Originally posted here by Elliente
I just recently ran netstat, and here it is:
TCP 220.127.116.11:139 0.0.0.0:0 LISTENING
TCP 18.104.22.168:1185 22.214.171.124:80 TIME_WAIT
TCP 126.96.36.199:1186 188.8.131.52:80 ESTABLISHED
TCP 184.108.40.206:1187 220.127.116.11:80 TIME_WAIT
TCP 18.104.22.168:1195 22.214.171.124:80 CLOSE_WAIT
TCP 126.96.36.199:1196 188.8.131.52:80 CLOSE_WAIT
TCP 184.108.40.206:9533 0.0.0.0:0 LISTENING
here is what i got when I scanned remotely:
TCP: 220.127.116.11 [135-epmap]
TCP: 18.104.22.168 [139-netbios-ssn]
TCP: 22.214.171.124 [1025-blackjack]
TCP: 126.96.36.199 [5000-commplex-main]
TCP: 188.8.131.52 
9533 appears to be open in both cases, along with 139
port 139 is a NETBIOS session service, couldn't find what 9533 is used for.
before this i re-installed zone alarm and disabled the Win XP (non)-firewall.
Thanks for giving us your IP ;)
shouldnt give out ips and (especially what ports are open). The kiddiots will have a field day with this...
9533 is prolly some trojan.
On your ZA try going to the firewall section and go to advanced, try checking enable ARP protection, Allow uncommon protocols at High Security, and the one on top of the second one. If your on a network, check the enable gateway protection.
The least security someone could have is an anti-virus because thats where some hacks first occur, with the victims computer infected. Id get your computer scanned at Trend Micro and get an Anti Virus. I barely noticed the fact of the netstat results you put. Id get a DNS form of IP if you have broadband. Be careful when you post next time.
Wow, I guess that wasn't a very smart thing to do eh? Giving my IP address out I mean...LOL
Oh well, What I have running now is working great; McAfee and Sygate personal firewall; I recently ran some netstats and port scans, and everything is fine now! Come to think of it, Before my IP address changed a few days ago, I did notice a few more scans than normal!
Anyway, there are currently no open ports on my system! thanks for the input!
I guess I shouldn't give out my new IP eh!
if u r looking for a good firewall i would personally recommend agnitum outpost
heres the url if u r interested in it i find that it is better than zonealrm and sygatet
I agree wholeheartedly with iNViCTuS and bombayofpigs. You really shouldn't post IP info with open ports while admitting you can't find the log files for your IDS. Next time you should x out the address like this.
TCP xx.xxx.xxx.xx:1185 xx.xxx.xxx.xxx:80 TIME_WAIT
You should leave the port numbers so we can have some idea about what is running, misconfigured, etc.
I know it's a pain in the ass, but there are somethings you shouldn't post in a public forum.