|
Posted by Volodymyr M. Shcherbyna on April 9, 2008, 3:35 am
If you were Registered and logged in, you could reply and use other advanced thread options
traffic which going to be scanned should go to remote IP + remote port. Not
the local ones.
--
V.
This posting is provided "AS IS" with no warranties, and confers no
rights.
>> b) A trojan won't use 80 and 110, the chance of colliding with real
>> applications would be too high. I'm willing to bet that those two ports
>> are opened by your virus scanner which is trying to scan your web
>> traffic and email downloads...
>
> I don't think so. This is a stupid approach from the point of view of
> security software. Antivirus or whatever will try to enumerate all opened
> ports, this operation is less costly then binding, and listening on some
> port.
>
> Even if the above solution would not be suitable for antivirus, it could
> always call bind (...) on a specified port., and if it busy, it will get
> WSAEACCES error . So, as you can, see, there is no need to create a fully
> functional server to check some port (because listen (...) and accept
> (...) are not called in this case)
>
>
> --
> V.
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>>
>>> i have two local trojan ports open. I found that using LPS program.
>>> The ports are 80 and 110. I have winXP firewall and a router. Can i
>>> somehow close this two ports only by using xp firewall?
>>
>> a) If it's really a trojan, merely installing a firewall will not help
>> you
>>
>> b) A trojan won't use 80 and 110, the chance of colliding with real
>> applications would be too high. I'm willing to bet that those two ports
>> are opened by your virus scanner which is trying to scan your web
>> traffic and email downloads...
>>
>> Juergen Nieveler
>> --
>> Take my advice, I don't use it anyway.
>
>
| 
XML site map