port security and policy problems

Hi I could use a bit of help from someone in the know I'll just start from
the beginning

Until a few days back I had never had any trouble with virus or malicious
attacks in the 5 years I'd been online, I kept a low profile, never bothered
with chatrooms or places where you'd be noticed. Also at the time this
trouble started I had no protection as my norton internet security had
corrupted and I uninstalled it and hadn't reinstalled it yet. Anyway I was
on winmx and ran into some racist girl who didn't like the kind of music I
had shared and she started trying to hack me. All I had was the Winxp
firewall. I had a bad feeling about her and went to event viewer right away
and noticed she was changing IPSec policies and system policies so I
unplugged and reinstalled Norton Internet Security suite 2004 the next day.
I also backed this up with Zone Alarm. Anyway I do a port scan and it shows
that my ICMP Ping port, HTTP Port 80 and worse yet my Telnet port 23 are all
open. These ports are supposed to be stealthed if not being used and Im
definately not running anything that uses these ports. This isn't even a
full port scan just a scan of the most common ones. Also my msnmessenger
keeps wanting to open up as a server, I turn it off and it wants to open up
again though I can deny it with my firewall.
How do I close these ports manually? Or how do I find out what is using
these ports? Also is there anywhere I can go to find out what policy
changes she made? My virus scan shows there is no virus or trojan horse
present. any advice would be apreciated. Thanks in advance.

zigzag

> Hi I could use a bit of help from someone in the know I'll just start
from
> the beginning
>
> Until a few days back I had never had any trouble with virus or
malicious
> attacks in the 5 years I'd been online, I kept a low profile, never
bothered
> with chatrooms or places where you'd be noticed. Also at the time this
> trouble started I had no protection as my norton internet security had
> corrupted and I uninstalled it and hadn't reinstalled it yet. Anyway I was
> on winmx and ran into some racist girl who didn't like the kind of music I
> had shared and she started trying to hack me. All I had was the Winxp
> firewall. I had a bad feeling about her and went to event viewer right
away
> and noticed she was changing IPSec policies and system policies so I
> unplugged and reinstalled Norton Internet Security suite 2004 the next
day.
> I also backed this up with Zone Alarm. Anyway I do a port scan and it
shows
> that my ICMP Ping port, HTTP Port 80 and worse yet my Telnet port 23 are
all
> open. These ports are supposed to be stealthed if not being used and Im
> definately not running anything that uses these ports. This isn't even a
> full port scan just a scan of the most common ones. Also my msnmessenger
> keeps wanting to open up as a server, I turn it off and it wants to open
up
> again though I can deny it with my firewall.
> How do I close these ports manually? Or how do I find out what is using
> these ports? Also is there anywhere I can go to find out what policy
> changes she made? My virus scan shows there is no virus or trojan horse
> present. any advice would be apreciated. Thanks in advance.
>
> zigzag
>

I just noticed something. Looking through the program access in both
firewalls I see a
program called "generic host process for win 32 services" and it's wanting
server rights, or access or whatever you want to call it. I don't know what
this is, or what is keeping my ports open when they should be stealth. Does
anyone know what this is?

zigzag

in winxp sp2 they introduced the new option netstat -b. This will show what
ports are opened and by what program.

good luck!

"jeffrey" <jeffrey@nospam.com> wrote in message
news:%23RSU%23SMvEHA.3376@TK2MSFTNGP12.phx.gbl...
> Hi,
>
> I have heard someone suggesting a program call Fport, if I remember
> correctly, it suppose to show you what ports are open and what is using
> it.
>
> Jeff
>
> "zigzag" <pigswill00@hotmail.com> wrote in message
> news:3b1gd.44272$%k.24@pd7tw2no...
>>
>> > Hi I could use a bit of help from someone in the know I'll just start
>> from
>> > the beginning
>> >
>> > Until a few days back I had never had any trouble with virus or
>> malicious
>> > attacks in the 5 years I'd been online, I kept a low profile, never
>> bothered
>> > with chatrooms or places where you'd be noticed. Also at the time this
>> > trouble started I had no protection as my norton internet security had
>> > corrupted and I uninstalled it and hadn't reinstalled it yet. Anyway I
> was
>> > on winmx and ran into some racist girl who didn't like the kind of
>> > music
> I
>> > had shared and she started trying to hack me. All I had was the Winxp
>> > firewall. I had a bad feeling about her and went to event viewer right
>> away
>> > and noticed she was changing IPSec policies and system policies so I
>> > unplugged and reinstalled Norton Internet Security suite 2004 the next
>> day.
>> > I also backed this up with Zone Alarm. Anyway I do a port scan and it
>> shows
>> > that my ICMP Ping port, HTTP Port 80 and worse yet my Telnet port 23
>> > are
>> all
>> > open. These ports are supposed to be stealthed if not being used and Im
>> > definately not running anything that uses these ports. This isn't even
>> > a
>> > full port scan just a scan of the most common ones. Also my
>> > msnmessenger
>> > keeps wanting to open up as a server, I turn it off and it wants to
>> > open
>> up
>> > again though I can deny it with my firewall.
>> > How do I close these ports manually? Or how do I find out what is
> using
>> > these ports? Also is there anywhere I can go to find out what policy
>> > changes she made? My virus scan shows there is no virus or trojan horse
>> > present. any advice would be apreciated. Thanks in advance.
>> >
>> > zigzag
>> >
>>
>> I just noticed something. Looking through the program access in both
>> firewalls I see a
>> program called "generic host process for win 32 services" and it's
>> wanting
>> server rights, or access or whatever you want to call it. I don't know
> what
>> this is, or what is keeping my ports open when they should be stealth.
> Does
>> anyone know what this is?
>>
>> zigzag
>>
>>
>