Re: Microsoft Windows ME and TCP/5000

["Todd A. Garrison" <tgarris () FRAMELOSS ORG>]

Quite commonly when you setup a multi-player FPS type game they will
install a web-server that allows you to change maps, kick players, etc
on the game server.  I know that this is the case with Unreal
Tournament.  As for Quake3 I am pretty sure it doesn't do this as it has
the ability to allow control of these game aspects via the game itself.
You may want to check the docs for Halflife to see if this is true.

Good luck!

Eric Fagan wrote:
> Hello,
>   I've seen only a handful of unanswered questions when researching this
> subject on Google, but I've found what seems to be a webserver running on
> port 5000 of my WinME box.  A "netstat -a" shows UDP/1900 listening and
> TCP/5000 listening.  ICS is not installed, F/P Sharing is not enabled.
>
> On this box I have installed Halflife & QIII Arena off OEM CD's, and
> LimeWire (a gnutella type client).  The Limewire has since been removed and
> no references seem to appear for it the registry.  Telnetting to port 5000
> and trying a properly formatted http GET command (or using a web browser)
> returns HTTP 1.1/400 Bad Request.  I've seen references indicated UDP/1900
> is normal for ME (something to do with IP multicast & PnP detection), but
> TCP/5000?  I'm bringing home my Network Associates VirusScan software from
> work today.   (Shame on me, running w/out protection for two weeks -- what
> was I thinking!)   I was just curious if anyone knew of a Trojan that camps
> an HTTP server on TCP/5000.  Perhaps I caught something...
>
> --Eric

--
Todd Garrison
tgarris () frameloss org
PGP KEY ID: 0x007AEAE4