Jump to content

Listening Ports 49152-49157

ironclaw

By ironclaw
in Windows Vista

 Share

Recommended Posts


cluberti

cluberti

Posted
Posted

Those are private, or ephemeral, ports in that range (49152 - 65535). They could be anything requiring an ephemeral port (applications, kernel drivers, etc). You say that netstat -o tells you that the PID is 4? That would mean something running in the SYSTEM process (representative of threads running in kernel directly) has opened those ports. Who is the foreign address - where do those connections go?

Link to comment
Share on other sites
ironclaw

ironclaw

Posted
  • Author
Posted (edited)

None of the PIDs appear to be 4, and each PID is different. However, all six of them translate to either wininit.exe, svchost.exe, lsass.exe, or services.exe.

This is basically what it looks like:

Local				Foreign
0.0.0.0:49152			  0.0.0.0:0
0.0.0.0:49153			  0.0.0.0:0
0.0.0.0:49154			  0.0.0.0:0
0.0.0.0:49155			  0.0.0.0:0
0.0.0.0:49156			  0.0.0.0:0
0.0.0.0:49157			  0.0.0.0:0
[::]:49152				[::]:0
[::]:49153				[::]:0
[::]:49154				[::]:0
[::]:49155				[::]:0
[::]:49156				[::]:0
[::]:49157				[::]:0

Edited by ironclaw
Link to comment
Share on other sites
TheTOM_SK

TheTOM_SK

Posted
Posted (edited)

I do not know, what are those ports related to, but I was able to close them (screen) by disabling services, policies, so I woould not need a firewall. WWDC helped me to close ports: 49152, 49153, 49154 by disabling NetBIOS, strange but it works. As for one 135 (RPC service), it can not be closed, but it only listens locally (screen), so it does not matter. IE uses ports 49150 and above as loopback instead of 1024-5000.

Edited by TheTOM_SK
Link to comment
Share on other sites
ironclaw

ironclaw

Posted
  • Author
Posted
I do not know, what are those ports related to, but I was able to close them (screen) by disabling services, policies, so I woould not need a firewall. WWDC helped me to close ports: 49152, 49153, 49154 by disabling NetBIOS, strange but it works. As for one 135 (RPC service), it can not be closed, but it only listens locally (screen), so it does not matter. IE uses ports 49150 and above as loopback instead of 1024-5000.

That IS strange, because I have NetBIOS totally disabled.

As for port 135, you can try this:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole

Look on the right-hand panel for a value named EnableDCOM. By default it should be set at Y, change this to N. This will disable DCOM.

Next, navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc

Look on the right-hand panel for a value named DCOM Protocols. Do not modify the entire value, but instead only remove ncacn_ip_tcp from the DCOM Protocols value, and leave everything else untouched.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...