Port 1028 in Win XP Pro - do I need an external router?

Hello,

I am running a single computer, Compaq Presario R4025CA, with a
broadband (cable) connection under Win XP Pro. I just use the XP
firewall.

When I go to grc.com and use their ShieldsUp, they tell me that my
port 1028 is wide open. I am concerned about intrusions. I can't find
any way to close this port under Win XP. Is there one?

Do I need to get a hardware firewall (router)?

I tried comodo firewall a couple of years ago but it drove me to
distraction, and I'm not sure that it ever really did what I wanted it
to do.

Any suggestions greatly appreciated.

Thank you,
Mary

Re: Port 1028 in Win XP Pro - do I need an external router?

On Aug 31, 10:29 am, Mary Sunshine wrote:
> Hello,
>
> I am running a single computer, Compaq Presario R4025CA, with a
> broadband (cable) connection under Win XP Pro. I just use the XP
> firewall.
>
> When I go to grc.com and use their ShieldsUp, they tell me that my
> port 1028 is wide open. I am concerned about intrusions. I can't find
> any way to close this port under Win XP. Is there one?
>
> Do I need to get a hardware firewall (router)?
>
> I tried comodo firewall a couple of years ago but it drove me to
> distraction, and I'm not sure that it ever really did what I wanted it
> to do.
>
> Any suggestions greatly appreciated.
>
> Thank you,
> Mary

Mary,
what are you Windows XP Firewall rules set as? Do you have an
exception for that port?

I personally do not fully trust software firewalls 100%. I keep
Windows Firewall on in addition to a NAT router in my home office.


Sam Hays, MCSE, MCSA

Re: Port 1028 in Win XP Pro - do I need an external router?

Mary Sunshine wrote:

> Hello,
>
> I am running a single computer, Compaq Presario R4025CA, with a
> broadband (cable) connection under Win XP Pro. I just use the XP
> firewall.
>
> When I go to grc.com and use their ShieldsUp, they tell me that my
> port 1028 is wide open. I am concerned about intrusions.


Why? Because the broken application on a sharlatan's website tells you some
nonsense?

> I can't find any way to close this port under Win XP. Is there one?


DCE-RPC bindings?

> Do I need to get a hardware firewall (router)?


No. Why do you think so?

> I tried comodo firewall a couple of years ago but it drove me to
> distraction, and I'm not sure that it ever really did what I wanted it
> to do.


Well, I can assure that it didn't.

Re: Port 1028 in Win XP Pro - do I need an external router?

Mary Sunshine wrote:
> I am running a single computer, Compaq Presario R4025CA, with a
> broadband (cable) connection under Win XP Pro. I just use the XP
> firewall.
> When I go to grc.com and use their ShieldsUp, they tell me that my
> port 1028 is wide open. I am concerned about intrusions. I can't find
> any way to close this port under Win XP. Is there one?

Recheck using some other firewall test.

For example, you can use http://nmap-online.com/

To check port 1028, select custom scan, and for your IP from this header
command should look something like this

-sS -sU -P0 -p 1028 66.102.80.103


> Do I need to get a hardware firewall (router)?

Router is a good idea.

Re: Port 1028 in Win XP Pro - do I need an external router?

On Aug 31, 1:20 pm, "@lf" wrote:

> Recheck using some other firewall test.
>
> For example, you can usehttp://nmap-online.com/
>
> To check port 1028, select custom scan, and for your IP from this header
> command should look something like this
>
> -sS -sU -P0 -p 1028 66.102.80.103
>
> > Do I need to get a hardware firewall (router)?
>
> Router is a good idea.

Thanks! I went there and got this:

Scan Result

Nmap Options: -sS -sU -P0 -p 1028 66.102.80.103

Starting Nmap 4.11 ( http://www.insecure.org/nmap ) at 2007-08-31
19:16 Central Europe Daylight Time
Interesting ports on cbl-66-102-80-103.wtccommunications.ca
(66.102.80.103):
PORT STATE SERVICE
1028/tcp open unknown
1028/udp open|filtered ms-lsa

Nmap finished: 1 IP address (1 host up) scanned in 2.922 seconds


So apparently it really is open.

I haven't made an exception for any ports in my Win XP firewall
settings: only for the internet apps that I use regularly.

If I get a router, will my port 1028 then show as closed?

Thank you!

Mary

Re: Port 1028 in Win XP Pro - do I need an external router?

Mary Sunshine wrote:
....
> If I get a router, will my port 1028 then show as closed?

If the port isn't forwarded and if the port is not open on router built
in firewall it should be closed.

But you should investigate what is behind TCP 1028.

Open command prompt and run: netstat -ano Note a PID number on a TCP
1028 connection. Then check in a task manager, by checking PID, what
process is opening that port.

Re: Port 1028 in Win XP Pro - do I need an external router?

On Aug 31, 2:19 pm, "@lf" wrote:

> If the port isn't forwarded and if the port is not open on router built
> in firewall it should be closed.
>
> But you should investigate what is behind TCP 1028.
>
> Open command prompt and run: netstat -ano Note a PID number on a TCP
> 1028 connection. Then check in a task manager, by checking PID, what
> process is opening that port.

Thank you!

I did that and got:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Mary Sxxxxxx>netstat -ano

Active Connections

Proto Local Address Foreign Address State
PID
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING
164
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
164
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
1384
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING
164
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
4
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
164
TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
1500
TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING
1500
TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING
1500
TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING
1500
TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING
1500
TCP 66.102.80.103:139 0.0.0.0:0 LISTENING
4
TCP 66.102.80.103:1105 72.14.203.104:80 ESTABLISHED
3532
TCP 66.102.80.103:1158 64.233.187.104:80 ESTABLISHED
3532
TCP 66.102.80.103:1159 64.233.167.147:80 ESTABLISHED
3532
TCP 66.102.80.103:1160 64.233.179.99:80 ESTABLISHED
3532
TCP 66.102.80.103:1161 64.233.179.99:80 ESTABLISHED
3532
TCP 66.102.80.103:1162 64.233.179.99:80 ESTABLISHED
3532
TCP 66.102.80.103:1164 64.233.179.99:80 ESTABLISHED
3532
TCP 66.102.80.103:1165 64.233.179.99:80 ESTABLISHED
3532
TCP 66.102.80.103:1166 64.233.179.99:80 ESTABLISHED
3532
TCP 66.102.80.103:1167 64.233.179.99:80 ESTABLISHED
3532
TCP 127.0.0.1:1029 0.0.0.0:0 LISTENING
2924
TCP 127.0.0.1:1035 127.0.0.1:1036 ESTABLISHED
3532
TCP 127.0.0.1:1036 127.0.0.1:1035 ESTABLISHED
3532
TCP 127.0.0.1:1037 127.0.0.1:1038 ESTABLISHED
3532
TCP 127.0.0.1:1038 127.0.0.1:1037 ESTABLISHED
3532
UDP 0.0.0.0:161 *:*
948
UDP 0.0.0.0:445 *:*
4
UDP 0.0.0.0:500 *:*
1100
UDP 0.0.0.0:1027 *:*
1500
UDP 0.0.0.0:1039 *:*
1576
UDP 0.0.0.0:3456 *:*
164
UDP 0.0.0.0:3527 *:*
1500
UDP 0.0.0.0:4500 *:*
1100
UDP 66.102.80.103:123 *:*
1520
UDP 66.102.80.103:137 *:*
4
UDP 66.102.80.103:138 *:*
4
UDP 66.102.80.103:1900 *:*
1620
UDP 127.0.0.1:123 *:*
1520
UDP 127.0.0.1:1900 *:*
1620

I don't see port 1028 showing up here.

So, what now?

Mary

Re: Port 1028 in Win XP Pro - do I need an external router?

On Aug 31, 11:07 am, "Sebastian G." wrote:

> > I can't find any way to close this port under Win XP. Is there one?
>
> DCE-RPC bindings?
>

Thanks. Can I find that in Control Panel?

Mary

Re: Port 1028 in Win XP Pro - do I need an external router?

Mary Sunshine wrote:

> TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
> 1500

Check in task manager what process have PID 1500.

Re: Port 1028 in Win XP Pro - do I need an external router?

On Aug 31, 2:47 pm, "@lf" wrote:
> Mary Sunshine wrote:
> > TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
> > 1500
>
> Check in task manager what process have PID 1500.

Hmmm .... it's mqsvc.exe

I googled it up, and most results so far *seem* to think that the
process is safe, and also that it can be disabled if desired.

Heh ... what would you do in my position, then (given that you would
suddenly find yourself to be an ignoramus about all this stuff) ?

:-)

Mary

Re: Port 1028 in Win XP Pro - do I need an external router?

Mary Sunshine wrote:
> On Aug 31, 2:47 pm, "@lf" wrote:
>> Mary Sunshine wrote:
>>> TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
>>> 1500
>> Check in task manager what process have PID 1500.
>
> Hmmm .... it's mqsvc.exe

If it is located in C:\Windows\System32 than it is Windows legal file,
and if we ignore process infection than it is probably not a malware.

> Heh ... what would you do in my position, then (given that you would
> suddenly find yourself to be an ignoramus about all this stuff) ?

I would disable it, and retest a firewall.

Re: Port 1028 in Win XP Pro - do I need an external router?

Nice to follow this thread and see someone getting genuine help, rather
than having sarcasm heaped on them!

Jim Ford

Re: Port 1028 in Win XP Pro - do I need an external router?

On Aug 31, 3:30 pm, "@lf" wrote:

> I would disable it, and retest a firewall.

Thank you kindly. I will do that!

Mary

Re: Port 1028 in Win XP Pro - do I need an external router?

Mary Sunshine wrote:

> On Aug 31, 11:07 am, "Sebastian G." wrote:
>
>>> I can't find any way to close this port under Win XP. Is there one?
>> DCE-RPC bindings?
>>
>
> Thanks. Can I find that in Control Panel?


Not at all.

Now will you please search the MS Knowledge base for the registry settings
and the rpccfg.exe tool.

Re: Port 1028 in Win XP Pro - do I need an external router?

On Aug 31, 3:37 pm, Mary Sunshine wrote:
> On Aug 31, 3:30 pm, "@lf" wrote:
>
> > I would disable it, and retest a firewall.
>
> Thank you kindly. I will do that!
>
> Mary

And the result is ....

PORT STATE SERVICE
1028/tcp filtered unknown
1028/udp open|filtered ms-lsa

Also, now the netstat command shows no process running on port 1028.

And FWIW, grc.com says I'm good.

Thanks!

Re: Port 1028 in Win XP Pro - do I need an external router?

Agree with you JIm, more of @lf like collegues would be nice in the
world.

Re: Port 1028 in Win XP Pro - do I need an external router?

Mary Sunshine wrote:
> When I go to grc.com and use their ShieldsUp

Better forget GRC, and better forget ShieldsUp.

Yours,
VB.
--
"Es muss darauf geachtet werden, dass das Grundgesetz nicht mit Methoden
geschützt wird, die seinem Ziel und seinem Geist zuwider sind."

Gustav Heinemann, "Freimütige Kritik und demokratischer Rechtsstaat"

Re: Port 1028 in Win XP Pro - do I need an external router?

Mary Sunshine wrote:
> Nmap Options: -sS -sU -P0 -p 1028 66.102.80.103

Try to scan from internal. You may get scan results which include
information about your provider's network, if they're modifying
something on the line.

> So apparently it really is open.
> I haven't made an exception for any ports in my Win XP firewall
> settings: only for the internet apps that I use regularly.

If so, this is very strange. What do Microsoft support say?

> If I get a router, will my port 1028 then show as closed?

Unsure.

Yours,
VB.
--
"Es muss darauf geachtet werden, dass das Grundgesetz nicht mit Methoden
geschützt wird, die seinem Ziel und seinem Geist zuwider sind."

Gustav Heinemann, "Freimütige Kritik und demokratischer Rechtsstaat"