgwp / Cabletron Management Protocol 349 / mftp / mftp 350 / matip-type-a / MATIP Type A 351 / matip-type-b / MATIP Type B 351
    352  352 / dtag-ste-sb / DTAG 353 / ndsauth / NDSAUTH 354 / bh611 / bh611 355 / datex-asn / DATEX-ASN 356 / cloanto-net-1 / Cloanto Net 1 357 / bhevent / bhevent 358 / shrinkwrap / Shrinkwrap 359 / nsrmp / Network Security Risk Management Protocol 360 / scoi2odialog / scoi2odialog 361 / semantix / Semantix 362 / srssend / SRS Send 363 / rsvp_tunnel / RSVP Tunnel 364 / aurora-cmgr / Aurora CMGR 365 / dtk / DTK 366 / odmr / ODMR 367 / mortgageware / MortgageWare 368 / qbikgdp / QbikGDP 369 / rpc2portmap / rpc2portmap 370 / codaauth2 / codaauth2 371 / clearcase / Clearcase 372 / ulistproc / ListProcessor 373 / legent-1 / Legent Corporation 374 / legent-2 / Legent Corporation 375 / hassle / Hassle 376 / nip / Amiga Envoy Network Inquiry Proto 377 / tnETOS / NEC Corporation 378 / dsETOS / NEC Corporation 379 / is99c / TIA/EIA/IS-99 modem client 380 / is99s / TIA/EIA/IS-99 modem server 381 / hp-collector / hp performance data collector 382 / hp-managed-node / hp performance data managed node 383 / hp-alarm-mgr / hp performance data alarm manager 383
    384  384 / arns / A Remote Network Server System 385 / ibm-app / IBM Application 386 / asa / ASA Message Router Object Def. 387 / aurp / Appletalk Update-Based Routing Pro. 388 / unidata-ldm / Unidata LDM 389 / ldap / Lightweight Directory Access Protocol 390 / uis / UIS 391 / synotics-relay / SynOptics SNMP Relay Port 392 / synotics-broker / SynOptics Port Broker Port 393 / meta5 / Meta5 394 / embl-ndt / EMBL Nucleic Data Transfer 395 / netcp / NETscout Control Protocol 396 / netware-ip / Novell Netware over IP 397 / mptn / Multi Protocol Trans. Net. 398 / kryptolan / Kryptolan 399 / iso-tsap-c2 / ISO Transport Class 2 Non-Control over TCP 400 / work-sol / Workstation Solutions 401 / ups / Uninterruptible Power Supply 402 / genie / Genie Protocol 403 / decap / decap 404 / nced / nced 405 / ncld / ncld 406 / imsp / Interactive Mail Support Protocol 407 / timbuktu / Timbuktu 408 / prm-sm / Prospero Resource Manager Sys. Man. 409 / prm-nm / Prospero Resource Manager Node Man. 410 / decladebug / DECLadebug Remote Debug Protocol 411 / rmt / Remote MT Protocol 412 / synoptics-trap / Trap Convention Port 413 / smsp / Storage Management Services Protocol 414 / infoseek / InfoSeek 415 / bnet / BNet 415
    416  416 / silverplatter / Silverplatter 417 / onmux / Onmux 418 / hyper-g / Hyper-G 419 / ariel1 / Ariel 1 420 / smpte / SMPTE 421 / ariel2 / Ariel 2 422 / ariel3 / Ariel 3 423 / opc-job-start / IBM Operations Planning and Control Start 424 / opc-job-track / IBM Operations Planning and Control Track 425 / icad-el / ICAD 426 / smartsdp / smartsdp 427 / svrloc / Server Location 428 / ocs_cmu / OCS_CMU 429 / ocs_amu / OCS_AMU 430 / utmpsd / UTMPSD 431 / utmpcd / UTMPCD 432 / iasd / IASD 433 / nnsp / NNSP 434 / mobileip-agent / MobileIP-Agent 435 / mobilip-mn / MobilIP-MN 436 / dna-cml / DNA-CML 437 / comscm / comscm 438 / dsfgw / dsfgw 439 / dasp / dasp Thomas Obermair 440 / sgcp / sgcp 441 / decvms-sysmgt / decvms-sysmgt 442 / cvc_hostd / cvc_hostd 443 / https / secure http protocol (SSL) 444 / snpp / Simple Network Paging Protocol 445 / microsoft-ds / Microsoft Directory Service 446 / ddm-rdb / DDM-RDB 447 / ddm-dfm / DDM-RFM 447
    448  448 / ddm-ssl / DDM-SSL 449 / as-servermap / AS Server Mapper 450 / tserver / Computer Supported Telecomunication Applications 451 / sfs-smp-net / Cray Network Semaphore server 452 / sfs-config / Cray SFS config server 453 / creativeserver / CreativeServer 454 / contentserver / ContentServer 455 / creativepartnr / CreativePartnr 456 / macon-tcp / macon-tcp 457 / scohelp / scohelp 458 / appleqtc / apple quick time 459 / ampr-rcmd / ampr-rcmd 460 / skronk / skronk 461 / datasurfsrv / DataRampSrv 462 / datasurfsrvsec / DataRampSrvSec 463 / alpes / alpes 464 / kpasswd / kpasswd 465 / urd / URL Rendesvous Directory for SSM 466 / digital-vrc / digital-vrc 467 / mylex-mapd / mylex-mapd 468 / photuris / proturis 469 / rcp / Radio Control Protocol 470 / scx-proxy / scx-proxy 471 / mondex / Mondex 472 / ljk-login / ljk-login 473 / hybrid-pop / hybrid-pop 474 / tn-tl-w1 / tn-tl-w1 475 / tcpnethaspsrv / tcpnethaspsrv 476 / tn-tl-fd1 / tn-tl-fd1 477 / ss7ns / ss7ns 478 / spsc / spsc 479 / iafserver / iafserver 479
    480  480 / iafdbase / iafdbase 481 / ph / Ph service 482 / bgs-nsi / bgs-nsi 483 / ulpnet / ulpnet 484 / integra-sme / Integra Software Management Environment 485 / powerburst / Air Soft Power Burst 486 / avian / avian 487 / saft / saft Simple Asynchronous File Transfer 488 / gss-http / gss-http 489 / nest-protocol / nest-protocol 490 / micom-pfs / micom-pfs 491 / go-login / go-login 492 / ticf-1 / Transport Independent Convergence for FNA 493 / ticf-2 / Transport Independent Convergence for FNA 494 / pov-ray / POV-Ray 495 / intecourier / intecourier 496 / pim-rp-disc / PIM-RP-DISC 497 / dantz / dantz 498 / siam / siam 499 / iso-ill / ISO ILL Protocol 500 / isakmp / isakmp 501 / stmf / STMF 502 / asa-appl-proto / asa-appl-proto 503 / intrinsa / Intrinsa 504 / citadel / citadel 505 / mailbox-lm / mailbox-lm 506 / ohimsrv / ohimsrv 507 / crs / crs 508 / xvttp / xvttp 509 / snare / snare 510 / fcp / FirstClass Protocol 511 / passgo / PassGo 511
    512  512 / exec / remote process execution 513 / login / remote login a la telnet 514 / syslog / syslog 515 / printer / spooler 516 / videotex / videotex 517 / talk / like tenex link 518 519 / utime / unixtime 520 / efs / extended file name server 521 / ripng / ripng 522 / ulp / ULP 523 / ibm-db2 / IBM-DB2 524 / ncp / NCP 525 / timed / timeserver 526 / tempo / newdate 527 / stx / Stock IXChange 528 / custix / Customer IXChange 529 / irc-serv / IRC-SERV 530 / courier / rpc 531 / conference / chat 532 / netnews / readnews 533 / netwall / for emergency broadcasts 534 / mm-admin / MegaMedia Admin 535 / iiop / iiop 536 / opalis-rdv / opalis-rdv 537 / nmsp / Networked Media Streaming Protocol 538 / gdomap / gdomap 539 / apertus-ldp / Apertus Technologies Load Determination 540 / uucp / uucpd 541 / uucp-rlogin / uucp-rlogin 542 / commerce / commerce 543 543
    544  544 / kshell / krcmd 545 / appleqtcsrvr / appleqtcsrvr 546 / dhcpv6-client / DHCPv6 Client 547 / dhcpv6-server / DHCPv6 Server 548 / afpovertcp / AFP over TCP 549 / idfp / IDFP 550 / new-rwho / new-who 551 / cybercash / cybercash 552 / devshr-nts / DeviceShare 553 / pirp / pirp 554 / rtsp / Real Time Stream Control Protocol 555 556 / remotefs / rfs server 557 / openvms-sysipc / openvms-sysipc 558 / sdnskmp / SDNSKMP 559 / teedtap / TEEDTAP 560 / rmonitor / rmonitord 561 562 / chshell / chcmd 563 / nntps / secure nntp protocol (SSL) (was snntp) 564 / 9pfs / plan 9 file service 565 / whoami / whoami 566 / streettalk / streettalk 567 / banyan-rpc / banyan-rpc 568 / ms-shuttle / microsoft shuttle 569 / ms-rome / microsoft rome 570 / meter / demon 571 / meter / udemon 572 / sonar / sonar 573 / banyan-vip / banyan-vip 574 / ftp-agent / FTP Software Agent System 575 / vemmi / VEMMI 575
    576  576 / ipcd / ipcd 577 / vnas / vnas 578 / ipdd / ipdd 579 / decbsrv / decbsrv 580 / sntp-heartbeat / SNTP HEARTBEAT 581 / bdp / Bundle Discovery Protocol 582 / scc-security / SCC Security 583 / philips-vc / Philips Video-Conferencing 584 / keyserver / Key Server 585 / imap4-ssl / IMAP4+SSL (use 993 instead) 586 / password-chg / Password Change 587 / submission / Submission 588 / cal / CAL 589 / eyelink / EyeLink 590 / tns-cml / TNS CML 591 / http-alt / FileMaker Inc. - HTTP Alternate (see Port 80) 592 / eudora-set / Eudora Set 593 / http-rpc-epmap / HTTP RPC Ep Map 594 / tpip / TPIP 595 / cab-protocol / CAB Protocol 596 / smsd / SMSD 597 / ptcnameservice / PTC Name Service 598 / sco-websrvrmg3 / SCO Web Server Manager 3 599 / acp / Aeolon Core Protocol 600 / ipcserver / Sun IPC server 601 / syslog-conn / Reliable Syslog Service 602 / xmlrpc-beep / XML-RPC over BEEP 603 / idxp / IDXP 604 / tunnel / TUNNEL 605 / soap-beep / SOAP over BEEP 606 / urm / Cray Unified Resource Manager 607 / nqs / nqs 607
    608  608 / sift-uft / Sender-Initiated/Unsolicited File Transfer 609 / npmp-trap / npmp-trap 610 / npmp-local / npmp-local 611 / npmp-gui / npmp-gui 612 / hmmp-ind / HMMP Indication 613 / hmmp-op / HMMP Operation 614 / sshell / Secure SSLshell 615 / sco-inetmgr / Internet Configuration Manager 616 / sco-sysmgr / SCO System Administration Server 617 / sco-dtmgr / SCO Desktop Administration Server 618 / dei-icda / DEI-ICDA 619 / compaq-evm / Compaq EVM 620 / sco-websrvrmgr / SCO WebServer Manager 621 / escp-ip / ESCP 622 / collaborator / Collaborator 623 / asf-rmcp / ASF Remote Management and Control Protocol 624 / cryptoadmin / Crypto Admin 625 / dec_dlm / DEC DLM 626 / asia / ASIA 627 / passgo-tivoli / PassGo Tivoli 628 / qmqp / QMQP 629 / 3com-amp3 / 3Com AMP3 630 / rda / RDA 631 / ipp / IPP (Internet Printing Protocol) 632 / bmpp / bmpp 633 / servstat / Service Status update (Sterling Software) 634 / ginad / ginad 635 / rlzdbase / RLZ DBase 636 / ldaps / secure ldap protocol (SSL) (was sldap) 637 / lanserver / lanserver 638 / mcns-sec / mcns-sec 639 / msdp / MSDP 639
    640  640 / entrust-sps / entrust-sps 641 / repcmd / repcmd 642 / esro-emsdp / ESRO-EMSDP V1.3 643 / sanity / SANity 644 / dwr / dwr 645 / pssc / PSSC 646 / ldp / LDP 647 / dhcp-failover / DHCP Failover 648 / rrp / Registry Registrar Protocol (RRP) 649 / cadview-3d / Cadview-3d - streaming 3d models over the internet 650 / obex / OBEX 651 / ieee-mms / IEEE MMS 652 / hello-port / HELLO_PORT 653 / repscmd / RepCmd 654 / aodv / AODV 655 / tinc / TINC 656 / spmp / SPMP 657 / rmc / RMC 658 / tenfold / TenFold 659 660 / mac-srvr-admin / MacOS Server Admin 661 / hap / HAP 662 / pftp / PFTP 663 / purenoise / PureNoise 664 / asf-secure-rmcp / ASF Secure Remote Management and Control Protocol 665 / sun-dr / Sun DR 666 667 / disclose / campaign contribution disclosures - SDR Technologies 668 / mecomm / MeComm 669 / meregister / MeRegister 670 / vacdsm-sws / VACDSM-SWS 671 / vacdsm-app / VACDSM-APP 671
    672  672 / vpps-qua / VPPS-QUA 673 / cimplex / CIMPLEX 674 / acap / ACAP 675 / dctp / DCTP 676 / vpps-via / VPPS Via 677 / vpp / Virtual Presence Protocol 678 / ggf-ncp / GNU Generation Foundation NCP 679 / mrm / MRM 680 / entrust-aaas / entrust-aaas 681 / entrust-aams / entrust-aams 682 / xfr / XFR 683 / corba-iiop / CORBA IIOP 684 / corba-iiop-ssl / CORBA IIOP SSL 685 / mdc-portmapper / MDC Port Mapper 686 / hcp-wismar / Hardware Control Protocol Wismar 687 / asipregistry / asipregistry 688 / realm-rusd / REALM-RUSD 689 / nmap / NMAP 690 / vatp / VATP 691 / msexch-routing / MS Exchange Routing 692 / hyperwave-isp / Hyperwave-ISP 693 / connendp / connendp 694 / ha-cluster / ha-cluster 695 / ieee-mms-ssl / IEEE-MMS-SSL 696 / rushd / RUSHD 697 / uuidgen / UUIDGEN 698 / olsr / OLSR 699 / accessnetwork / Access Network 700 701 702 703 703
    704  704 / elcsd / errlog copy/server daemon 705 / agentx / AgentX 706 / silc / SILC 707 / borland-dsj / Borland DSJ 708 709 / entrust-kmsh / Entrust Key Management Service Handler 710 / entrust-ash / Entrust Administration Service Handler 711 / cisco-tdp / Cisco TDP 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 / netviewdm1 / IBM NetView DM/6000 Server/Client 730 / netviewdm2 / IBM NetView DM/6000 send 731 / netviewdm3 / IBM NetView DM/6000 receive 732 733 734 735 735
    736  736 737 738 739 740 741 / netgw / netGW 742 / netrcs / Network based Rev. Cont. Sys. 743 744 / flexlm / Flexible License Manager 745 746 747 / fujitsu-dev / Fujitsu Device Control 748 / ris-cm / Russell Info Sci Calendar Manager 749 / kerberos-adm / kerberos administration 750 751 752 753 754 / tell / send 755 756 757 758 759 760 761 762 763 764 765 766 767 / phonebook / phone 767
    768  768 769 770 771 772 773 774 775 776 777 / multiling-http / Multiling HTTP 778 779 780 781 782 783 784 785 / - / (Used by 'Network Terrorist' Trojan) 786 787 788 789 790 791 792 793 794 795 796 797 798 799 799
    800  800 801 802 803 804 805 806 807 808 / - / (Used by 'WinHole' Trojan) 809 810 / fcp-udp / FCP 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 / itm-mcell-s / itm-mcell-s 829 / pkix-3-ca-ra / PKIX-3 CA/RA 830 831 / - / (Used by 'Neurotic Kat' Trojan) 831
    832  832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 / dhcp-failover2 / dhcp-failover 2 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 863
    864  864 865 866 867 868 869 870 871 872 873 / rsync / rsync 874 875 876 877 878 879 880 881 882 883 884 885 886 / iclcnet-locate / ICL coNETion locate server 887 / iclcnet_svinfo / ICL coNETion server info 888 / cddbp / CD Database Protocol 889 890 891 892 893 894 895 895
    896  896 897 898 899 900 / omginitialrefs / OMG Initial Refs 901 / smpnameres / SMPNAMERES 902 / ideafarm-chat / IDEAFARM-CHAT 903 / ideafarm-catch / IDEAFARM-CATCH 904 905 906 907 908 909 910 911 / xact-backup / xact-backup 912 / apex-mesh / APEX relay-relay service 913 / apex-edge / APEX endpoint-relay service 914 915 916 917 918 919 920 921 922 923 924 925 926 927 927
    928  928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 959
    960  960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 / ftps-data / secure ftp protocol / data over SSL 990 / ftps / secure ftp protocol / control over SSL 991 / nas / Netnews Administration System 991
    992  992 / telnets / secure telnet protocol over SSL 993 / imaps / secure imap4 protocol over SSL 994 / ircs / secure irc protocol over SSL 995 / pop3s / secure pop3 protocol over SSL (was spop3) 996 / vsinet / vsinet 997 998 999 1000 1001 / - / (popular with Trojans - see details) 1002 / ms-ils / Microsoft Netmeeting ILS Service 1003 1004 1005 / - / (Used by 'Theef' Trojan) 1006 1007 1008 / - / (Used by 'Lion' & 'AutoSpy' Trojans) 1009 1010 / surf / surf (also used by 'Doly' Trojan) 1011 / - / (Used by 'Doly' Trojan) 1012 / - / (Used by 'Doly' Trojan) 1013 1014 1015 / - / (Used by 'Doly' Trojan) 1016 / - / (Used by 'Doly' Trojan) 1017 1018 1019 1020 / - / (Used by 'Doly' Trojan) 1021 1022 1023 / - / Reserved 1023
    1024  1024 / ms-svchost / Microsoft Generic Service Host 1025 / ms-svchost / Microsoft Generic Service Host 1026 / ms-svchost / Microsoft Generic Service Host 1027 / ms-svchost / Microsoft Generic Service Host 1028 / ms-svchost / Microsoft Generic Service Host 1029 / ms-svchost / Microsoft Generic Service Host 1030 / ms-svchost / Microsoft Generic Service Host 1031 / iad2 / BBN IAD 1032 / iad3 / BBN IAD 1033 / netinfo-local / local netinfo port 1034 / activesync / ActiveSync Notifications 1035 / - / (Used by 'Multidropper' Trojan) 1036 / pcg-radar / RADAR Service Protocol 1037 1038 1039 1040 / netarx / Netarx 1041 1042 / - / (Used by 'BLA' Trojan) 1043 1044 1045 / fpitp / Fingerprint Image Transfer Protocol 1046 1047 / neod1 / Sun's NEO Object Request Broker 1048 / neod2 / Sun's NEO Object Request Broker 1049 / td-postman / Tobit David Postman VPMN 1050 / cma / CORBA Management Agent 1051 / optima-vnet / Optima VNET 1052 / ddt / Dynamic DNS Tools 1053 / remote-as / Remote Assistant (RA) 1054 / brvread / BRVREAD 1055 / ansyslmd / ANSYS - License Manager 1055
    Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.
    transpixel.gif
    graypixel.gif
    transpixel.gif
    Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)
    transpixel.gif
    graypixel.gif
    transpixel.gif
    Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

    transpixel.gif
    Alot of network stuff is always way over my head but it seems I have two ports open from the above check and that could be where this icmp bit is coming from?

    Eset Anti-Theft infinite test 45+ minutes so far

    in ESET Internet Security & ESET Smart Security Premium

    Posted

    I just reloaded my pc with a fresh reformat. So I'm setting things up. When I logged into Anti-Theft there were two instances of this pc listed. The second had a 1 after it. So I deleted the one with the 1 since my pc isn't named that. Well it has been running the test now for over 45 minutes. I've refreshed and it still states test is still running.

     

    I initially purchased a 3 pc 1 year Smart Security and have only installed to this pc. Hopefully it didn't take this second install away from one of the 2 remaining pc installs.

     

    I also don't see the ghost account when I look at Drive security settings. I hope it didn't make this fresh install the pc with the 1 at the end and I didn't just screw everything up.

×
×
  • Create New...