Re: Got Active Ports, now what?

From: Chris Thatcher (cthatcher@adelphia.net)
Date: 09/11/02 

From: "Chris Thatcher" <cthatcher@adelphia.net>
Date: Wed, 11 Sep 2002 02:31:16 GMT

As entertaining as this thread has been, try to remember there is a newbie
out there with a legitimate question and concern. All this spew is not
helping anyone.

not valid has given some solid advise. I would add that just because you
have services running and ports open does not in ANY way shape or form mean
that you have been hacked or that any malware is running on your machine.
all of the windows services running may not be necessary, but looking at
each one under services in the administrative tools should give you a better
idea of what they are for. ports are required for network communications
between computers. different ports map to different applications listening
for connections. the ones you want to be concerned with ar ethe ones that
are listening or connected inbound. they are the ones that the ankle biters
see when they do a port scan. 135, 137 and 139 are dead giveaways that they
have found a windows machine. if you are running a personal firewall you
want to simply block all inbound connectioons. if not, you can use port
filtering in the advanced properties of tcp/ip in the OS.

Windows is inherently insecure out of the box. there are numerous
vulnerabilities in the OS that can be exploited to gain access to a machine.
script kiddies account for 90+ percent of the noise out there. script
kiddies have no real skills, but pose a real danger because they have tools
that can easily locate and penetrate an insecure machine.

There are a number of places you can find advice on how to secure the OS.
spend some time at sans.org and visit nist.gov. both should give you plenty
to read aboout best practices, vulnerabilities and links to plenty of other
good sources of information.

Chris

"Not Valid" <not_valid@the_net.com> wrote in message
news:r7bpnusnb0tiecj80ocvke9vg35i85oha9@4ax.com...
> On Sun, 08 Sep 2002 21:21:50 GMT, "Z Craig" <whistle101@hotmail.com>
> wrote:
> )>
> )>> discover there are 23 things running! I'm a total novice and I
> )>> don't know what this means. Why do I need 23 connections to the
> )>> internet?!
> )>
>
> Craig,
>
> What 23 things are you refering too?
> Services, or Open Ports, or....
> Could you add some additional info to a reply.
>
> Learn a little about TCP/IP, Networking and Firewalls.
> There's plenty of good information out there
> (none of which comes from Tracker/Pandora/whatever)
>
> I'll suggest a few Forums to you
> http://www.wilders.org/forums.htm
> http://www.morelerbe.com/cgi-bin/ubb-cgi/ultimatebb.cgi
> http://www.dslreports.com/forums
> http://groups.yahoo.com/group/keriofirewall/
> http://209.100.212.5/cgi-bin/cbmc/forums.cgi
>
> and these sites
> http://www.samspade.org/
> http://samspade.org/d/firewalls.html
> http://www.robertgraham.com/
> http://www.robertgraham.com/pubs/
>
> You should get a 'Application' Filtering Firewall for your XP box.
> Try Tiny Personal Firewall, Kerio or Look-N-Stop. There are plenty
> of them.
>
> Get a Linux Firewall Box setup
> (an old 486 with 'Floppy-FW' or 'Freesco' will work fine)
> as your Main connection to the Interent
> then connect your XP box to your Linux Firewall Box. (it's real easy)
> http://inf33-www.informatik.unibw-muenchen.de/research/embedded/linux.html
>
>
>
> Oh, yeah.
> Just ignore or delete anything from Tracker or Pandora, or
> whatever it is calling itself now. You don't wanna take any of
> it's advise. Pandora has some kind of abnormal wierd fascination
> with Hackers.
>
> I hope that helps some..
>

Relevant Pages

  • Re: Port 135
    ... The patch doesn't disable DCOM / RPC, so connections can still be made. ... That's why you need a firewall. ... the patch is not the thing to control ... control over your TCP/IP ports and services, ...
    (microsoft.public.security)
  • Re: File sharing
    ... Instead of creating exceptions for individual ports for FPS I suggest that you try Group Policy and configuring the exemption for file and print sharing and probably the remote administration exemption. ... If there are do domain level Group Policies being applied to these computers currently for Windows Firewall, which you could verify by running rsop.msc on the client computer, you could try using local Group Policy to see if it does what you want. ... So then I went back and put in a custom setting to accept connections on the local subnet plus connections from my subnet, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: On passwords, securtiy and real -sweat, blook and tears- life
    ... given that all ports are closed to external contact through a physical allbeit consumer oriented firewall, just means I am safe for port-scanners. ... connections reduces the risk a lot. ... you can boot in single user mode and change the password. ...
    (Fedora)
  • Re: Open Ports on a hardware firewall
    ... If you have the ports open, e.g. people are allowed to initiate connections ... isn't about detecting queso, but more about tracking past data ... you're telling the firewall that every incoming packet ...
    (comp.security.misc)
  • Re: Open Ports on a hardware firewall
    ... If you have the ports open, e.g. people are allowed to initiate connections ... isn't about detecting queso, but more about tracking past data ... you're telling the firewall that every incoming packet ...
    (comp.security.firewalls)