Why is port 1111 open, and is it safe to be?
Solution 1:
According to this reference:
Because protocol TCP port 1111 was flagged as a virus (colored red) does not mean that a virus is using port 1111, but that a Trojan or Virus has used this port in the past to communicate.
So, it could be a virus/trojan.
I would recommend you to use Net Activity Viewer to determine what process/service is keeping this port on listening state:
After this, Google the process name to see if there are any viruses related to this process and to this port.
Finally, if you think it is a virus, just follow the instructions guided here.
Solution 2:
You can use lsof -i :1111
to find the process connected to port 1111.
Solution 3:
IANA's (Internet Assigned Numbers Authority) port description is:
1111 tcp,udp lmsocialserver LM Social Server
But its also known to be used by
1111 tcp trojan Daodan, Ultors Trojan Trojans
1111 udp trojan Daodan Trojans
1111 tcp threat W32.Suclove Bekkoame
1111 tcp,udp threat AIMVision Bekkoame
Trojans that use this port:
Backdoor.AIMvision - remote access trojan, 10.2002. Affects all current Windows versions.
Backdoor.Ultor - remote access trojan, 06.2002. Affects Windows, listens on port 1111 or 1234.
Backdoor.Daodan - VB6 remote access trojan, 07.2000. Affects Windows.
W32.Suclove.A@mm (09.26.2005) - a mass-mailing worm with backdoor capabilities that spreads through MS Outlook and MIRC. Opens a backdoor and listens for remote commands on port 1111/tcp.
Sources:
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
http://www.speedguide.net/port.php?port=1111
Solution 4:
Check /etc/services
Generally, you can find standard service ports listed in /etc/services. However, on my system:
fgrep 1111 /etc/services
returns no information, so it's probably not a standard service.
Check netstat
You can see what programs are using a given port with netstat.
sudo netstat -lntp | fgrep 1111
You can then use that information to determine if it's a necessary system service for your environment.
Stopping Unnecessary Processes
Stopping system processes is somewhat platform-specific, but many Linux systems support a sudo service ssh stop
or similar command, or you can call the startup script directly with sudo /etc/init.d/<service> stop
. If it's not a system service, you can just call sudo kill <pid>
to send SIGTERM to the process.
Note that stopping a service doesn't prevent it from running again, so you may also need to adjust your runlevel startup scripts in whatever way is appropriate for your specific platform.
Solution 5:
This speedguide.net page indicates that TCP port 1111 is used by an app called LikeMinds Socialserver, but it also says it's known to be used by several malware apps. Perhaps a full malware scan of your disk is in order.