Re: Do I need these services listening?
rodlinkowitz_at_whale-mail.com
Date: 03/15/05
- Next message: Jason Edwards: "Re: Do I need these services listening?"
- Previous message: rodlinkowitz_at_whale-mail.com: "Re: Do I need these services listening?"
- In reply to: Jason Edwards: "Re: Do I need these services listening?"
- Next in thread: Jason Edwards: "Re: Do I need these services listening?"
- Reply: Jason Edwards: "Re: Do I need these services listening?"
- Reply: Gerald Vogt: "Re: Do I need these services listening?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 15 Mar 2005 13:22:01 -0800
Jason Edwards wrote:
> <rodlinkowitz@whale-mail.com> wrote in message
> news:1110889621.943552.287000@g14g2000cwa.googlegroups.com...
> This is why your PC is listening to 25 and 110. If you don't need IIS
go to
> the control panel, add/remove programs, add/remove windows
components, and
> remove IIS.
There's no check mark, so I must have already removed that one a long
time ago.
> > But
> > the thing I'm not sure about is why, when I turned off ALL of my
> > firewalls on both computers, including
> > the SP1 on the router (and even opened up the feature in the
router's
> > setup to alllow "pings"), I still got a solid wall of green
(stealth)
> > blocks at GRC's SheildsUp.
>
> It's because the router, like any NAT router, does not know which PC
on your
> LAN the incoming connection requests from shields up should go to. So
your
> router is ignoring them and sending nothing back. Shields up will
show the
> port as stealth if it gets nothing back.
Why doesn't NAT ignore requests coming through on port 80 (the web), or
other ports that allow data to come through, such as the mail ports
(25/110)? I never configured the router to allow them. (For that
matter, if SheildsUp tests the first
1024 ports, how can it say they are all green, when that would include
port 80?
The very port that allows me to view the results of the test!).
> > Those include
> > the 25,110,445,135-139 ports btw, that were supposed to be
"listening".
>
> They are only listening to your LAN if your ADSL modem is connected
to the
> WAN port on the Netgear rp614 router and both computers are connected
to LAN
> ports on the Netgear rp614 router.
Well yes, that's the way I have things set up.
> I suggest you have a look at TCPView
> http://www.sysinternals.com/ntw2k/source/tcpview.shtml
> Tell it not to resolve addresses and to be always on top.
> Run it on both of your PCs
> Look for 25 and 110 in the local address column.
> Now send and receive email to/from your ISP.
> Look for 25 and 110 in the remote address column.
> If you can figure out what this is telling you then you may get a bit
> further with your education.
I ran TCPView, which is similar to my "WhoIsConnected", except
unchecking
"resolve addresses" finally shows me the Local Address ports that these
services
are listening to. Which is very educational, because I see now that
there is indeed something
listening on port 135 (TCP), the one I'm most concerned about. Although
I don't think its
a worm, but I can't positively identify what needs that port, because
its listed as "svchost.exe:744", which is a program that can represent
a number of windows services.
It showed a few ports I hadn't seen yesterday, such as LocalAddres port
1029
(svchost.exe:900, remote address:*.*) and a LocalAddress of
127.0.0.1:123
(svchost.exe:792). But no references to ports 25 or 110.
- Next message: Jason Edwards: "Re: Do I need these services listening?"
- Previous message: rodlinkowitz_at_whale-mail.com: "Re: Do I need these services listening?"
- In reply to: Jason Edwards: "Re: Do I need these services listening?"
- Next in thread: Jason Edwards: "Re: Do I need these services listening?"
- Reply: Jason Edwards: "Re: Do I need these services listening?"
- Reply: Gerald Vogt: "Re: Do I need these services listening?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
