OK, I’ve been running BlackIce for a firewall on my home machine for some time. I got it before ZoneAlarm was available, and I was fairly content with it. So I’ve just gotten around to trying out ZoneAlarm (capsule summary - BlackIce is a fine product, but I think I would reccomend ZoneAlarm, particularly in the light of ZA being freeware, provided that it proves to do as well as BlackIce at catching inbound port scans, and runs with as few problems).
I’m running Windows 2000.
Anyway, ZoneAlarm tells me that services.exe is listening on port 1026. Services.exe is the service controller which probably reflects anything done by anything started in the service panel.
What is listening on 1026 and why? The only thing I can find associated with that port is nterm remote login. Which windows-based service is providing nterm terminal emulation, if that’s what’s going on? And can I make it quit doing that?
Services.exe handles all WinNT transactions using named pipes. So, logins, logouts, files sharing, etc. are moderated by services.exe. In theory, all of these things should find the port on which services.exe is listening, and contact that port, but you can’t rule out some one hard coding 1026 into code. So, you could change it, but you probably don’t want to. There is nothing wrong with services.exe listening on port 1026; MS choose a non-standard port to stay out of everyones way.
All that said, there is a DOS attack that can be launched against services.exe. You should do a google search ( I just used services.exe ) to make sure you are protected against this attack.
Is this a Win2K server? I seem to recall 1026 being used by Active Directory. You might do some searches in the MS Knowledge Base for “port 1026” and see what you come up with.
Thanks for the answers. After some investigation, it seems to set up 1026 for communication with the DNS gateway - at least that’s what’s on the other end of the socket on incoming requests. Presumably, it was an available port negotiated with that server.