If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
How do you close ports?
You know, I have just encountered a similar problem, by different means. I
accidentally opened my telnet port in cmd and http port somehow. I found this out by doing the symantec security scan. As with networm, I have no clue how to get these ports closed and stealthed or whatever! I have done scans with norton and spyware s&d, and I have taken a passive look for processes running that would have these ports open. So far, I managed to close the telnet port in cmd again, but i did the scan with symantec and it still says its open... Do i understand this correctly in that these ports are only open because some process or program is using them? These conisistently open ports has brought on an onslaught of hack attemps, the ones I know about being blocked by norton. Should I try and find these programs keeping my ports open? - telnet open - http open - ping open Thanks "networm" wrote: Hi all, Somebody remotely in another part of the world sent me email complaining I have a "backdoor-g-1" trojan connecting to his computer. using port 1243... I've also run Norton Security check from their website and found the following port open along with the 1243 port... PORT STATE SERVICE 80/tcp open http 443/tcp open https Since Norton Antivirus and Norton Security Check did not find any virus... or anything else. Perhaps there is nothing I can do and I can just close the ports... Suspciously, these ports should not open... Now what shall I do? And how can I close the ports on XP sp2? Thanks a lot! |
Ads |
#2
|
|||
|
|||
How do you close ports?
Ports don't exist all by themselves. They exist and "listen" in response to
running Applications that use them. If the Telnet Service is running,...the Telnet port will be open If IIS is running,...the http port (80, 443, and possibly SMTP, FTP, and NNTP) would be open. Shutdown and disable the Telnet Service and IIS's Services (more than one) then those ports will "go away". It is a universal principle,...don't run anything you don't want people to connect to. "twentytwospoons" wrote in message ... These conisistently open ports has brought on an onslaught of hack attemps, That depends,...if you live in the world of paranoia,...everything will look like a "hack attempt" and you will see "hack attempts" under every rock and around every corner, and most of them won't be real but will just be misinterpretations of what is really happening. -- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com ----------------------------------------------------- Understanding the ISA 2004 Access Rule Processing http://www.isaserver.org/articles/IS...cessRules.html Microsoft Internet Security & Acceleration Server: Guidance http://www.microsoft.com/isaserver/t...dance/2004.asp http://www.microsoft.com/isaserver/t...dance/2000.asp Microsoft Internet Security & Acceleration Server: Partners http://www.microsoft.com/isaserver/partners/default.asp Deployment Guidelines for ISA Server 2004 Enterprise Edition http://www.microsoft.com/technet/pro...isaserver.mspx ----------------------------------------------------- |
#3
|
|||
|
|||
How do you close ports?
Alright, that helps. I don't completely understand how ports and services and
stuff like that work, especially when I don't even recall starting those programs. And I only call them "hack attempts" because they never used to occur prior to these ports suddenly being open. Either way, I think I can fix my problem with the confirmed knowledge in my mind that the ports are in use by running applications, not that they are just little open stomata in my firewall, as I previously thought. Thanks "Phillip Windell" wrote: Ports don't exist all by themselves. They exist and "listen" in response to running Applications that use them. If the Telnet Service is running,...the Telnet port will be open If IIS is running,...the http port (80, 443, and possibly SMTP, FTP, and NNTP) would be open. Shutdown and disable the Telnet Service and IIS's Services (more than one) then those ports will "go away". It is a universal principle,...don't run anything you don't want people to connect to. "twentytwospoons" wrote in message ... These conisistently open ports has brought on an onslaught of hack attemps, That depends,...if you live in the world of paranoia,...everything will look like a "hack attempt" and you will see "hack attempts" under every rock and around every corner, and most of them won't be real but will just be misinterpretations of what is really happening. -- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com ----------------------------------------------------- Understanding the ISA 2004 Access Rule Processing http://www.isaserver.org/articles/IS...cessRules.html Microsoft Internet Security & Acceleration Server: Guidance http://www.microsoft.com/isaserver/t...dance/2004.asp http://www.microsoft.com/isaserver/t...dance/2000.asp Microsoft Internet Security & Acceleration Server: Partners http://www.microsoft.com/isaserver/partners/default.asp Deployment Guidelines for ISA Server 2004 Enterprise Edition http://www.microsoft.com/technet/pro...isaserver.mspx ----------------------------------------------------- |
#4
|
|||
|
|||
How do you close ports?
"twentytwospoons" wrote in message
... Alright, that helps. I don't completely understand how ports and services and stuff like that work, "Ports" are *imaginary* anyway. They are not some tangible object that exists. "Ports" are nothing but Layer4 Addresses,..just like IP#s are Layer3 Addresses. The OS's Networking subsystem simply opens the packet and examines the Layer4 Address and then askes the question, "Is there a running application associated with this address?", if the answer is yes it passes the packet up through the OSI Layers to the Application assuming there are no contrary ACLs ,...if the answer is no, or if contrary ACLs exist, the packet is dropped. Layer3 Addresses (IP#s) in the Network Portion find the Subnet Layer3 Addresses (IP#s) in the Host Portion find the MAC Address via ARP Layer2 Addresses (MAC Address) finds the individual Host Layer4 Addresses (Ports) find the Application running on the Host -- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com ----------------------------------------------------- Understanding the ISA 2004 Access Rule Processing http://www.isaserver.org/articles/IS...cessRules.html Microsoft Internet Security & Acceleration Server: Guidance http://www.microsoft.com/isaserver/t...dance/2004.asp http://www.microsoft.com/isaserver/t...dance/2000.asp Microsoft Internet Security & Acceleration Server: Partners http://www.microsoft.com/isaserver/partners/default.asp Deployment Guidelines for ISA Server 2004 Enterprise Edition http://www.microsoft.com/technet/pro...isaserver.mspx ----------------------------------------------------- |
#5
|
|||
|
|||
How do you close ports?
In article , "Phillip Windell" @.
wrote: "twentytwospoons" wrote in message ... Alright, that helps. I don't completely understand how ports and services and stuff like that work, "Ports" are *imaginary* anyway. They are not some tangible object that exists. "Ports" are nothing but Layer4 Addresses,..just like IP#s are Layer3 Addresses. ... Phillip, I don't think that your explanation means a whole hill of beans to the OP here. :-) Ports are a way into the system, and they are opened when an application requests for them to be opened. A firewall can be told to refuse to pass packets to a port that an application has opened. Since the OP is on XP SP2, he can use the wonderful new netstat options: netstat -abon netstat.txt You'll get an output file, netstat.txt, that shows exactly what program is listening on exactly which port. [Your local end of the port is listed under "Local Address", after the ':'] Once you know the executables and DLLs that have requested this port to be opened, you can close the programs. You should expect, though, that any firewall you put in will detect incoming "hack attempts", or connection requests, on various ports. It's just the nature of the beast. My firewall logs all kinds of connection requests to a bunch of ports that I _don't_ have open. It just means there's a bunch of rude idiots out there. Alun. ~~~~ [Please don't email posters, if a Usenet response is appropriate.] -- Texas Imperial Software | Find us at http://www.wftpd.com or email 23921 57th Ave SE | . Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer. |
#6
|
|||
|
|||
How do you close ports?
"Alun Jones" wrote in message
... In article , "Phillip Windell" @. wrote: "twentytwospoons" wrote in message ... Alright, that helps. I don't completely understand how ports and services and stuff like that work, "Ports" are *imaginary* anyway. They are not some tangible object that exists. "Ports" are nothing but Layer4 Addresses,..just like IP#s are Layer3 Addresses. .. Phillip, I don't think that your explanation means a whole hill of beans to the OP here. :-) Probably so,...it is just one of those misconceptions that "grates" on me after a while, and so sometimes I just have to "spout".. :-) I'm sure my little explaination probably isn't perfect in every detail either, but it is close enough. -- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com ----------------------------------------------------- Understanding the ISA 2004 Access Rule Processing http://www.isaserver.org/articles/IS...cessRules.html Microsoft Internet Security & Acceleration Server: Guidance http://www.microsoft.com/isaserver/t...dance/2004.asp http://www.microsoft.com/isaserver/t...dance/2000.asp Microsoft Internet Security & Acceleration Server: Partners http://www.microsoft.com/isaserver/partners/default.asp Deployment Guidelines for ISA Server 2004 Enterprise Edition http://www.microsoft.com/technet/pro...isaserver.mspx ----------------------------------------------------- |
#7
|
|||
|
|||
How do you close ports?
Phillip Windell wrote:
"Alun Jones" wrote in message ... In article , "Phillip Windell" @. wrote: "twentytwospoons" wrote in message ... Alright, that helps. I don't completely understand how ports and services and stuff like that work, "Ports" are *imaginary* anyway. They are not some tangible object that exists. "Ports" are nothing but Layer4 Addresses,..just like IP#s are Layer3 Addresses. .. Phillip, I don't think that your explanation means a whole hill of beans to the OP here. :-) Probably so,...it is just one of those misconceptions that "grates" on me after a while, and so sometimes I just have to "spout".. :-) I'm sure my little explaination probably isn't perfect in every detail either, but it is close enough. True. I usually give an analogy instead of the technical description though. I figure, if the person really wants to understand the concept of Networking and the OSI model, they'll do some research. The average PC users (at least the ones I know) don't care about that. Usually, I tell them to imagine their computer as a building with 65,532 doors. Without a firewall, all of the doors are open, and anyone can walk in or out. The firewall does two things. It hides the doors from the people on the outside (except for whatever doors are supposed to be open) and acts like a traffic cop asking you whether this program is allowed to open a door or not. Also, as part of being a traffic cop, it asks you if something on the outside should be allowed to enter through one of your open doors (in some firewalls, at least). That usually works well enough to convince them to get and keep an updated firewall. -- Patrick Dickey http://www.pats-computer-solutions.com Smile.. someone out there cares deeply for you. |
#8
|
|||
|
|||
How do you close ports?
"Patrick Dickey" wrote in message
... Usually, I tell them to imagine their computer as a building with 65,532 doors. Without a firewall, all of the doors are open, and anyone can walk in or out. The firewall does two things. It hides the doors from the people on the outside (except for whatever doors are supposed to be open) and acts like a traffic cop asking you whether this program is allowed to open a door or not. Also, as part of being a traffic cop, it asks you if something on the outside should be allowed to enter through one of your open doors (in some firewalls, at least). But that is the misconception I want to avoid. The Application associated with the port is like the "room" associated with the "door". You can't have a door without the "room" on the other side of the door. If you have no "room" then you have no "door". So unless the machine has 65,532 Applications running on it all using a different port,...then you don't have 65,532 ports on the machine and you don't need a firewall to cover what isn't there, because the reality of it is that you don't actually connect to ports,...you connect to *Applications*,...the port is just the "address" used to associate the packet to the Application. Yes, true, you have *potentially* 65,532 ports,...but without the Application associated with the port, it means nothing. -- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com ----------------------------------------------------- Understanding the ISA 2004 Access Rule Processing http://www.isaserver.org/articles/IS...cessRules.html Microsoft Internet Security & Acceleration Server: Guidance http://www.microsoft.com/isaserver/t...dance/2004.asp http://www.microsoft.com/isaserver/t...dance/2000.asp Microsoft Internet Security & Acceleration Server: Partners http://www.microsoft.com/isaserver/partners/default.asp Deployment Guidelines for ISA Server 2004 Enterprise Edition http://www.microsoft.com/technet/pro...isaserver.mspx ----------------------------------------------------- |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Programs Rarely Close & XP Takes long time to shut down | micheal | General XP issues or comments | 4 | August 2nd 05 10:57 AM |
How to close open ports | Enrique | General XP issues or comments | 11 | May 11th 05 07:05 AM |
Lack of resources to support ports. | Ralph Hutchinson | The Basics | 2 | December 18th 04 04:34 AM |
File and Printer Sharing Ports | John | Security and Administration with Windows XP | 3 | November 26th 04 10:31 AM |
break in msn 6.2 voice conversation | Shirley | Microsoft Messenger | 22 | September 21st 04 11:39 AM |