Description: network blackjack
Description: UPnP/filmaker.com/Socket de Troie (Windows Trojan)
How can I remove these two infiltrators and harden my network to prevent future attacks?
Port 1025 is assigned to network blackjack. However, it is also used for other services including: Many hosting providers use it for SMTP, as some providers block port 25; Net2phone uses port 1025 for VoIP services; It can also be used by RPC and active directory. So make sure that none of those services are present on your network. With that said, you are right in that port 1025 can also be used for attacks as there is an RPC exploit that targets that port. Here is a link that indicates that port 1025 is one of the top 10 most probed ports.
Port 5000 is used for Window Universal Plug and Play. It's true that it is also used for the Socket de Troie Trojan, but that one is pretty old. I believe it dates back to 1998 or earlier. If you are infected with that Trojan you should be able to pick it up with a current virus scanner.
So back to your original question on how to protect your network. Well the best method is to develop in-depth defense by adopting the principle of least privilege. Defense in-depth means that you stack one layer of security on top of another. For example, use a firewall, control access to the servers, patch the servers and desktops regularly, keep the anti-virus software current and setup ACL's on your routers.
Now, on to the principle of least privilege. This rule states that you only give users and services the least amount of privilege needed to do the job. That means that you should turn off those ports that are not needed. That may mean that one at a time you start turning ports off or you may elect to block everything and then only turn back on the minimum services needed for the network and users to complete their needed tasks.
There are lots of good books and resources on the Web that discuss hardening devices and services. The NSA has hardening guidelines that you may want to take a look at here.
This was first published in September 2005