Problem :
On my router ASUS RT-N18U is port 4433 forwared to my PC’s IP address. I’ve not done this and I don’t know what does is mean. Should I be worried?
EDIT:
And also ports 60868 and 46153
Solution :
On my port 4433 is forwarded to my PC’s IP address
I’ve not done this and I don’t know what does is mean.
It’s possibly the Backdoor.Acidoor trojan.
4433 tcp applications
Backdoor.Acidoor (2003.02.25) – a backdoor trojan that gives a hacker
unauthorized access to your computer. By default, it uses ports 4432
and 4433. The existence of the file Extapp.exe is the sign of a
possible infection.Axence nVision also uses this port
Versile Object Protocol [Versile_AS] (IANA official)
Source Port 4433 Details
Are there any applications on your system listening on those ports? Since you mention “PC”, I’ll assume it is a system running Microsoft Windows. Obtain a command prompt and issue netstat -an | find portnumber, where portnumber is one of the relevant port numbers, commands to determine if your system is listening for connections on those ports. E.g., below is the output from a system that isn’t listening on those ports:
C:>netstat -an | find "4433"
UDP 0.0.0.0:54433 *:*
C:>netstat -an | find "60868"
C:>netstat -an | find "46153"
C:>
If the system is listening on one of those ports, e.g., 4433, you might see something such as the following:
C:>netstat -an | find "4433"
TCP 0.0.0.0:4433 0.0.0.0:0 LISTENING
TCP [::]:4433 [::]:0 LISTENING
C:>
If you prefer a program that gives you a graphical user interface (GUI) for viewing such information, you can use the free TCPView program from Microsoft. Look for the relevant port numbers in the “Remote Port” field. TCPView will show you the name of the process that has the port open and, if you right-click on the process name in TCPView, it will show you the location of the program associated with the process. TCPView will also show you if there are any remote systems connected to that port on your PC.
The fact that your router is forwarding those ports, if you didn’t forward the ports, is worrisome. More worrisome is if you find an application or applications listening on those ports, if you don’t recognize the application as a legitimate one and, if you see connections to those ports, that could mean that your system is infected with malware or even indicate that someone is remotely monitoring or even controlling your system, depending on how the program that has those ports opens functions.
Another free program that will provide similar capabilities to those provided by TCPView is the free CurrPorts utility from NirSoft. If you do find evidence of some suspicious program or programs listening on those ports, Nir Sofer, the software developer who created the NirSoft site, has a number of free “sniffer” programs that I’ve found useful in analyzing network activity by suspicious software on a system, e.g., DNSQuerySniffer, HTTPNetworkSniffer, NetworkTrafficView, SmartSniff, etc.
If you find a process listening on one of those ports, you can also upload any suspicious files you locate linked to those ports to the VirusTotal site now owned by Google, which currently analyzes uploaded files for free with 57 antivirus programs. Other similar free services which will analyze uploaded files with multiple antivirus programs are VirSCAN and Jotti’s malware scan.