Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Port 5152


  • Please log in to reply
3 replies to this topic

#1 Reddoug

Reddoug

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 27 September 2009 - 07:37 PM

Hi All

Was looking around here today and ran across nestat tutorial and started looking around in my computer. I found two entries port 5152. Listening and closed-wait. I keep my anti-virus updated, AVG 8.5. Ran scan this morning and also ran Malwarebytes scan. Both showed no problems. I Googled port 5152 and it doesn't look good. Am I infected?

Thanks, Doug

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 30,812 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:24 AM

Posted 28 September 2009 - 08:33 AM

UDP port 5152 protocol information

A port is an address associated with a particular process on a computer. Ports have a unique number in the header of a data packet that is used to map this data to that process. Port numbers are divided into three ranges: Well Known Ports, Registered Ports, and Dynamic/Private Ports. Default port values for commonly used TCP/IP services have values lower than 255 and Well Known Ports have numbers that range from 0 to 1023. Registered Ports range from 1024 to 49151 and Dynamic/Private Ports range from 49152 to 65535. An "open port" is a TCP/IP port number that is configured to accept packets while a "closed port" is one that is set to deny all packets with that port number.Hackers use "port scanning" to search for vulnerable computers with open ports using IP addresses or a group of random IP address ranges so they can break in and install malicious programs (viruses, Trojans). Botnets and Zombie computers scour the net and will randomly scan a block of IP addresses. These infected computers are searching for "vulnerable ports" and make repeated attempts to access them. If your PC is sending out large amounts of data, this usually indicates that your system may have a virus or a Trojan horse.

You can use netstat, a command-line tool that displays incoming and outgoing network connections, from a command prompt to obtain Local/Foreign Addresses, PID and listening state.
  • netstat /? lists all available parameters that can be used.
  • netstat -a lists all active TCP connections and the TCP and UDP ports on which the computer is listening.
  • netstat -b lists all active TCP connections, Foreign Address, State and process ID (PID) for each connection.
  • netstat -n lists active TCP connections. Addresses and port numbers are expressed numerically and no attempt is made to determine names.
  • netstat -o lists active TCP connections and includes the process ID (PID) for each connection. You can find the application based on the PID on the Processes tab in Windows Task Manager. This parameter can be combined with -a, -n, and -p (example: netstat -ano).
If the port in question is listed as "Listening" there is a possibility that it is in use by a Trojan server but your firewall, if properly configured, should have blocked any attempt to access it.

There are third party utilities that will allow you to manage, block, and view detailed listings of all TCP and UDP endpoints on your system, including local/remote addresses, state of TCP connections and the process that opened the port:Caution: If you're going to start blocking ports, be careful which ones you block or you may lose Internet connectivity. For a list of TCP/UDP ports and notes about them, please refer to:You can investigate IP addresses and gather additional information at:You can use Process Monitor, an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity or various Internet Traffic Monitoring Tools for troubleshooting and malware investigation.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#3 Reddoug

Reddoug
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 28 September 2009 - 05:59 PM

Thanks. Was a little worried because 5152 does not show up in registered ports. Skips from 5151 to 5154.

Thanks again, Doug

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 30,812 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:24 AM

Posted 29 September 2009 - 06:09 AM

You're welcome.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users