Internet-Security raven logo internet-security.com

TCP 1025

ProtocolTCP
Port1025
LabelsTeradata database management system (Teradata) server

Synopsis

  • Windows 2000, XP, and Server 2003 commonly use TCP 1025 as the first dynamic port for Microsoft RPC/DCOM (those versions defaulted to an ephemeral range of 1025–5000).
  • As a result, core RPC-based components often listen on 1025 on those systems, including WMI, COM+ Remote Activation, Active Directory’s NTDS RPC, and parts of Microsoft Exchange Server 2003’s RPC connectivity.
  • Symantec/Veritas Backup Exec Remote Agent for Windows Servers (RAWS) uses an RPC-assigned dynamic port and is frequently observed binding to TCP 1025 on these Windows versions.
  • Microsoft System Center Configuration Manager (SCCM) remote tools and other WMI/RPC-driven management software have been commonly seen using TCP 1025 in such environments.
  • Security note: Because TCP 1025 is often an RPC endpoint on older Windows, it has historically been scanned and targeted in exploits against vulnerable DCOM/RPC services on unpatched systems.

Observed activity

Last 30 days Detailed chart

More information