Hi, I have been asked by a friend why port 1036 is open. He is using
ZoneAlarm firewall. When running a port scan (using www.grc.com), the port
is open. He was able to close it, but the port is not in stealth mode. I
have done a search on NSSTP and haven't come up with any resolutions. This
port should be in a stealth mode and not opened or closed. Any ideas? It's
a shot in the dark until I look at it myself. Thanks. Dr. P.

Use something like TCPView free from SysInternals to see what
process/application is using that port. Even if it is open the firewall
should be blocking access to it from the internet unless the firewall has
been configured to allow access to internet users which can be done by
malware. If it is an unauthorized process/application then it should be
removed which may take malware and spyware scans also in Safe Mode being
sure to update the definitions of any program used for such. If he is using
cable/DSL he should also be using an "internet router" or firewall device as
they would be the first line of defense and not be subject to malware
manipulation to allow inbound access. Internet routers are dirt cheap at
Best Buy, Amazon, Newegg, Walmart, etc from the likes of Linksys, D-Link,
Netgear, etc these days. Even real firewalls like last generation Netscreen
[I use Netscreen 5XP] and Sonicwall are very affordable when bought on Ebay
and have capabilities of advanced logging and controlling outbound access
with a default block all rule. --- Steve

http://www.sysinternals.com/Utilities/TcpView.html --- TCPView

"Dr. Palpatine" > wrote in message
...
> Hi, I have been asked by a friend why port 1036 is open. He is using
> ZoneAlarm firewall. When running a port scan (using www.grc.com), the
> port
> is open. He was able to close it, but the port is not in stealth mode. I
> have done a search on NSSTP and haven't come up with any resolutions.
> This
> port should be in a stealth mode and not opened or closed. Any ideas?
> It's
> a shot in the dark until I look at it myself. Thanks. Dr. P.

Thank you very much Steve. I have before, and will again, suggest to him to
use some sort of front end router so he can NAT his machine using a non
routable address. You can be specific with ZoneAlarm Pro and block that
port...

I have researched this 1036 nsstp and still have not found what use or
purpose for this port. Do you know? Not much on google or microsoft in this
area. Thanks Steve. -Dr. P.

"Steven L Umbach" wrote:

> Use something like TCPView free from SysInternals to see what
> process/application is using that port. Even if it is open the firewall
> should be blocking access to it from the internet unless the firewall has
> been configured to allow access to internet users which can be done by
> malware. If it is an unauthorized process/application then it should be
> removed which may take malware and spyware scans also in Safe Mode being
> sure to update the definitions of any program used for such. If he is using
> cable/DSL he should also be using an "internet router" or firewall device as
> they would be the first line of defense and not be subject to malware
> manipulation to allow inbound access. Internet routers are dirt cheap at
> Best Buy, Amazon, Newegg, Walmart, etc from the likes of Linksys, D-Link,
> Netgear, etc these days. Even real firewalls like last generation Netscreen
> [I use Netscreen 5XP] and Sonicwall are very affordable when bought on Ebay
> and have capabilities of advanced logging and controlling outbound access
> with a default block all rule. --- Steve
>
> http://www.sysinternals.com/Utilities/TcpView.html --- TCPView
>
> "Dr. Palpatine" > wrote in message
> ...
> > Hi, I have been asked by a friend why port 1036 is open. He is using
> > ZoneAlarm firewall. When running a port scan (using www.grc.com), the
> > port
> > is open. He was able to close it, but the port is not in stealth mode. I
> > have done a search on NSSTP and haven't come up with any resolutions.
> > This
> > port should be in a stealth mode and not opened or closed. Any ideas?
> > It's
> > a shot in the dark until I look at it myself. Thanks. Dr. P.
>
>
>

An internet router always makes sense because I have seen to often where
software firewalls have become disabled or misconfigured by malware,
software conflict, or user action [intended or not]. Using something like
TCPView and also possibly Process Explorer to further investigate process
use including associated services will give you a much better idea of what
the port is being used for. Even netstat -anb will give more detailed
information. Of course he should also be doing regular scans for both
spyware and viruses also in Safe Mode being sure to use the latest
definitions for any program he scans with. I have never heard of port 1036
[TCP I assume] being used for a specific purpose as a server service. ---
Steve


"Dr. Palpatine" > wrote in message
...
> Thank you very much Steve. I have before, and will again, suggest to him
> to
> use some sort of front end router so he can NAT his machine using a non
> routable address. You can be specific with ZoneAlarm Pro and block that
> port...
>
> I have researched this 1036 nsstp and still have not found what use or
> purpose for this port. Do you know? Not much on google or microsoft in
> this
> area. Thanks Steve. -Dr. P.
>
> "Steven L Umbach" wrote:
>
>> Use something like TCPView free from SysInternals to see what
>> process/application is using that port. Even if it is open the firewall
>> should be blocking access to it from the internet unless the firewall has
>> been configured to allow access to internet users which can be done by
>> malware. If it is an unauthorized process/application then it should be
>> removed which may take malware and spyware scans also in Safe Mode being
>> sure to update the definitions of any program used for such. If he is
>> using
>> cable/DSL he should also be using an "internet router" or firewall device
>> as
>> they would be the first line of defense and not be subject to malware
>> manipulation to allow inbound access. Internet routers are dirt cheap at
>> Best Buy, Amazon, Newegg, Walmart, etc from the likes of Linksys, D-Link,
>> Netgear, etc these days. Even real firewalls like last generation
>> Netscreen
>> [I use Netscreen 5XP] and Sonicwall are very affordable when bought on
>> Ebay
>> and have capabilities of advanced logging and controlling outbound access
>> with a default block all rule. --- Steve
>>
>> http://www.sysinternals.com/Utilities/TcpView.html --- TCPView
>>
>> "Dr. Palpatine" > wrote in message
>> ...
>> > Hi, I have been asked by a friend why port 1036 is open. He is using
>> > ZoneAlarm firewall. When running a port scan (using www.grc.com), the
>> > port
>> > is open. He was able to close it, but the port is not in stealth mode.
>> > I
>> > have done a search on NSSTP and haven't come up with any resolutions.
>> > This
>> > port should be in a stealth mode and not opened or closed. Any ideas?
>> > It's
>> > a shot in the dark until I look at it myself. Thanks. Dr. P.
>>
>>
>>

Thanks so much Steven for all your help and time on this. I will be looking
into this over the weekend. Dr. P.

"Steven L Umbach" wrote:

> An internet router always makes sense because I have seen to often where
> software firewalls have become disabled or misconfigured by malware,
> software conflict, or user action [intended or not]. Using something like
> TCPView and also possibly Process Explorer to further investigate process
> use including associated services will give you a much better idea of what
> the port is being used for. Even netstat -anb will give more detailed
> information. Of course he should also be doing regular scans for both
> spyware and viruses also in Safe Mode being sure to use the latest
> definitions for any program he scans with. I have never heard of port 1036
> [TCP I assume] being used for a specific purpose as a server service. ---
> Steve
>
>
> "Dr. Palpatine" > wrote in message
> ...
> > Thank you very much Steve. I have before, and will again, suggest to him
> > to
> > use some sort of front end router so he can NAT his machine using a non
> > routable address. You can be specific with ZoneAlarm Pro and block that
> > port...
> >
> > I have researched this 1036 nsstp and still have not found what use or
> > purpose for this port. Do you know? Not much on google or microsoft in
> > this
> > area. Thanks Steve. -Dr. P.
> >
> > "Steven L Umbach" wrote:
> >
> >> Use something like TCPView free from SysInternals to see what
> >> process/application is using that port. Even if it is open the firewall
> >> should be blocking access to it from the internet unless the firewall has
> >> been configured to allow access to internet users which can be done by
> >> malware. If it is an unauthorized process/application then it should be
> >> removed which may take malware and spyware scans also in Safe Mode being
> >> sure to update the definitions of any program used for such. If he is
> >> using
> >> cable/DSL he should also be using an "internet router" or firewall device
> >> as
> >> they would be the first line of defense and not be subject to malware
> >> manipulation to allow inbound access. Internet routers are dirt cheap at
> >> Best Buy, Amazon, Newegg, Walmart, etc from the likes of Linksys, D-Link,
> >> Netgear, etc these days. Even real firewalls like last generation
> >> Netscreen
> >> [I use Netscreen 5XP] and Sonicwall are very affordable when bought on
> >> Ebay
> >> and have capabilities of advanced logging and controlling outbound access
> >> with a default block all rule. --- Steve
> >>
> >> http://www.sysinternals.com/Utilities/TcpView.html --- TCPView
> >>
> >> "Dr. Palpatine" > wrote in message
> >> ...
> >> > Hi, I have been asked by a friend why port 1036 is open. He is using
> >> > ZoneAlarm firewall. When running a port scan (using www.grc.com), the
> >> > port
> >> > is open. He was able to close it, but the port is not in stealth mode.
> >> > I
> >> > have done a search on NSSTP and haven't come up with any resolutions.
> >> > This
> >> > port should be in a stealth mode and not opened or closed. Any ideas?
> >> > It's
> >> > a shot in the dark until I look at it myself. Thanks. Dr. P.
> >>
> >>
> >>
>
>
>