Re: Open ports and lots of trojans?

From: David (davidwnh_at_adelphia.net)
Date: 10/06/03 

Date: Mon, 06 Oct 2003 17:00:16 GMT

Looks like you have FTP,SMTP, and HTTP servers running. You either need to
disable IIS or since you are using the machine for web development you may
only want to disable the FTP and SMTP services. You could also disable
socket sharing and set up these services to only listen on the loopback
address and/or any internal adapters(if the machine is multi-homed). Or you
could install a host based firewall or enable IPSec rules to block unwanted
traffic to them. What you do depends on what you need available and to whom.

>
> I have just run Sygate's online stealth scanner, and the desktop
> Anti-Trojan program, and both have reported that ports 21, 25, and 80
> are open (amongst others), and lists quite a number of "possible
> trojans".
>
> I would like to ask the obvious question that neither of these
> products appear to address, and how do I close these ports to make my
> machine more secure?
>
> Also, what isn't made clear by either product is, do I actually have
> trojans on my machine or not?
>
> (I'm running Windows 2000 SP3, that is used for web programming
> development.)
>
> Thanks for any info.
>
> -Robert.
>
> PS: Here's an extract from Anti-Trojan's report (which is similar to
> Sygate's report):
>
> Port 21 open. Possible trojans. FTP-Server (possible Trojaner: Fore,
> Invisible FTP, FTP, WebEx, WinCrash)
> Port 25 open. Possible trojans. Mail-Server (possible Trojaner:
> Antigen, Email Password Sender, Haebu Coceda, Shtrilitz Stealth,
> Terminator)
> Port 80 open. Possible trojans. Webserver (possible Trojaner:
> Executor)