UDP (User Datagram Protocol) is one of the protocols for data transfer that is part of the TCP/IP suite of protocols. UDP is a “stateless” protocol in that UDP makes no provision for acknowledgement of packets received. UDP enables an application to send a message to one of several applications running in a destination machine. Some problems arise because Internet applications are not exclusively TCP-based. UDP is stateless -- it differentiates sources and destinations within hosts and provides no other services. Often services do not use predefined numbers, so filtering on the basis of "well known ports" will not work.
Port 1029 is often one of the first port used by the operating system for outbound connections, thus it is likely you will see outbound connections from port 1029. If you run netstat you will see something like:
[root@funky web]# netstat -vatn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 1.2.3.4:1029 2.3.4.5:22 ESTABLISHED
The most distressing aspect of this, is that these service ports are wide open to the external Internet. If Microsoft wants to allow DCOM services and clients operating within a single machine to inter-operate, that's fine. But in that case the DCOM service ports should be "locally bound" so that they are not wide open and flapping in the Internet breeze. This is trivial to do, but Microsoft doesn't bother. Or, if there might be some reason to have DCOM used within a local area network, DCOM traffic could be generated with packets having their TTL (time to live) set down to one or two. This would allow DCOM packets complete local freedom, but they would expire immediately after crossing one or two router hops. The point is, there are many things Microsoft could easily do if they had any true concern for, or understanding of, Internet security.
Who knows what known or unknown, discovered or yet to be discovered vulnerabilities already exist those exposed servers and services? This is PRECISELY the situation which hit end users who didn't realize they were running a personal version of Microsoft's IIS web server when the Code Red and Nimda worms hit them and installed backdoor Trojans in their systems. And it's IDENTICAL to the situation when the SQL Slammer worm ripped across the Internet and tens of thousands of innocent end users discovered, to their total surprise, that some other software (Here's an off-site link to SQL-installing applications.) had silently installed Microsoft's insecure and now exploited SQL server into their machines, and that server had silently opened their ports 1433 and 1434 to the entire Internet.
If you are reading this page because our port analysis has revealed that you have open ports lying between 1024 and 1030, it would certainly be in your best interests to configure your personal firewall to block incoming connection requests (TCP SYN packets) to those low-numbered ports.
Unfortunately, since Windows initially initiates outgoing connections from this same low-numbered port range (as the first ports it uses immediately after booting), you may need to be careful with the configuration of your firewall rules. Otherwise you may find that the first several outbound connection attempts made by Windows will fail because returning traffic has been blocked at your firewall. However, any good stateful personal firewall, such as Zone Alarm and probably others, ought to block these low-numbered ports automatically. And, of course, placing any network behind a NAT router provides extremely good hardware firewall protection for your system(s).
(kaŝi) Se vi bezonas malnovan mesaĝon de elektita uzanto, klaku ties karakteristikon kaj uzu la ligilon "montri mesaĝojn de ĉitiu uzanto" supre en la paĝo. (konec) (Montri ĉiujn konsilojn)