Open Ports

[Don]

I ran a security check with Norton's online checker, it found four open
ports and as far as I know nothing is accessing the net but me and my
firewall.
Port 21 is open used with FTP
Port 23 is open used with Telnet
Port 80 is open used with HTTP
It also said ICMP Ping if finding an open port could steer hackers to my
computer.
All of these ports should be closed unless activated from with in by my
using a program.
Any know how they could be open?
Outlook Express
Internet explorer
Norton Fire wall
Norton Anti virus
Win XP Home
If I don't get this corrected I'm going to get hit, without a doubt.
All scanned results on my computer show no infection. I also ran virus test
on line no infection.
I thought maybe a Trojan, but all test are clean.
Don't know much about ports, anyone help me?
Thanks
Don

 

[Nelson]

TCP/IP - the language of the internet, has thousands of
ports that can be used for messaging, signaling, etc. The
common ports are used for the common applications -
viewing web pages, sending email, etc. You should go to
Start, Settings, Control Panel, Network Connections, and
right-click on the connection you use for accessing the
internet. Go to Properties, to the Advanced tab and click
on the item that says "Protect My Computer...". This will
turn on the Internet Connection Firewall. If you want to,
go to Settings and make sure everything (in most cases) is
un-checked. Hit Apply, OK, etc. and close out. Then go
to http://grc.com and run Shields Up, Common Ports and see
if you get the Tru Stealth rating . . . if you do you can
rest easy - all's well ! Good Luck !

 

[anonymous]

Don - GOTO>>Run type "cmd /k netstat -o" it will show U your open ports in
realtime same as grc.com does. Then search google for a common port list.

NETSTAT /?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-e] [-n] [-o] [-s] [-p proto] [-r] [interval]

-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with
the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each
connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with
the -s
option to display per-protocol statistics, proto may be any
of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics
are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and
UDPv6;
the -p option may be used to specify a subset of the
default.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.

 

[Brian A.]

Do Not activate XP's firewall if you are using any third party firewall, they will
have a brawl. It appears that you use either NPF or NIS from what I read in your
post.
If you don't use FTP or go to FTP sites or use Telnet, you can block those ports
with NPF or NIS by removing them from the ports list, which ever it is you have. If
you ever need them you can add them back in the list. Port 80 is the common port to
get around the web.
Open NIS or NPF, click Options > NIS or NPF > Firewall tab, click on the port in the
list you don't want to have access, click Remove > OK and close out. As mentioned, if
you find you need them you can add them back.

 

[Tom]

Don - GOTO>>Run type "cmd /k netstat -o" it will show U your open ports in
realtime same as grc.com does.

That command only show "active" connection, not open ports. "netstat -a"
will show the ports connected, and list them.

 

[MAP]

-----Original Message-----
I ran a security check with Norton's online checker, it found four open
ports and as far as I know nothing is accessing the net but me and my
firewall.
Port 21 is open used with FTP
Port 23 is open used with Telnet
Port 80 is open used with HTTP
It also said ICMP Ping if finding an open port could steer hackers to my
computer.
All of these ports should be closed unless activated from with in by my
using a program.
Any know how they could be open?
Outlook Express
Internet explorer
Norton Fire wall
Norton Anti virus
Win XP Home
If I don't get this corrected I'm going to get hit, without a doubt.
All scanned results on my computer show no infection. I also ran virus test
on line no infection.
I thought maybe a Trojan, but all test are clean.
Don't know much about ports, anyone help me?
Thanks
Don


.

I removed the goabot32 worm from a friends computer last
night,and at Symantec's site info for the worm says to
disable FTP server and telnet in Admin tools (for
security sake) services, these are open by default and
99.99% of us will never use them.Port 80 is used for your
internet connection.
Since your at symantecs site I'll assume(Ya I know)that
you are using nortons firewall? I recently had some
trouble with NPF and I decieded to try zone alarm It is
by far better than Norton's.

 

[Don]

This is what I got with "cmd /k netstat -a". It dosen't ring my bell, sure
hope it does yours.
Don

Active Connections

Proto Local Address Foreign Address State
TCP VAIOop3 VAIO:0 LISTENING
TCP VAIO:epmap VAIO:0 LISTENING
TCP VAIO:microsoft-ds VAIO:0 LISTENING
TCP VAIO:1025 VAIO:0 LISTENING
TCP VAIO:1031 VAIO:0 LISTENING
TCP VAIO:1050 VAIO:0 LISTENING
TCP VAIO:1055 VAIO:0 LISTENING
TCP VAIO:5000 VAIO:0 LISTENING
TCP VAIO:1027 VAIO:0 LISTENING
TCP VAIO:1029 VAIO:0 LISTENING
TCP VAIO:1050 localhost:1027 CLOSE_WAIT
TCP VAIO:netbios-ssn VAIO:0 LISTENING
UDP VAIO:microsoft-ds *:*
UDP VAIO:isakmp *:*
UDP VAIO:1034 *:*
UDP VAIO:ntp *:*
UDP VAIO:1028 *:*
UDP VAIO:1900 *:*
UDP VAIO:ntp *:*
UDP VAIO:netbios-ns *:*
UDP VAIO:netbios-dgm *:*
UDP VAIO:1900 *:*

C:\Documents and Settings\Donald>

 

[Pop Rivet]

That command only show "active" connection, not open ports. "netstat -a"
will show the ports connected, and list them.

Better yet, go to grc.com as originally advised; lots more
goodies there plus no recanting/disagreements. Grc is an
excellent site and more useful every day.

Pop

 

[Carrie Garth]

| | I ran a security check with Norton's online checker, it found
| four open ports and as far as I know nothing is accessing the
| net but me and my firewall.
| Port 21 is open used with FTP
| Port 23 is open used with Telnet
| Port 80 is open used with HTTP <SNIP>

It sounds like you may have the optional Windows Component named
"Internet Information Services (IIS)" installed and running. If
you are not running a dedicated Web Server I highly recommend
removing this component by using the Add/Remove Programs dialog
box in Control Panel. For more information see the following
Microsoft Knowledge Base article:

KB305548 - HOW TO: Add Components and Programs to a Computer in
Windows XP
http://support.microsoft.com/default.aspx?Product=winxp&scid=kb;en-us;305548

And if you are running a dedicated Web server I recommend that
you post to the appropriate newsgroup:

microsoft.public.inetserver.iis

If you read the newsgroups using the Microsoft Communities Web
Page, here is a link:
http://communities2.microsoft.com/c...lt.aspx?query=microsoft.public.inetserver.iis

If you read newsgroups using a NNTP newsreader, such as Outlook
Express, and use the msnews.microsoft.com news server:
news://msnews.microsoft.com/microsoft.public.inetserver.iis

Related Topics:

KB832017 - Port Requirements for the Microsoft Windows Server
System (the information applies to Windows XP, too).
http://support.microsoft.com/default.aspx?Product=winxp&scid=kb;en-us;832017

KB327859 - INFO: Inetinfo Services Use Additional Ports Beyond
Well-Known Ports
http://support.microsoft.com/default.aspx?Product=winxp&scid=kb;en-us;327859

The Sysinternals program named "TCPView" is an application with a
GUI interface that shows you a detailed listings of all TCP and
UDP endpoints on your system, including the local and remote
addresses, the state of the connections, the name of the process
that owns each endpoint, etc.

Sysinternals Freeware - Utilities for Windows NT and Windows 2000
http://www.sysinternals.com/ntw2k/utilities.shtml

The following web page clearly explains how to identify running
network services by listing opened TCP and UPD ports with the
netstat command; explains about netstat command states, endpoints
and sockets, "LISTENING" and "ESTABLISHED", etc.

HSC - Brève - Minimization of network services on Windows systems
http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html