Ports

[arkaig]

How do I close some malicious ports that are open on my server??

NT4

cheers

Arkaig

[petemcevoy]

What ports are they? How are they malicious? Generally speaking you would need to find the program that's running to keep the port open, be it netcat or whatever else. When posting in future try to include a little more detail.
Pete

[Terr]

Unless you want to get really-technical and in-the-guts-of-the-sockets, you should either STOP the programs running which are using those ports, or keep them from running in the first place, (E.G.: The start-up section of the Windows Start Menu, or the registry auto-run).

Failing that, firewall, block them. They'll still be open, but you can keep people from getting to them.

[arkaig]

Sorry folks, I was being deliberitely vague for a good reason. It was my SMTP server. As my e-mail address may be visible I didn't want to announce it! if that makes sense? Anyhow, I had a hunt around the registry and removed the offenders. Netbus being one. My firewall is also now blocking the offending ports.

Thanks again

Arkaig

[petemcevoy]

I'd still be concerned about that box, its common enough that an entry in the registry is just there to throw the sys admin off the trail, there are plenty of other places to put a back door.
Why wasn't your firewall blocking the ports in the first place - is it not better policy to close all sockets except for the ones you really need as opposed to selectively blocking ports?

[hogfly]

if someone got netbus on there....there could be more stuff. go here : www.agnitum.com get tauscan and run it to be safe. just my 2 worthless pennies.

[arkaig]

Thanks again for your input guys. I ran a copy of Retina on the troublesome server after I deleted the offending apps and registry entries and a reboot. I ran it again this morning. All clear. I am not the Firewall or router admin so I can't comment as to why it wasn't done in the first place.

thanks again,

Arkaig