Jump to content

Listening Ports 49152-49157

ironclaw

By ironclaw
in Windows Vista

 Share

Recommended Posts

ironclaw

ironclaw

Posted
Posted

Can anyone tell me which service/program is opening these ports?

Ports 49152, 49153, 49154, 49155, 49156, 49157.

The PID for each of these translates to a system process.

Thanks!


cluberti

cluberti

Posted
Posted

Those are private, or ephemeral, ports in that range (49152 - 65535). They could be anything requiring an ephemeral port (applications, kernel drivers, etc). You say that netstat -o tells you that the PID is 4? That would mean something running in the SYSTEM process (representative of threads running in kernel directly) has opened those ports. Who is the foreign address - where do those connections go?

ironclaw

ironclaw

Posted
  • Author
Posted (edited)

None of the PIDs appear to be 4, and each PID is different. However, all six of them translate to either wininit.exe, svchost.exe, lsass.exe, or services.exe.

This is basically what it looks like:

Local				Foreign
0.0.0.0:49152			  0.0.0.0:0
0.0.0.0:49153			  0.0.0.0:0
0.0.0.0:49154			  0.0.0.0:0
0.0.0.0:49155			  0.0.0.0:0
0.0.0.0:49156			  0.0.0.0:0
0.0.0.0:49157			  0.0.0.0:0
[::]:49152				[::]:0
[::]:49153				[::]:0
[::]:49154				[::]:0
[::]:49155				[::]:0
[::]:49156				[::]:0
[::]:49157				[::]:0

Edited by ironclaw
TheTOM_SK

TheTOM_SK

Posted
Posted (edited)

I do not know, what are those ports related to, but I was able to close them (screen) by disabling services, policies, so I woould not need a firewall. WWDC helped me to close ports: 49152, 49153, 49154 by disabling NetBIOS, strange but it works. As for one 135 (RPC service), it can not be closed, but it only listens locally (screen), so it does not matter. IE uses ports 49150 and above as loopback instead of 1024-5000.

Edited by TheTOM_SK
ironclaw

ironclaw

Posted
  • Author
Posted
I do not know, what are those ports related to, but I was able to close them (screen) by disabling services, policies, so I woould not need a firewall. WWDC helped me to close ports: 49152, 49153, 49154 by disabling NetBIOS, strange but it works. As for one 135 (RPC service), it can not be closed, but it only listens locally (screen), so it does not matter. IE uses ports 49150 and above as loopback instead of 1024-5000.

That IS strange, because I have NetBIOS totally disabled.

As for port 135, you can try this:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole

Look on the right-hand panel for a value named EnableDCOM. By default it should be set at Y, change this to N. This will disable DCOM.

Next, navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc

Look on the right-hand panel for a value named DCOM Protocols. Do not modify the entire value, but instead only remove ncacn_ip_tcp from the DCOM Protocols value, and leave everything else untouched.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...