Re: Firewall now has numerous ports???

From: Steven L Umbach (n9rouz_at_nscomcast.net)
Date: 12/03/03

• Next message: Steven L Umbach: "Re: Firewalls"
• Previous message: RT: "Shared Folder is Missing...Help !"
• In reply to: anonymous_at_discussions.microsoft.com: "Re: Firewall now has numerous ports???"
• Next in thread: David Beder [MSFT]: "Re: Firewall now has numerous ports???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 03 Dec 2003 01:58:46 GMT

Apparently you are using ICS if you see Internet Gateway in Network Connection which
I am not familiar with, my network computers use my Netgear firewall/router as their
default gateway. Things I would try is using Tcpview to disable suspect processes to
see if you can track down what is causing the traffic, run msconfig to see what your
startup programs are and then selectively disable startup programs to see if you can
find out that way, or use a personal firewall such as Sygate [free for personal use].
Sygate will tell you what is trying to use your network connection either incoming or
outgoing and it should eventually become apparent after configuring it what is
causing all the traffic. Sygate will list the application and port wanting to access
outbound connection. Port 53 udp for dns is normal. Sygate also has extensive logging
down to the packet level which also would help troubleshoot the problem. --- Steve

http://www.webattack.com/Freeware/security/fwfirewall.shtml

<anonymous@discussions.microsoft.com> wrote in message
news:061601c3b93b$46e4e1c0$a301280a@phx.gbl...
>
> >-----Original Message-----
> >Where are you getting information about XP ICF showing
> nine ports? You
> >certainly could have suffered some sort of attack
> connected to the internet
> >for four hours unprotected. If you have other computers,
> it is a good idea
> >to use a device at the perimiter also. You can buy a
> cable/dsl router for as
> >little as $19 after rebates at Best buy. If the other
> computers are like
> >configured, you could use netstat -ano to compare
> network processes
> >connected/listening. I also like Tcpview which is free
> from Sysinternals
> >which is compact and can show you detailed information
> on network processes,
> >mapping to the executable path and allow you to kill any
> process you see.
> >Task Manager may be also helpful in determining a
> process hogging the CPU
> >and of course you should scan for
> viruses/worms/trojans/parasites anytime
> >you experience poor performance. --- Steve
> >
> >http://www.sysinternals.com/ntw2k/source/tcpview.shtml
> >
> >"Rob Milligan" <anonymous@discussions.microsoft.com>
> wrote in message
> >news:02ba01c3b903$6e459440$a101280a@phx.gbl...
> >> My ICF on XP show about nine ports. My current problem
> >> is huge network bottleneck coming from somewhere. Did
> >> something infiltrate my (er, static) IP address during
> >> the four hours I turned off the ICF for testing?
> >> Presently, all email and internet has slowed to a crawl
> >> on only this PC, all others are fine.
> >
> >
> Thank for these tips. By viewing the ICF settings, you
> can control what ports are monitored by ICF. There I
> discovered all these additional ports, named msmsg.<port
> number>. Using System Restore I rolled back to a week
> ago and those ports are gone, but there is still a huge
> bottleneck. Just now, whilst trying to figure out why
> Outlook times out every other message, etc., I discovered
> when viewing the "View Network Connections" that in
> addition to my "Local Area Connection", "Internet
> Gateway" was above this, actively funneling tons of
> packets. My next move is to download your recommended TCP
> checker. Also, I did just hook up the D-Link DI-604
> Router/Firewall to give it a test, but what I describe
> above is occuring after this firewall was placed in
> front, so something else still happening. Lastly, I ran
> a Norton AV 2004 total drives inspection and it came up
> empty. Any other thoughts? Can I return a favor? Rob

---

• Next message: Steven L Umbach: "Re: Firewalls"
• Previous message: RT: "Shared Folder is Missing...Help !"
• In reply to: anonymous_at_discussions.microsoft.com: "Re: Firewall now has numerous ports???"
• Next in thread: David Beder [MSFT]: "Re: Firewall now has numerous ports???"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: [Full-Disclosure] Blocking Music Sharing. ... and Network. ... Any connection allowed out by your firewall will probably let the return ... block the ports used for communication between the client & server ... Subject: Blocking Music Sharing. ... (Full-Disclosure) Re: NetBios Names and SP2 ... This will tell you which ports are open in the firewall as well as some ... Run the command (note: you must have the Support Tools from the Windows ... Check that "Enable NetBIOS over TCP/IP" is selected in the network ... (microsoft.public.windowsxp.network_web) Re: securing Ubuntu and firewall ... ports are for services the server provides such as web or email services. ... You do not needa firewall on a linux desktop. ... any network-connected computer if it's connected to an untrusted network ... (Ubuntu) Re: Firewall setup ... Depending on what you do and which services you use, the ports 25, 53 ... Thus just allowed traffic will traverse your firewall and everything ... As you say, you don't want to block all outgoing traffic, which is a easy to ... > need any MS based traffic leaving the private network, ... (Security-Basics) Re: How to block traffic in and out to all ports.... ... Larry James wrote: ... I would likt to block all ports, then one by one open the ... I am a network administrator by trade. ... protected by the firewall on the gateway, ... (linux.redhat.misc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)