Vulnerability Development: Re: tcp port 20445 is open after napster 2.0 beta install (win98 and winME)

[Bluefish <11a () GMX NET>]

> With beta 5, a telnet connection would offer a prompt: "[RPL2]:";
> with beta 6, no prompt.  The open port remains after an uninstall.
Even after computer reboot?!?

Sounds uggly. To me it sounds very much like a backdoor, but I suppose it
could also be a broken uninstall program, failures to properly remove
applications in the windows environment is common, and usually the
uninstall softwares doesn't say antything.

Anyone had any luck in determin what application/dll is causing this? I
suppose checking for "run" entries in the registry, or looking for new
active processes, could track down the offender. (does anyone know a more
scientific method to track which process has opened a port under windows?)

IMHO, this may very well be a serious vulnerability. If it isn't a
backdoor, and a vulnerability is found in the code, numerous affected
users may not upgrade because they believe they have uninstalled the
vulnerable application!

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team