How do you close ports?

[Alun Jones]

"Ports" are *imaginary* anyway. They are not some tangible object that
exists. "Ports" are nothing but Layer4 Addresses,..just like IP#s are
Layer3 Addresses.

...

Phillip, I don't think that your explanation means a whole hill of beans to
the OP here.

Ports are a way into the system, and they are opened when an application
requests for them to be opened.

A firewall can be told to refuse to pass packets to a port that an application
has opened.

Since the OP is on XP SP2, he can use the wonderful new netstat options:

netstat -abon > netstat.txt

You'll get an output file, netstat.txt, that shows exactly what program is
listening on exactly which port. [Your local end of the port is listed under
"Local Address", after the ':']

Once you know the executables and DLLs that have requested this port to be
opened, you can close the programs.

You should expect, though, that any firewall you put in will detect incoming
"hack attempts", or connection requests, on various ports. It's just the
nature of the beast. My firewall logs all kinds of connection requests to a
bunch of ports that I _don't_ have open. It just means there's a bunch of
rude idiots out there.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]

 

[Phillip Windell]

..

Phillip, I don't think that your explanation means a whole hill of beans to
the OP here.

Probably so,...it is just one of those misconceptions that "grates" on me
after a while, and so sometimes I just have to "spout".. I'm sure my
little explaination probably isn't perfect in every detail either, but it is
close enough.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------

 

[Patrick Dickey]

Probably so,...it is just one of those misconceptions that "grates" on me
after a while, and so sometimes I just have to "spout".. I'm sure my
little explaination probably isn't perfect in every detail either, but it is
close enough.

True. I usually give an analogy instead of the technical description
though. I figure, if the person really wants to understand the concept
of Networking and the OSI model, they'll do some research. The average
PC users (at least the ones I know) don't care about that.

Usually, I tell them to imagine their computer as a building with 65,532
doors. Without a firewall, all of the doors are open, and anyone can
walk in or out. The firewall does two things. It hides the doors from
the people on the outside (except for whatever doors are supposed to be
open) and acts like a traffic cop asking you whether this program is
allowed to open a door or not. Also, as part of being a traffic cop, it
asks you if something on the outside should be allowed to enter through
one of your open doors (in some firewalls, at least).

That usually works well enough to convince them to get and keep an
updated firewall.

 

[Phillip Windell]

Usually, I tell them to imagine their computer as a building with 65,532
doors. Without a firewall, all of the doors are open, and anyone can
walk in or out. The firewall does two things. It hides the doors from
the people on the outside (except for whatever doors are supposed to be
open) and acts like a traffic cop asking you whether this program is
allowed to open a door or not. Also, as part of being a traffic cop, it
asks you if something on the outside should be allowed to enter through
one of your open doors (in some firewalls, at least).

But that is the misconception I want to avoid. The Application associated
with the port is like the "room" associated with the "door". You can't have
a door without the "room" on the other side of the door. If you have no
"room" then you have no "door". So unless the machine has 65,532
Applications running on it all using a different port,...then you don't have
65,532 ports on the machine and you don't need a firewall to cover what
isn't there, because the reality of it is that you don't actually connect to
ports,...you connect to *Applications*,...the port is just the "address"
used to associate the packet to the Application. Yes, true, you have
*potentially* 65,532 ports,...but without the Application associated with
the port, it means nothing.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
-----------------------------------------------------