Port 4567 (backdoor)

Similar Messages

• How do I id software WSTL CPE 1.0 on WAP tcp port 4567

  The system on my '08 13" macbook (10.6.8) failed a compliance scan done by a credible credit card processing co. This is for my small business to make sure my customers info is secure.
  This is what they reported:
  Protocol
  Port
  Special Notes
  tcp
  4567
  Remote Access Software:HTTP service (WSTL CPE 1.0) running on WAP
  No help from their tech support or my server. I tried to find the port in Little Snitch, looked all around in system preferences & Googled it with no results.
  Any help will be much appreciated.

  http://www.dslreports.com/forum/r20511704-Westell-6100-F90-port-4567
  This port might be open in the modem to allow the ISP to push updates. It is not actually a port open on your computer.. the fact that it returns as open is irrelevant. But talk to your ISP if you need it shut for running higher security card processing.

• About port 4567

  Firstly, I know there have been many other posts concerning port 4567 on the BT Home Hub; I know many other people are concerned, as I am, about what appears to be a glaring hole in the Hub's security. However, I think people need to remember that BT's hub isn't the only one to have this issue; a quick search on Google will show quite a few other branded routers have the same 'hole' in their security. And they often cite the same 'excuses' for why it is there: firmware updates, and general network monitoring. So maybe we should stop giving BT the boot about this?
  I used to be really concerned about port 4567, after both grc.com and t1shopper.com both kept showing it was "open" while virtually every other port was "stealthed". But today I ran a simple, free program called TCPView. It shows you, in real-time, the state of TCP/UDP ports on your computer; the processes using them; the connection state, and so on. When I ran it for the first time, it only showed 4 ports with "established" connection. And all those I was familiar with. I looked down the list and not once did I see "port 4567" "established", or "listening", or "time_wait". There was no evidence it was being used by anything; it wasn't listed at all, even though grc.com  - at the same time - still showed the port was "open". So this got me thinking: could these be false positives? Is it possible we're making something out of nothing? Is it really a security risk? Would BT really jeopardise their customers' security like this? I highly doubt it.
  BTW: I used to be able to use port forwarding on my Hub to stealth port 4567. But now port forwarding no longer seems to work. Either I am doing it wrong, or somehow a firmware update has rendered it useless. Also, don't bother telling me to use a software firewall; I have tried practically all of them and not one of them stealthed port 4567. In my experience the router renders software firewalls virtually redundant. Either that, or I'm configuring them wrong.

  'open' just means that someone trying to connect from the outside can see it.  If there is a service to process it (with appropriate port forwarding if on a device other than the router itself) it may connect; but in the more likely event there isn't such a service they will get some kind of 'not connected' message.  That is different from 'stealth' where they just don't see any response at all.   The response from the open port shown that there is something at the ip address, and that it might therefore be worth trying to attack.
  TCPView tells you what is actually connected at the moment.  You are pretty unlikely to see anyone who did attack unless you happened to look exactly as the attack was happening.  Also, TCPView is looking from the computer at connections to the computer, not at the router.  You wouldn't see anything connected to the router, or to any other device on your network, only to things connected (via the router) to the computer.

• Guy accessed remote administration port 4567 on my router. Thanks, Verizon!

  Some  dude has been running botnet attacks to gain access to my  Westell 9100 BHR router and this past weekend he was successful:
  Oct  9 20:01:39 2010    Inbound Traffic    Blocked - Default policy    TCP 74.125.227.33:80->71.170.238.87:49396 on eth1
  Oct  9 20:03:50 2010    Inbound Traffic    Blocked - Default policy    TCP 173.192.226.198:80->71.170.238.87:49487 on eth1
  Oct  9 20:04:34 2010    Outbound Traffic    Blocked - Default policy    UDP 192.168.1.3:50018->65.55.158.118:3544 on eth1
  Oct  9 20:04:36 2010    Inbound Traffic    Blocked - Default policy    TCP 65.60.38.194:80->71.170.238.87:49497 on eth1
  Oct  9 20:04:37 2010    Outbound Traffic    Blocked - Default policy    UDP 192.168.1.3:50018->65.55.158.118:3544 on eth1
  Oct  9 20:06:45 2010    Inbound Traffic    Blocked - Default policy    TCP 74.125.227.49:80->71.170.238.87:49534 on eth1
  Oct  9 20:07:01 2010    Inbound Traffic    Blocked - Default policy    TCP 78.141.177.62:443->71.170.238.87:49540 on eth1
  Oct  9 20:16:35 2010    Inbound Traffic    Blocked - Packet invalid in connection    TCP 77.67.87.105:80->71.170.238.87:49683 on eth1
  Oct  9 20:16:37 2010    Firewall Info    Rate Limit    1 messages of type [9] Packet invalid in connection suppressed in 1 second(s)
  Oct  9 20:23:25 2010    Inbound Traffic    Blocked - Default policy    TCP 81.200.61.23:60289->71.170.238.87:2439 on eth1
  Oct  9 20:23:25 2010    Inbound Traffic    Accepted Traffic - Remote administration    TCP 81.200.61.23:60289->71.170.238.87:4567 on eth1
  Oct  9 20:23:25 2010    Firewall Info    Rate Limit    17 messages of type [15] Default policy suppressed in 1 second(s)
  Oct  9 20:23:25 2010    Inbound Traffic    Blocked - Default policy    TCP 81.200.61.23:60289->71.170.238.87:4964 on eth1
  Oct  9 20:23:27 2010    Firewall Info    Rate Limit    53 messages of type [15] Default policy suppressed in 1 second(s)
  Oct  9 20:23:27 2010    Inbound Traffic    Blocked - Default policy    TCP 81.200.61.23:60290->71.170.238.87:4728 on eth1
  Oct  9 20:23:27 2010    Inbound Traffic    Accepted Traffic - Remote administration    TCP 81.200.61.23:60296->71.170.238.87:4567 on eth1
  Oct  9 20:23:27 2010    Firewall Info    Rate Limit    59 messages of type [15] Default policy suppressed in 1 second(s)
  Oct  9 20:23:27 2010    Inbound Traffic    Blocked - Default policy    TCP 81.200.61.23:60289->71.170.238.87:2000 on eth1
  Oct  9 20:23:28 2010    Firewall Info    Rate Limit    74 messages of type [15] Default policy suppressed in 1 second(s)
  Oct  9 20:23:28 2010    Inbound Traffic    Blocked - Default policy    TCP 81.200.61.23:60290->71.170.238.87:2749 on eth1
  Oct  9 20:23:29 2010    Inbound Traffic    Accepted Traffic - Remote administration    TCP 81.200.61.23:60297->71.170.238.87:4567 on eth1
  Oct  9 20:23:29 2010    Firewall Info    Rate Limit    74 messages of type [15] Default policy suppressed in 1 second(s)
  I went ahead and reset whatever settings he changed, but how do I close this port to prevent this guy from gaining access to my router in the future?

  whokebe1 wroteI'm pretty certain I didn't see that bottom entry the previous week. And if you'll notice, I can't undo it without resetting the router.
  That certainly doesn't look like anything I've seen VZ add.
  I have seen VZ add a UDP from from ANY address / ANY port to DVR port 63145 which effective blocks port forwarding needed for third party VOIP.
  VZ recently encrypted the Actiontec config file.  However the config file for Westells remains unencrypted.
  If you want to block access to the CPE Management port. 
  Save your current configuration to a file.
  Open it with a text editor.
  About 3/4 of the way down the file you will see the following lines:
  (cwmp
      (enabled(1))
  Change it to:
  (cwmp
      (enabled(0))
  That should block remote CPU access.

• DMZ and open ports

  Hi all!
  This is my first post on this forum I've been tinkering around with honey pots and set one up on my home network. A tutorial I was following mentioned about putting it in the DMZ. So I did. When I was at work I conducted a nmap scan of my home router. SO MANY OPEN PORTS! Of course setting up a DMZ this is to be expected. HH being HH only the honeypot is in it but I'm a little worried that even though I have only put the honey pot in the DMZ, are all the opened ports open to the rest of my network? As I understad it I am wrong but I am concerned just want to double check! Also when I turned of the DMZ and did another scan I found port 4567 to be open. I quick search flagged up a few results. Many people seem to say ignore it but others have said its possible for to be a back door. If I type in my public ip:4567 I get faced with a login page! I have heard that BT install a backdoor on their routers for the NSA and GCHQ normally I'd fob such things off but would be interested to know what is going on with that open port! 
  Thanks in advance guys!

  When you have anchor/foreign, the web auth traffic always go to the anchor, so  with CWA, the traffic from the anchor to the ISE will need to be permitted . go through the following link this may of help
  https://supportforums.cisco.com/docs/DOC-26442

• NETGEAR WNDR3700 and FIOS Victory and a cautionary tale of security with a FIOS Router

  I added FIOS as our IP in January.  We recieved a good deal for superior speed 25/25 Mbs. 
  What I learned after testing the Westell 9100 router provided by Verizon was that port 4567 was continutally open.  And that after serveral calls to Verizon techsupport, and yes hours waiting for a live person (Cummulative waiting time) I was met with silence on the question of the open port and given a canned answer that Verizon does not provide support for that issue.      I tested this at norton, grc.com and auditmypc.  All have the same result,  Port 4567 is open.
  I found some helpful hints via google search and via this forum.   What I have learned to my dismay is that anyone, who knows our IP address eventhough it is dynamic every few days,  could telnet the port and if they knew our password, or if a user didnot change the default, could enter our setup and network.  This should send shivers down your spine.
  Verizon as I understand it, leaves the port open for firmware updates.  And that its impossible to stealth the port given their software.  Also, Verizon has their own DNS that they list as primary and secondary.  This means, that everything you do online passes through their DNS servers and is recorded.  how do you know? ever get that sudden switch to Verizon search after a google search.
  I purchased a router  Actually 2, took one back and upgraded to the Netgear WNDR3700.  What a nightmare in trying to figure out why the connection kept dropping.  After hit and miss in configuring 2 settings that are  must. Dynamically assigned DNS. 
  MTU must be set to 1492 in the router WAN setup
  your routers mac address must be set to use computer mac address.  in the Basic settings.
  I also registered at OpenDNS and use their DNS servers with no issue.  Im trusting one over the other. 
  FIOS has changed my IP twice since and my home network runs without a hitch.  I have a HUB set up, PS3. Non fios tv, IP phone  etc etc etc

  My Verizon router is not a router. Bridge only. No WAN ports used on my Actiontec. Who needs support? The only reason I would call is if my service stopped working, or slowed down to a problem. I am not most people. My router is a Linux box with a single core CPU, 512meg of RAM, 80 gig drive, and two network cards. Logs everything for 90 days.

• Server thread for Chat server error

  hey i am trying to make a server for a simple chat service..i have written the code for the server but in my ChatServer thread in the run() function it is giving a null pointer exception...please help me out in this as unless the server is not running i can procede on checking my client code.
  i am attaching the code for my ChatServer.java
  import java.net.ServerSocket;
  import java.net.Socket;
  import java.io.DataOutputStream;
  import java.io.InputStream;
  import java.util.ArrayList;
  import java.io.IOException;
  import java.lang.Thread;
  @SuppressWarnings("unused")
  public class ChatServer extends Thread
       Thread thread;
       Socket socket;
       ServerSocket serversocket;
       ArrayList<ClientObj> userarraylist;
       @SuppressWarnings("unchecked")
       ArrayList messagearrayList;
       ClientObj clientobject;
       public ChatServer()
       @SuppressWarnings("unchecked")
       public void StartServer()
       try{     
       serversocket = new ServerSocket(4567);
       }catch(IOException e) { }
        userarraylist = new ArrayList();
        messagearrayList = new ArrayList();
       thread = new Thread(this);
       thread.start();     
       public void run()
            while(true)
                 try{
                 socket = serversocket.accept();     //I AM GETTING AN EXCEPTION HERE
                 System.out.println("Waiting for connection");
                 }catch(IOException e) { }
                 ChatFunctionality chatFunc = new ChatFunctionality(this,socket);
       public ClientObj GetClientObject(String UserName)
            ClientObj returnClientObject = null;
            ClientObj TempClientObject;
            int m_userListSize = userarraylist.size();
            for(int j = 0; j < m_userListSize; j++)
                 TempClientObject = (ClientObj) userarraylist.get(j);
                 if(TempClientObject.getUserName().equalsIgnoreCase(UserName))
                      returnClientObject = TempClientObject;
                      break;
            return returnClientObject;
       public boolean IsUserExists(String UserName)
            if(GetClientObject(UserName) != null)
                 return true;
            else
                 return false;     
       public void SendMessageToClient(Socket clientsocket,String message)
            String sSentence = message;
            try{
            DataOutputStream outToClient = new DataOutputStream(clientsocket.getOutputStream());               
            outToClient.writeBytes(sSentence + '\n');
            }catch(IOException e) { }
       public void AddUser(Socket clientSocket,String UserName)
            if(IsUserExists(UserName))
                 SendMessageToClient(clientSocket,"EXISTS");
                 return;     
            clientobject = new ClientObj(clientSocket,UserName);
            userarraylist.add(clientobject);
       public void SendListOfUsers(Socket clientSocket)
            int listCount = userarraylist.size();
            for(int i=0;i<listCount;i++)
                 String name =  userarraylist.get(i).ClientUserName;
                 SendMessageToClient(clientSocket,name );
       public void SendMessageToAll(String Message)
            int UserCount = userarraylist.size();
            for(int k=0;k<UserCount;k++)
                 ClientObj TempClient = userarraylist.get(k);
                 SendMessageToClient(TempClient.Clientsocket,Message);
       public static void main(String[] args)
            ChatServer chatserver = new ChatServer();
            chatserver.StartServer();
            return;
  }

  So lets have a look at your error.
  java.net. --------------->BindException<-------------------: Address already in use: JVM_Bind
       at java.net.PlainSocketImpl.socketBind(Native Method)
       at java.net.PlainSocketImpl.bind(Unknown Source)
       at java.net.ServerSocket.bind(Unknown Source)
       at java.net.ServerSocket.<init>(Unknown Source)
       at java.net.ServerSocket.<init>(Unknown Source)
       at ChatServer.StartServer(ChatServer.java:36)
       at ChatServer.main(ChatServer.java:132)It clearly states that you have an [BindException. |http://java.sun.com/j2se/1.4.2/docs/api/java/net/BindException.html] So now we go to the java api and look up BindException to find out what it is. And after a have found out what it is, we fix the problem.
  Tell me how you solve the problem after reading what it is.(A hint, try: 4444)
  EDIT: After checking with NETSTAT command in windows cmd, I dont find port 4567 being used.. So it might not be the reason. But it sertainly is worth a try.
  Edited by: prigas on Jul 6, 2008 1:15 AM

• Using your own router

  Good day all,  I would like to hear from others who use their own routers to connect to Verizon Fios.  Are there any pro's or con's to using your own?  Will your connection be more secure using Verizon's equipment or your own.  Any difference in speeds noted?  Thank for your opinions.

  Just got FiOS today and faced the same issue. I need to keep the Actiontec router for the TV STBs, but it has not the same features as my D-Link 655. There are instructions online on how to turn the Actiontec into a network bridge, but that may interfere with services.
  Here is what I did:
  1. Change the IP of the Actiontec router to something different than the 192.168.1.1 so that it doesn't interfere with your existing router (unless your router already uses a different IP, then you can skip this). I followed the instructions from here: http://www.dslreports.com/forum/r20329726-northeast-how-to-change-the-default-IP-on-Actiontec-M1424W...
  Note 1: Once you change the address you need to reconnect to the other IP address!
  Note 2: You also need to change the DHCP range on the Actiontec to no longer include the new IP. This can be changed on the same page.
  2. Make sure that you power cycle the STBs, otherwise they still look for the router on the old address
  3. Plug your router of choice in and connect one of the LAN ports of the Actiontec to the WAN port of your router
  4. You now should be able to access Internet through your router.
  I use DynDNS so that I can remote into a system at home using a domain name. If you have such a setup be aware that the web admin of the Actiontec will be accessible from the Internet!
  I fixed that by
  1. Setting the Actiontec's firewall to the lowest setting
  2. Forwarding all TCP and UDP ports to my router except for the port 4567. That apparently is used by something for Verizon (the TV STBs??), so you may need to create multiple forwarding rules. If you choose custom ports you can specify a range, which is really nice. This way all traffic except for port 4567 hits my router and either goes where I forwarded the ports to or goes nowhere as there is no service.
  This setup should provide the best of both worlds. I say should as I yet have to test it for a while,but so far things are working out OK.
  If you have your own wireless and don't need the wireless from the Actiontec then turn the wireless off on the Actiontec and detach the antenna.

• Action MI424WR firmware 4.0.16.1.56.0.10.11.6 issue

  With the new 4.0.16.1.56.0.10.11.6 firmware installed, why do I get prompted to set network location (Home/Work/Public) when I reboot the PC each time I reset the router to factory default settings?  What changes does the new firmware have compared to 4.0.16.1.56.0.10.7?
  Message Edited by KeithWeisshar on 03-10-2009 01:36 AM

  my actiontec must have been updated monday evening while i was answering email...i was suddenly unable to see the outside world (my lan was still ok, able to ping my other machines)
  i bounced the actiontec to no avail, vz tech support had me reset it, losing my port-fwding config, but not resolving the lack of connectivity. apparently my lan router's dhcp lease had been dropped, so bouncing it restored access.
  but now i am unable to get p.f. to work @ all...vz t.s. asked me to look @ my firmware version: 4.0.16.1.56.0.10.11.6
  and there is now an unmodifiable rule: localhost Verizon FiOS Service – TCP Any -> 4567
  so if i'm reading this right, all incoming traffic on all ports is sent to the router's port 4567?  so vz is prohibiting me from accessing my own computers from outside?
  totally unsat:-(

• Ipfw log

  Network == DSL, verizon, westel 7500 router (recent replacement to defunct westel 327W)
  1 Macbook on wireless, 1 iMac wired, 1 Cube on wireless, 1 HP7210 wired (to DSL router/modem)
  new activity in Macbook only, from log---all devices have same os x firewall setting enabled
  Apr 4 10:56:10 -billslaptop- ipfw: 12190 Deny TCP 192.168.1.1:3384 192.168.1.46:80 in via en1
  Apr 4 10:56:16 -billslaptop- ipfw: 12190 Deny TCP 192.168.1.1:3384 192.168.1.46:80 in via en1
  Apr 4 10:56:28 -billslaptop- ipfw: 12190 Deny TCP 192.168.1.1:3384 192.168.1.46:80 in via en1
  Apr 4 10:56:37 -billslaptop- ipfw: Stealth Mode connection attempt to UDP 192.168.1.46:137 from 192.168.1.1:137
  Apr 4 10:56:38 -billslaptop- ipfw: Stealth Mode connection attempt to UDP 192.168.1.46:137 from 192.168.1.1:137
  Apr 4 10:56:38 -billslaptop- ipfw: Stealth Mode connection attempt to UDP 192.168.1.46:137 from 192.168.1.1:137
  Are these coming through the DSL router, or from it? I'm getting ready to install a packet sniffer out of frustration---and installing that is sure to be frustrating in and of itself!!
  On a side note, the new Westel boxes seem to have embedded Linux, port 4567 open for flash upgrades from the ISP, and use iptables etc. for firewalling....anyone know how to telnet into these boxes...the Verizon GUI (like so much Verizon stuff) is not bad, but I'd rather have real access.....
  Thanks for your help, if you have it.

  Because I only posted a snippet from console, you don't see that the "pings" from the dsl router increment through a list of high number ports.....
  Apr 5 11:39:13 -billslaptop- ipfw: 12190 Deny TCP 192.168.1.1:3543 192.168.1.46:80 in via en1
  Apr 5 11:53:29 -billslaptop- ipfw: 12190 Deny TCP 192.168.1.1:3545 192.168.1.46:80 in via en1
  Apr 5 11:44:53 -billslaptop- ipfw: Stealth Mode connection attempt to TCP 192.168.1.46:58135 from 74.125.91.103:80
  So at any given time, just researching the source port # doesn't answer the question...
  The router recognizes the laptop (in its web interface--it's a frustrating fact of life that, at least as far as I can tell, ISPs block any access to their modem/routers except through their canned interface)
  There may be some clue to what's going on in the fact that the "Stealth Mode connection" language only appeared after I change the firewall to stealth mode....prior to that the log was filling with the "Deny.." entries.....and even if that's not a clue, it's still an interesting fact on its own.

• Backdoor port 32764 really eliminated?

  Has the backdoor in the WRVS 4400N, RVS 4000 etc. really been eliminated from the latest firmware or is it just hidden away?
  http://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf
  Never ever again Cisco routers in my house...

  nadir.latif wrote:
  our servers were infected by the libkeyutils virus. some of the servers had this file libkeyutils.so.1.9. other servers that were infected had a libkeyutils.so file with a different version. a cpanel analyst told us to run following command to check for the virus:
  strings full_path_of_libkeyutils.so | egrep 'connect|socket|gethostbyname|inet_ntoa'
  just checking for libkeyutils.so.1.9 file alone is not enough to confirm the virus. each libkeyutils.so file must be checked for presence of network related functions. the above command basically checks for networking related functions in the libkeyutils.so file. these functions are not present in the default libkeyutils.so file and can be used for spamming, allowing ssh access etc.the command "strings" can be found in binutils package. the following command can be used to locate all libkeyutils.so files:
  locate libkeyutils.so
  Thanks for the info nadir.latif.
  Terminal Output wrote:[root@wishmacer andrzejl]# updatedb
  [root@wishmacer andrzejl]# locate libkeyutils.so
  /usr/lib/libkeyutils.so
  /usr/lib/libkeyutils.so.1
  /usr/lib/libkeyutils.so.1.4
  [root@wishmacer andrzejl]# strings /usr/lib/libkeyutils.so | egrep 'connect|socket|gethostbyname|inet_ntoa'
  [root@wishmacer andrzejl]# strings /usr/lib/libkeyutils.so.1 | egrep 'connect|socket|gethostbyname|inet_ntoa'
  [root@wishmacer andrzejl]# strings /usr/lib/libkeyutils.so.1.4 | egrep 'connect|socket|gethostbyname|inet_ntoa'
  [root@wishmacer andrzejl]#
  It seems that I am fine...
  Regards.
  Andrzej
  Last edited by AndrzejL (2013-02-25 09:03:16)

• Why is this netstat script so slow when you have multiple ports?

  Hello, I need thoughts on optimizing a script. It is very slow as it iterates through the array. My goal was to scan a list of pcs but it takes several minutes to scan one pc. It pauses several seconds between each check. I'm hoping its scanning just my
  array. I modified a function to support an array instead of a single port check. My goal is to have a function in my main script that looks at a pc, looks for common ports and counts how many connections are on that port. Any advice for speeding this up?
  #function by Chris Dent, modified by Jeremy Roe
  Function NetstatToObject {
  netstat -ano | ForEach-Object {
  $_ -Match '\s*(?<Protocol>(TCP|UDP))\s*(?<LocalAddress>\S*)\s*(?<RemoteAddress>\S*)\s*((?<State>\S*)\s*)?\s*(?<PID>\S*)' | Out-Null
  $Matches | Select-Object @{n='Protocol';e={ $_.Protocol }},
  @{n='LocalAddress';e={ [Net.IPAddress]($_.LocalAddress -Replace '(:\d*$)') }},
  @{n='LocalPort';e={ [UInt32]($_.LocalAddress -Replace '^.*:') }},
  @{n='RemoteAddress';e={ [Net.IPAddress]($_.RemoteAddress -Replace '(:\d*$)') }},
  @{n='RemotePort';e={ [UInt32]($_.RemoteAddress -Replace '^.*:') }},
  @{n='State';e={ $_.State }}, @{n='PID';e={ $_.PID }}
  # Object based output
  #NetstatToObject
  $port2scanArray=(0, 1, 2, 5, 11, 16, 17, 18, 19, 20, 21, 22, 23, 25, 27, 28, 30, 31, 37, 39, 41, 44, 48, 50, 51, 52, 53, 54, 59, 66, 69, 70, 79, 80, 81, 99, 101, 102, 103, 105, 107, 109, 110, 111, 113, 119, 120, 121, 123, 133, 137, 138, 139, 142, 143, 146, 166, 170, 171, 180, 200, 201, 202, 211, 212, 221, 222, 230, 231, 232, 285, 299, 334, 335, 370, 400, 401, 402, 411, 420, 421, 443, 445, 455, 456, 511, 513, 514, 515, 520, 531, 555, 559, 564, 589, 600, 605, 623, 635, 650, 661, 666, 667, 668, 669, 680, 692, 700, 777, 798, 808, 831, 901, 902, 903, 911, 956, 991, 992, 999, 1000, 1001, 1005, 1008, 1010, 1011, 1012, 1015, 1016, 1020, 1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1032, 1033, 1034, 1035, 1036, 1037, 1039, 1041, 1042, 1043, 1044, 1045, 1047, 1049, 1050, 1052, 1053, 1054, 1080, 1081, 1082, 1083, 1090, 1092, 1095, 1097, 1098, 1099, 1104, 1111, 1115, 1116, 1122, 1133, 1150, 1151, 1160, 1166, 1167, 1170, 1180, 1183, 1200, 1201, 1207, 1208, 1212, 1215, 1218, 1219, 1221, 1222, 1234, 1243, 1245, 1255, 1256, 1269, 1272, 1313, 1314, 1338, 1349, 1369, 1386, 1415, 1433, 1434, 1441, 1492, 1524, 1560, 1561, 1600, 1601, 1602, 1703, 1711, 1772, 1777, 1807, 1826, 1833, 1834, 1835, 1836, 1837, 1905, 1911, 1966, 1967, 1969, 1978, 1981, 1983, 1984, 1985, 1986, 1991, 1999, 2000, 2001, 2002, 2004, 2005, 2023, 2060, 2080, 2101, 2115, 2130, 2140, 2149, 2150, 2155, 2156, 2222, 2234, 2255, 2281, 2283, 2300, 2311, 2330, 2331, 2332, 2333, 2334, 2335, 2336, 2337, 2338, 2339, 2343, 2345, 2407, 2418, 2555, 2565, 2583, 2589, 2600, 2702, 2716, 2772, 2773, 2774, 2800, 2801, 2929, 2983, 2989, 3000, 3006, 3024, 3031, 3119, 3127, 3128, 3129, 3131, 3150, 3215, 3292, 3295, 3333, 3410, 3417, 3418, 3456, 3459, 3505, 3700, 3721, 3723, 3777, 3791, 3800, 3801, 3945, 3996, 3997, 3999, 4000, 4092, 4128, 4156, 4201, 4210, 4211, 4225, 4242, 4315, 4321, 4414, 4442, 4444, 4445, 4447, 4449, 4451, 4488, 4567, 4590, 4653, 4666, 4700, 4836, 4950, 5000, 5001, 5002, 5005, 5010, 5011, 5025, 5031, 5032, 5050, 5135, 5150, 5151, 5152, 5155, 5221, 5250, 5321, 5333, 5343, 5350, 5377, 5400, 5401, 5402, 5418, 5419, 5430, 5450, 5503, 5512, 5534, 5550, 5555, 5556, 5557, 5569, 5637, 5638, 5650, 5669, 5679, 5695, 5696, 5697, 5742, 5760, 5802, 5873, 5880, 5882, 5888, 5889, 5933, 6000, 6006, 6267, 6272, 6346, 6400, 6521, 6526, 6556, 6661, 6666, 6667, 6669, 6670, 6697, 6711, 6712, 6713, 6714, 6715, 6718, 6723, 6766, 6767, 6771, 6776, 6838, 6883, 6891, 6912, 6939, 6969, 6970, 7000, 7001, 7007, 7020, 7030, 7119, 7215, 7274, 7290, 7291, 7300, 7301, 7306, 7307, 7308, 7312, 7410, 7424, 7597, 7626, 7648, 7673, 7676, 7677, 7718, 7722, 7777, 7788, 7789, 7800, 7826, 7850, 7878, 7879, 7979, 7983, 8011, 8012, 8080, 8090, 8097, 8100, 8110, 8111, 8127, 8130, 8131, 8301, 8302, 8311, 8322, 8329, 8488, 8489, 8685, 8732, 8734, 8787, 8811, 8812, 8821, 8848, 8864, 8888, 8988, 8989, 9000, 9090, 9117, 9148, 9301, 9325, 9329, 9400, 9401, 9536, 9561, 9563, 9870, 9872, 9873, 9874, 9875, 9876, 9877, 9878, 9879, 9919, 9989, 9999, 10000, 10001, 10002, 10003, 10008, 10012, 10013, 10067, 10084, 10085, 10086, 10100, 10101, 10167, 10498, 10520, 10528, 10607, 10666, 10887, 10889, 11000, 11011, 11050, 11051, 11111, 11223, 11225, 11660, 11718, 11831, 11977, 11978, 11980, 12000, 12076, 12223, 12310, 12321, 12345, 12346, 12348, 12349, 12361, 12362, 12363, 12623, 12624, 12631, 12684, 12754, 12904, 13000, 13010, 13013, 13014, 13028, 13079, 13370, 13371, 13500, 13753, 14194, 14285, 14286, 14287, 14500, 14501, 14502, 14503, 15000, 15092, 15104, 15206, 15207, 15210, 15382, 15432, 15485, 15486, 15500, 15512, 15551, 15695, 15845, 15852, 15858, 16057, 16484, 16514, 16515, 16523, 16660, 16712, 16761, 16772, 16959, 16969, 17166, 17300, 17449, 17499, 17500, 17569, 17593, 17777, 18753, 19191, 19216, 19864, 20000, 20001, 20002, 20005, 20023, 20034, 20203, 20331, 20432, 20433, 21212, 21544, 21554, 21579, 21957, 22115, 22222, 22223, 22456, 22554, 22783, 22784, 22785, 23000, 23001, 23005, 23006, 23023, 23032, 23321, 23432, 23456, 23476, 23477, 23777, 24000, 24289, 25002, 25123, 25555, 25685, 25686, 25799, 25885, 25982, 26274, 26681, 27160, 27184, 27373, 27374, 27379, 27444, 27573, 27665, 28218, 28431, 28678, 29104, 29292, 29559, 29589, 29891, 29999, 30000, 30001, 30003, 30005, 30029, 30100, 30101, 30102, 30103, 30133, 30303, 30331, 30464, 30700, 30947, 30999, 31320, 31335, 31336, 31337, 31338, 31339, 31340, 31382, 31415, 31416, 31557, 31666, 31745, 31785, 31787, 31788, 31789, 31790, 31791, 31792, 31887, 32000, 32001, 32100, 32418, 32791, 33270, 33333, 33545, 33567, 33568, 33577, 33777, 33911, 34312, 34313, 34324, 34343, 34444, 34555, 35000, 35555, 35600, 36794, 37237, 37651, 38741, 38742, 40071, 40308, 40412, 40421, 40422, 40423, 40425, 40426, 41337, 41666, 43720, 44014, 44444, 44575, 44767, 45092, 45454, 45632, 45673, 46666, 47017, 47262, 47698, 47785, 47891, 48004, 48006, 48512, 49000, 49683, 49698, 50000, 50021, 50130, 50505, 50551, 50552, 50766, 50829, 51234, 51966, 52317, 52365, 52901, 53001, 54283, 54320, 54321, 55165, 55555, 55665, 55666, 56565, 57163, 57341, 57785, 58134, 58339, 59211, 60000, 60001, 60008, 60068, 60411, 60551, 60552, 60666, 61115, 61337, 61348, 61440, 61466, 61603, 61746, 61747, 61748, 61979, 62011, 63485, 64101, 65000, 65289, 65421, 65422, 65432, 65530, 65534, 65535
  ForEach ($port in $port2scanArray){
  # Then filtering:
  NetstatToObject | Where-Object { $_.State -eq 'ESTABLISHED' -And $_.LocalPort -eq $port }
  # Grouping
  NetstatToObject | Where-Object { $_.LocalPort -eq $port } | Group-Object LocalPort
  Write-Host done

  woot got it!!
  cls
  $port2scanArray= @(0, 1, 2, 5, 11, 16, 17, 18, 19, 20, 21, 22, 23, 25, 27, 28, 30, 31, 37, 39, 41, 44, 48, 50, 51, 52, 53, 54, 59, 66, 69, 70, 79, 80, 81, 99, 101, 102, 103, 105, 107, 109, 110, 111, 113, 119, 120, 121, 123, 133, 137, 138, 139, 142, 143, 146, 166, 170, 171, 180, 200, 201, 202, 211, 212, 221, 222, 230, 231, 232, 285, 299, 334, 335, 370, 400, 401, 402, 411, 420, 421, 443, 445, 455, 456, 511, 513, 514, 515, 520, 531, 555, 559, 564, 589, 600, 605, 623, 635, 650, 661, 666, 667, 668, 669, 680, 692, 700, 777, 798, 808, 831, 901, 902, 903, 911, 956, 991, 992, 999, 1000, 1001, 1005, 1008, 1010, 1011, 1012, 1015, 1016, 1020, 1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1032, 1033, 1034, 1035, 1036, 1037, 1039, 1041, 1042, 1043, 1044, 1045, 1047, 1049, 1050, 1052, 1053, 1054, 1080, 1081, 1082, 1083, 1090, 1092, 1095, 1097, 1098, 1099, 1104, 1111, 1115, 1116, 1122, 1133, 1150, 1151, 1160, 1166, 1167, 1170, 1180, 1183, 1200, 1201, 1207, 1208, 1212, 1215, 1218, 1219, 1221, 1222, 1234, 1243, 1245, 1255, 1256, 1269, 1272, 1313, 1314, 1338, 1349, 1369, 1386, 1415, 1433, 1434, 1441, 1492, 1524, 1560, 1561, 1600, 1601, 1602, 1703, 1711, 1772, 1777, 1807, 1826, 1833, 1834, 1835, 1836, 1837, 1905, 1911, 1966, 1967, 1969, 1978, 1981, 1983, 1984, 1985, 1986, 1991, 1999, 2000, 2001, 2002, 2004, 2005, 2023, 2060, 2080, 2101, 2115, 2130, 2140, 2149, 2150, 2155, 2156, 2222, 2234, 2255, 2281, 2283, 2300, 2311, 2330, 2331, 2332, 2333, 2334, 2335, 2336, 2337, 2338, 2339, 2343, 2345, 2407, 2418, 2555, 2565, 2583, 2589, 2600, 2702, 2716, 2772, 2773, 2774, 2800, 2801, 2929, 2983, 2989, 3000, 3006, 3024, 3031, 3119, 3127, 3128, 3129, 3131, 3150, 3215, 3292, 3295, 3333, 3410, 3417, 3418, 3456, 3459, 3505, 3700, 3721, 3723, 3777, 3791, 3800, 3801, 3945, 3996, 3997, 3999, 4000, 4092, 4128, 4156, 4201, 4210, 4211, 4225, 4242, 4315, 4321, 4414, 4442, 4444, 4445, 4447, 4449, 4451, 4488, 4567, 4590, 4653, 4666, 4700, 4836, 4950, 5000, 5001, 5002, 5005, 5010, 5011, 5025, 5031, 5032, 5050, 5135, 5150, 5151, 5152, 5155, 5221, 5250, 5321, 5333, 5343, 5350, 5377, 5400, 5401, 5402, 5418, 5419, 5430, 5450, 5503, 5512, 5534, 5550, 5555, 5556, 5557, 5569, 5637, 5638, 5650, 5669, 5679, 5695, 5696, 5697, 5742, 5760, 5802, 5873, 5880, 5882, 5888, 5889, 5933, 6000, 6006, 6267, 6272, 6346, 6400, 6521, 6526, 6556, 6661, 6666, 6667, 6669, 6670, 6697, 6711, 6712, 6713, 6714, 6715, 6718, 6723, 6766, 6767, 6771, 6776, 6838, 6883, 6891, 6912, 6939, 6969, 6970, 7000, 7001, 7007, 7020, 7030, 7119, 7215, 7274, 7290, 7291, 7300, 7301, 7306, 7307, 7308, 7312, 7410, 7424, 7597, 7626, 7648, 7673, 7676, 7677, 7718, 7722, 7777, 7788, 7789, 7800, 7826, 7850, 7878, 7879, 7979, 7983, 8011, 8012, 8080, 8090, 8097, 8100, 8110, 8111, 8127, 8130, 8131, 8301, 8302, 8311, 8322, 8329, 8488, 8489, 8685, 8732, 8734, 8787, 8811, 8812, 8821, 8848, 8864, 8888, 8988, 8989, 9000, 9090, 9117, 9148, 9301, 9325, 9329, 9400, 9401, 9536, 9561, 9563, 9870, 9872, 9873, 9874, 9875, 9876, 9877, 9878, 9879, 9919, 9989, 9999, 10000, 10001, 10002, 10003, 10008, 10012, 10013, 10067, 10084, 10085, 10086, 10100, 10101, 10167, 10498, 10520, 10528, 10607, 10666, 10887, 10889, 11000, 11011, 11050, 11051, 11111, 11223, 11225, 11660, 11718, 11831, 11977, 11978, 11980, 12000, 12076, 12223, 12310, 12321, 12345, 12346, 12348, 12349, 12361, 12362, 12363, 12623, 12624, 12631, 12684, 12754, 12904, 13000, 13010, 13013, 13014, 13028, 13079, 13370, 13371, 13500, 13753, 14194, 14285, 14286, 14287, 14500, 14501, 14502, 14503, 15000, 15092, 15104, 15206, 15207, 15210, 15382, 15432, 15485, 15486, 15500, 15512, 15551, 15695, 15845, 15852, 15858, 16057, 16484, 16514, 16515, 16523, 16660, 16712, 16761, 16772, 16959, 16969, 17166, 17300, 17449, 17499, 17500, 17569, 17593, 17777, 18753, 19191, 19216, 19864, 20000, 20001, 20002, 20005, 20023, 20034, 20203, 20331, 20432, 20433, 21212, 21544, 21554, 21579, 21957, 22115, 22222, 22223, 22456, 22554, 22783, 22784, 22785, 23000, 23001, 23005, 23006, 23023, 23032, 23321, 23432, 23456, 23476, 23477, 23777, 24000, 24289, 25002, 25123, 25555, 25685, 25686, 25799, 25885, 25982, 26274, 26681, 27160, 27184, 27373, 27374, 27379, 27444, 27573, 27665, 28218, 28431, 28678, 29104, 29292, 29559, 29589, 29891, 29999, 30000, 30001, 30003, 30005, 30029, 30100, 30101, 30102, 30103, 30133, 30303, 30331, 30464, 30700, 30947, 30999, 31320, 31335, 31336, 31337, 31338, 31339, 31340, 31382, 31415, 31416, 31557, 31666, 31745, 31785, 31787, 31788, 31789, 31790, 31791, 31792, 31887, 32000, 32001, 32100, 32418, 32791, 33270, 33333, 33545, 33567, 33568, 33577, 33777, 33911, 34312, 34313, 34324, 34343, 34444, 34555, 35000, 35555, 35600, 36794, 37237, 37651, 38741, 38742, 40071, 40308, 40412, 40421, 40422, 40423, 40425, 40426, 41337, 41666, 43720, 44014, 44444, 44575, 44767, 45092, 45454, 45632, 45673, 46666, 47017, 47262, 47698, 47785, 47891, 48004, 48006, 48512, 49000, 49683, 49698, 50000, 50021, 50130, 50505, 50551, 50552, 50766, 50829, 51234, 51966, 52317, 52365, 52901, 53001, 54283, 54320, 54321, 55165, 55555, 55665, 55666, 56565, 57163, 57341, 57785, 58134, 58339, 59211, 60000, 60001, 60008, 60068, 60411, 60551, 60552, 60666, 61115, 61337, 61348, 61440, 61466, 61603, 61746, 61747, 61748, 61979, 62011, 63485, 64101, 65000, 65289, 65421, 65422, 65432, 65530, 65534, 65535)
  #$port=80
  #NetstatToObject | Where { $_.LocalPort -eq $port} | Group-Object LocalPort
  NetstatToObject | Where {$port2scanArray -contains $_.LocalPort } | Group-Object LocalPort
  Function NetstatToObject {
  netstat -ano | ForEach-Object {
  $_ -Match '\s*(?<Protocol>(TCP|UDP))\s*(?<LocalAddress>\S*)\s*(?<RemoteAddress>\S*)\s*((?<State>\S*)\s*)?\s*(?<PID>\S*)' | Out-Null
  $Matches | Select-Object @{n='Protocol';e={ $_.Protocol }},
  @{n='LocalAddress';e={ [Net.IPAddress]($_.LocalAddress -Replace '(:\d*$)') }},
  @{n='LocalPort';e={ [UInt32]($_.LocalAddress -Replace '^.*:') }},
  @{n='RemoteAddress';e={ [Net.IPAddress]($_.RemoteAddress -Replace '(:\d*$)') }},
  @{n='RemotePort';e={ [UInt32]($_.RemoteAddress -Replace '^.*:') }},
  @{n='State';e={ $_.State }}, @{n='PID';e={ $_.PID }}
  Write-Host DONEZO

• Broadcast and point to point server in the same port

  I'm trying to set up a system where I can send point to point messages via sockets to certain ips, send broadcast messages to every pc in the network, and also be able to listen for point to point messages and broadcast messages, all in the same port. I've been able to establish a point to point connection using the Socket class to send the message, and using the ServerSocket class to listen for messages, but I can't seem to get broadcasting to work.
  I read somewhere that for broadcasting one should use the DatagramSocket class. The problem is i'm not sure which ip i'm supposed to specify when I send the message. Also, do I need a special listener to listen for broadcast messages, or will the ServerSocket listener work for that?
  This is what I have for the broadcasting part:
  String msg = myId;
  DatagramSocket sendSocket;
  sendSocket = new DatagramSocket(Constants.COM_PORT); // 4567
  InetAddress group = InetAddress.getByName(Constants.BROADCAST_ADDR); // "192.168.1.1"
  DatagramPacket dp = new DatagramPacket(msg.getBytes(), msg.getBytes().length, group, Constants.COM_PORT);
  sendSocket.send(dp);
  sendSocket.close();
  Thanks in advance
  Diego

  It worth mentioning that UDP/broadcast and robust do go together easily.
  - UDP does not guarantee delivery. i.e. messages can be dropped and you won't be told. Lost packets are not retransmitted either.
  - UDP can fragment packets if larger than 532 bytes long.
  - UDP packets can arrive out of order (though I have never seen this myself)
  If your receiver is under load/busy it can miss many packets if its buffers overflow.

• Does port mapping (for minecraft) compromise the security

  Hi,
  My son wants to install the minecraft server on his laptop, so he and his brothers can play in one world.
  I did find the information how to forward ports, but I am a little reluctant to do so, because I don't know how save it is. Does port mapping compromise the security of my network? Would this open a backdoor for hackers to invade all computers conneted to the network?
  I would apreciate any advice.

  No, not if done properly.
  Generally, port mapping is designed to allow a direct connection from the Internet to a specific computer running a specific service on the local network. In this case the specific computer is your son's laptop and the specific service is the Minecraft server. Any other computers and services on that local network, other than your son's laptop will remain off limits to the Internet.
  The key to making sure that this stays secure is that you assign the laptop a static IP address, so it is the only one that is directly addressable from the Internet, and only the ports required for the Minecraft server are mapped to that static IP address belonging to the laptop.

• WARNING 20225 - PDF Port and Printer

  I recently bought a new computer and installed Adobe Acrobat 7.0 on it.  (Previously I had this software on my older computer where it worked just fine and sufficed for my needs.)
  When I installed this on my new computer, I got the following error message: "Warning 20225.  Adobe Acrobat 7.0 Setup was unable to create a new item: Adobe PDF Port and Printer.  The Adobe PDF may be unavailable."
  Sure enough, it is indeed "unavailable."
  How do I fix this problem?

  Open Start>Printers and right click on the Adobe PDF printer and select the properties. Under the port listing you should see it trying to use the Adobe PDF Port. Simply change that to File (Print to file). You may have to play a bit to configure this method, but it is a a work around. The PDF Maker may even work this way, but I have not tried that. You would have to then open the file in Distiller to create the PDF. You might be able to use a watched folder to automate the conversion a bit more, but all will require some trial and error. Do not be surprised if things do not work or seem messed up, that is the nature of trying to use backdoor methods like this. The alternative as suggested is to upgrade and AA X may be the last upgrade you will qualify for with AA7. Of course, the next version if probably 1.5 years down the road. If you can afford it at some point, I would suggest the upgrade and not continue the workaround, even if you can get it to work.
  The workarounds depend on taking out of the loop the various parts of the system that are so OS dependent. AcroTray is one of those components for the print process. PDF Maker is the other big one that is so dependent on how MS wrote OFFICE. I find it interesting that some folks complain about Acrobat not working with OFFICE and then go to a 3rd party to get the same result they would have gotten with Acrobat if they had simply printed to the Adobe PDF printer, but no they insisted PDF Maker. PDF Maker did not work and so they moved on without asking the basic question of printing.
  In any case, good luck. I am just running on and need to quit -- get some work done.