how to ensure and monitor security/open ports?

G

Guest

I'm using XP sp2. i recently ran Local Port Scanner (v1.2.2) and it showed
that i've got 7 open ports, some of which are vulnerable to several different
trojans, with Windows firewall turned on. I'm connected via a router, so i
don't know if these ports are really even open or not.

Also i recently turned on the security logging feature of the windows
firewall, but i have no idea how to decipher it to tell if any intrusion is
going on.

Does anybody know how to block or stealth the open ports, and how to read
the security log??? Please help a very paranoid newbie layman.
 
D

David H. Lipman

From: "ehipasso" <[email protected]>

| I'm using XP sp2. i recently ran Local Port Scanner (v1.2.2) and it showed
| that i've got 7 open ports, some of which are vulnerable to several different
| trojans, with Windows firewall turned on. I'm connected via a router, so i
| don't know if these ports are really even open or not.
|
| Also i recently turned on the security logging feature of the windows
| firewall, but i have no idea how to decipher it to tell if any intrusion is
| going on.
|
| Does anybody know how to block or stealth the open ports, and how to read
| the security log??? Please help a very paranoid newbie layman.

Open ports are NOT open to Trojans. They are open to Internet worms. Trojans open ports.

If you are connected to Broadband Internet then i suggest using a Cable/Dsl outer such as
the Linksys BEFSR41. Such a device can act as a simplistic FireWall and indeed most allow
you to block ports. As always, I suggest bliock TCP and UDP ports 135 ~ 139 and 445 on
*any* SOHO Router.

Note that some Routers have full FireWall implementations.
 
D

David H. Lipman

From: "David H. Lipman" <[email protected]>


|
| Open ports are NOT open to Trojans. They are open to Internet worms. Trojans open ports.
|
| If you are connected to Broadband Internet then i suggest using a Cable/Dsl outer such as
| the Linksys BEFSR41. Such a device can act as a simplistic FireWall and indeed most allow
| you to block ports. As always, I suggest bliock TCP and UDP ports 135 ~ 139 and 445 on
| *any* SOHO Router.
|
| Note that some Routers have full FireWall implementations.
|
| --
| Dave
| http://www.claymania.com/removal-trojan-adware.html
| http://www.ik-cs.com/got-a-virus.htm
|

I forgot to mention that to monitor activity at the Router there is the software
WallWatcher.

http://www.wallwatcher.com/
 
A

alfranze

You can do this:

1 - go to Command Prompt
2 - do the following command line: netstat -a -o
appears an report, in the PID column you have the ID of the process
that is running the listening port.
3 - go to Task Manager (CTRL-ALT-DEL)
4 - set the PID "on" in View-Select Column
5 - compare one and other and you will know who is....

ok?

alf
 
D

David H. Lipman

From: "alfranze" <[email protected]>

| You can do this:
|
| 1 - go to Command Prompt
| 2 - do the following command line: netstat -a -o
| appears an report, in the PID column you have the ID of the process
| that is running the listening port.
| 3 - go to Task Manager (CTRL-ALT-DEL)
| 4 - set the PID "on" in View-Select Column
| 5 - compare one and other and you will know who is....
|
| ok?
|

If you use TCPVIEW from Sysinternals -- http://www.sysinternals.com/Utilities/TcpView.html
You will see not a static command line view but a dynamic GUI view. It will show what
program is opening up what port and is communicating to what Internet site.

Not only can you view the fully qualified name and path of the executable but also the
command line switches used when it was loaded.
 
G

Guest

David H. Lipman said:
From: "alfranze" <[email protected]>

| You can do this:
|
| 1 - go to Command Prompt
| 2 - do the following command line: netstat -a -o
| appears an report, in the PID column you have the ID of the process
| that is running the listening port.
| 3 - go to Task Manager (CTRL-ALT-DEL)
| 4 - set the PID "on" in View-Select Column
| 5 - compare one and other and you will know who is....
|
| ok?
|

If you use TCPVIEW from Sysinternals -- http://www.sysinternals.com/Utilities/TcpView.html
You will see not a static command line view but a dynamic GUI view. It will show what
program is opening up what port and is communicating to what Internet site.

Not only can you view the fully qualified name and path of the executable but also the
command line switches used when it was loaded.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


thanks a million for the help!
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Strange persistant blocking of open ports in Windows XP x64 1
Ports Open: 23, 80, 443 1
How to Close Ports Manually??? 5
PORTS 1
What outgoing ports need to be open? 3
Windows Service Ports needed to open for Drive Mapping? 1
Security Tab hidden 7
Track down activity from ports 3120, 3466, 3470 2

Top