Port Details - Port 1025

Jan 10 94 Jan 11 193 Jan 12 131 Jan 13 130 Jan 14 56 Jan 15 110 Jan 16 65 Jan 17 111 Jan 18 372 Jan 19 71 Jan 20 47 Jan 21 118 Jan 22 433 Jan 23 283 Jan 24 214 Jan 25 53 Jan 26 58 Jan 27 318 Jan 28 52 Jan 29 47 Jan 30 70 Jan 31 40 Feb 01 63 Feb 02 42 Feb 03 42 Feb 04 247 Feb 05 77 Feb 06 105 Feb 07 94 Feb 08 60 Feb 09 17 Jan 10 767 Jan 11 1,501 Jan 12 691 Jan 13 756 Jan 14 1,005 Jan 15 1,295 Jan 16 859 Jan 17 879 Jan 18 1,041 Jan 19 947 Jan 20 961 Jan 21 644 Jan 22 810 Jan 23 689 Jan 24 878 Jan 25 866 Jan 26 1,174 Jan 27 817 Jan 28 1,996 Jan 29 539 Jan 30 152 Jan 31 290 Feb 01 168 Feb 02 372 Feb 03 418 Feb 04 360 Feb 05 436 Feb 06 292 Feb 07 238 Feb 08 442 Feb 09 559
[show ascii data]
  • Start Date:
  • End Date:
  • Port:
  • Left Graph:
  • Right Graph:
  • Show Range:Yes No

Port Information

ProtocolServiceName
udpwin-rpcWindows RPC
[get complete service list]

User Comment

Submitted ByDate
Comment
Johannes Ullrich2009-10-04 18:45:22
see MSFT Knowledge Base: http://support.microsoft.com/default.aspx?scid=KB;en-us;q280132 port 1025 is assigned to a port of the "Active Directory logon and directory replication interface"
2009-10-04 18:45:22
Microsoft Windows RPC malformed message buffer overflow vulnerability (TCP ports 135, 445, 1025) exploited by "Win32.Lioten Family" virus: http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=42309
Ryan Janke2009-10-04 18:45:22
On a Linux box, Snort identifies this traffic as the same kind which WinXP machines without either: 1) The "Messenger" service disabled or 2) The "Shoot the Messenger" patch from GRC.com installed or 3) A patch supplied by Microsoft to correct the "Messenger" issue register as ads and display on a user's screen. (IE: "Your registry is corrupted. . ." etc. etc.)
2007-05-08 13:43:07
Dudes: Port 1025 is used by Application Layer Gateway ALG.EXE. Disabling that service will close it. Travis
Johannes Ullrich2007-05-01 03:31:53
April 15th 2007, a RinBot variant started scanning this port for the DNS-RPC vulnerability. see http://isc.sans.org/diary.html?storyid=2643
Compo2006-03-24 03:46:43
This port is also used by Avanquests ViaComs SystemSuite Ver 5 & 6 (at least) for the MX Tast as the 'background task server' and is completly legal for this program. Compo
F-Secure2005-12-20 05:48:18
New network worm Win32/Dasher.A seems to use this port while exploiting MS05-051.
Jeni Li2005-04-06 10:36:55
TCP 1025 is used by many Web hosting providers as an alternate SMTP port for their customers to reach their SMTP servers. Necessitated by big-name ISPs including MSN and Cox Cable blocking or restricting outbound TCP 25.
2004-07-08 11:17:58
http://www.blackhat.com/presentations/win-usa-04/bh-win-04-seki-up2.pdf
Justin Singh2004-06-27 02:24:33
1025 seems to be used by some VOIP devices like Net2phone's yapjack. Blocking access to this port on a firewall could cause this service to fail when the user tries to initiate more than one consecutive call on a single internet session.
Ulrich Weber2004-05-23 04:15:51
Port 1025 is officially assigned to network blackjack and nothing else. In fact it will be used by the first program or service that tries to establish an outgoing or internal connection after a system boot. Concerning a non-compromised, stand-alone XP System this will usually be the svchost process respectively the system process itself, more or less chosen by chance.
2004-04-27 23:44:53
port 1025 is by default used by task scheduler rpc component
Add a comment

CVE Links

CVE #Description