Re: port security and policy problems

From: zigzag (pigswill00_at_hotmail.com)
Date: 10/28/04 

Date: Thu, 28 Oct 2004 07:26:55 GMT

> Hi I could use a bit of help from someone in the know I'll just start
from
> the beginning
>
> Until a few days back I had never had any trouble with virus or
malicious
> attacks in the 5 years I'd been online, I kept a low profile, never
bothered
> with chatrooms or places where you'd be noticed. Also at the time this
> trouble started I had no protection as my norton internet security had
> corrupted and I uninstalled it and hadn't reinstalled it yet. Anyway I was
> on winmx and ran into some racist girl who didn't like the kind of music I
> had shared and she started trying to hack me. All I had was the Winxp
> firewall. I had a bad feeling about her and went to event viewer right
away
> and noticed she was changing IPSec policies and system policies so I
> unplugged and reinstalled Norton Internet Security suite 2004 the next
day.
> I also backed this up with Zone Alarm. Anyway I do a port scan and it
shows
> that my ICMP Ping port, HTTP Port 80 and worse yet my Telnet port 23 are
all
> open. These ports are supposed to be stealthed if not being used and Im
> definately not running anything that uses these ports. This isn't even a
> full port scan just a scan of the most common ones. Also my msnmessenger
> keeps wanting to open up as a server, I turn it off and it wants to open
up
> again though I can deny it with my firewall.
> How do I close these ports manually? Or how do I find out what is using
> these ports? Also is there anywhere I can go to find out what policy
> changes she made? My virus scan shows there is no virus or trojan horse
> present. any advice would be apreciated. Thanks in advance.
>
> zigzag
>

I just noticed something. Looking through the program access in both
firewalls I see a
program called "generic host process for win 32 services" and it's wanting
server rights, or access or whatever you want to call it. I don't know what
this is, or what is keeping my ports open when they should be stealth. Does
anyone know what this is?

zigzag

Relevant Pages

  • Re: How do I stop the mydoom virus?
    ... that won't stop the virus from spreading via email because the virus is ... already on the wrong side of your firewall. ... If you block these ports ... that range may not apply to the variant you have on your network. ...
    (microsoft.public.exchange.admin)
  • Re : MBSA incomplete scans
    ... I often use this firewall to troubleshoot many network applications to know what ports have I to open. ... however having a spot of trouble in my latest network audit with it. ... Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! ...
    (Security-Basics)
  • Re: virus/worms killing a network...
    ... > The virus get into the user machine by e-mail from other ISPs. ... > as ports that w32.blaster and others worms use to spread in the network. ... Just add the log option to the firewall rules for your internal hosts. ...
    (Fedora)
  • Group Policy Results Wizard and XP SP2
    ... SP2 (firewall active). ... Most normal apps run without any trouble but ... sharing on the remote machine and that didn't help. ... I do not see any other ports being ...
    (microsoft.public.windows.group_policy)
  • Re: Black Ice question
    ... It's an incoming logger, not a firewall. ... Calling closed or stealth ports ... Calling and connecting to a badguy server, ... some spyware or a virus IS dangerous. ...
    (comp.security.firewalls)