port security and policy problems

[zigzag]

Hi I could use a bit of help from someone in the know I'll just start from
the beginning

Until a few days back I had never had any trouble with virus or malicious
attacks in the 5 years I'd been online, I kept a low profile, never bothered
with chatrooms or places where you'd be noticed. Also at the time this
trouble started I had no protection as my norton internet security had
corrupted and I uninstalled it and hadn't reinstalled it yet. Anyway I was
on winmx and ran into some racist girl who didn't like the kind of music I
had shared and she started trying to hack me. All I had was the Winxp
firewall. I had a bad feeling about her and went to event viewer right away
and noticed she was changing IPSec policies and system policies so I
unplugged and reinstalled Norton Internet Security suite 2004 the next day.
I also backed this up with Zone Alarm. Anyway I do a port scan and it shows
that my ICMP Ping port, HTTP Port 80 and worse yet my Telnet port 23 are all
open. These ports are supposed to be stealthed if not being used and Im
definately not running anything that uses these ports. This isn't even a
full port scan just a scan of the most common ones. Also my msnmessenger
keeps wanting to open up as a server, I turn it off and it wants to open up
again though I can deny it with my firewall.
How do I close these ports manually? Or how do I find out what is using
these ports? Also is there anywhere I can go to find out what policy
changes she made? My virus scan shows there is no virus or trojan horse
present. any advice would be apreciated. Thanks in advance.

zigzag

 

[zigzag]

Hi I could use a bit of help from someone in the know I'll just start from
the beginning

Until a few days back I had never had any trouble with virus or malicious
attacks in the 5 years I'd been online, I kept a low profile, never bothered
with chatrooms or places where you'd be noticed. Also at the time this
trouble started I had no protection as my norton internet security had
corrupted and I uninstalled it and hadn't reinstalled it yet. Anyway I was
on winmx and ran into some racist girl who didn't like the kind of music I
had shared and she started trying to hack me. All I had was the Winxp
firewall. I had a bad feeling about her and went to event viewer right away
and noticed she was changing IPSec policies and system policies so I
unplugged and reinstalled Norton Internet Security suite 2004 the next day.
I also backed this up with Zone Alarm. Anyway I do a port scan and it shows
that my ICMP Ping port, HTTP Port 80 and worse yet my Telnet port 23 are all
open. These ports are supposed to be stealthed if not being used and Im
definately not running anything that uses these ports. This isn't even a
full port scan just a scan of the most common ones. Also my msnmessenger
keeps wanting to open up as a server, I turn it off and it wants to open up
again though I can deny it with my firewall.
How do I close these ports manually? Or how do I find out what is using
these ports? Also is there anywhere I can go to find out what policy
changes she made? My virus scan shows there is no virus or trojan horse
present. any advice would be apreciated. Thanks in advance.

zigzag

I just noticed something. Looking through the program access in both
firewalls I see a
program called "generic host process for win 32 services" and it's wanting
server rights, or access or whatever you want to call it. I don't know what
this is, or what is keeping my ports open when they should be stealth. Does
anyone know what this is?

zigzag

 

[Adrian Ciuca]

in winxp sp2 they introduced the new option netstat -b. This will show what
ports are opened and by what program.

good luck!