[Dshield] Obscure question

Paul Marsh pmarsh at nmefdn.org
Mon Mar 15 15:49:33 GMT 2004


I know this is a totally off the wall question but here goes.  I've got
clean Win2k install all SP's loaded, NAV 100% up to date.  Gave it to a
user who plugged it in to his cable modem and then started the install
of ZoneAlarm.  Now I told him to install and config ZoneAlarm prior to
plugging into the modem but, well enough said....  Anyway I gave him a
quick scan and found the following ports open 21 FTP, 389 Ldap, 1002
Unassigned and 1720 Netmeeting.  I asked him to see what was listening
via netstat but nothing is listening on these ports?  I asked him to
un-install and re-install ZoneAlarm making sure that he does not let
anything have access to the internet.  Well the system is backup with
the same ports open?  He's done a GRC, Broadband and Sygate scan himself
and found nothing open?  Tonight I'm going to Nmap the machine to see
what's cook'in but in the mean time does anyone have any ideas as to
what might be going on?

Thanx, Paul




More information about the list mailing list