Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: ports?

  1. #11
    Junior Member
    Join Date
    Sep 2001
    Posts
    15
    i was running win2k, but i dumped it today for mandrake linux

  2. #12
    Senior Member
    Join Date
    Oct 2001
    Posts
    638

    RTFM (literally???)

    Maybe what I said was taken the wrong way.

    http://www.tuxedo.org/%7Eesr/faqs/smart-questions.html

    That should clear things up. Sorry if I offended anyone. That was not my intention.

  3. #13
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Hi people,

    Let me clear up things about port 445:
    Port 445 is used by Windows 2000 for sharing and usual windows stuff. The difference between tcp 445 and 139 (which is used by all windows systems that share by NetBIOS over TCP) is that sharing over tcp 445 does not utilise NetBIOS and instead uses SMB (server messaging block) directly over TCP...

    To close port 445, go to Start menu | settings | network and dial-up connections (open the explorer like interface, don't just expend the menu) then go in the advanced menu | advanced settings (oh yeah, you need to be admin to do it), then un-bind file sharing from the adapter in question...

    Note: running netstat -an will still show port 445 as listening, but it will not respond on that interface anymore (preventing null sessions and usual windows hacks)
    Note 2: port 445 doesn't show as open on nmap scans anymore either (at least for me)...

    As for port 1025, it is open on my 2 win2k boxes two, but i suspect that is has to do wit RPC allocating it for some purpose(since RPC allocates 1024 and above) still have to find out it's exact purpose though...

    Ammo

  4. #14
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    no meaning to make anybody paranoid (uh huh) look here for a list of what ports are not supposed to be used for.

    http://www.sans.org/newlook/resource...Q/oddports.htm

  5. #15
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785

    repost

    don't know why that address screwed up.

    http://www.sans.org/newlook/resource...Q/oddports.htm

    in 2 part to be sure

    http://www.sans.org/newlook/
    resources/IDFAQ/oddports.htm

  6. #16
    Senior Member
    Join Date
    Nov 2001
    Posts
    185

    Re: Ports

    These are just educated guesses, some are very similar or in complete agreement with some of the posts above. I only had about 15 min. to spend on the research, but here is what I found.

    My best guess on port 1025 (tcp or udp) is that you are using BIND and have blocked or are blocking ports 1024 down selectively. If so BIND is uses the first available open port 1024+1=1025, to get a response from the DNS server.

    Port 1083 is a little more ambiguous, I found info that would suggest that it could either be a well known Trojan Horse going by the name WinHole, or Everquest. This obviusly desrves more research but it was the hardest of the 3 to pin down to a working theory. (in 15 min.)

    Port 445 seems to be unique to Win2000 and quite possibly XP, in that it is working in conjuction with ports 137,138,139 (NetBIOS) ports. Anyway it seems to be related to a file and print sharing protocol called Server Message Block (SMB).
    It seems to be designed to do 3 things:
    ->Simplifying the transport of SMB traffic.
    ->Removing WINS and NetNIOS broadcast as a means of resolution.
    ->Standardizing name resolution on DNS for file and printer sharing.

    Hope this gets you started on your way to a resolution.

    btw, in all fairness to smirc, I found what info I have by way of Google using boolean operators to cull the search to more relevant returns.
    Know this..., you may not by thyself in pride claim the Mantle of Wizardry; that way lies only Bogosity without End.

    Rather must you Become, and Become, and Become, until Hackers respect thy Power, and other Wizards hail thee as a Brother or Sister in Wisdom, and you wake up and realize that the Mantle hath lain unknown upon thy Shoulders since you knew not when.


  7. #17
    IT Specialist Ghost_25inf's Avatar
    Join Date
    Sep 2001
    Location
    Michigan
    Posts
    648

    wanna know how to disable those ports?

    I can help you shut down those ports. Like Ive said before windows 2000 is or was a good Idea but they never bothered to secure the O/S before shiping out the disks. Microsoft is natorious for that building you a half assed O/S and expecting you to automaticly know what to secure and what filters need to be placed. well anyhow sounds like you are set with linux so have a happy.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •