Unknown ports open within XP
Results 1 to 8 of 8

Thread: Unknown ports open within XP

  1. #1
    Junior Member
    Join Date
    Jun 2002
    Posts
    18

    Unknown ports open within XP

    A little question,

    I have found two unknown services open when port scanning my home PC which is running Windows XP professional. They are UDP port 445 (IOC SRV) and TCP port 135 (MSDS). Anyone have any ideas as to what activity is being conducted upon them ? And what web sources are you using to lookup port numbers and their assigned services, apart from IANA.

    Thanks in advance,

    Wurzul

  2. #2
    Senior Member
    Join Date
    Mar 2002
    Location
    Snohomish WA
    Posts
    315
    I can't give you much info...but I can tell you what services use the two ports in question.
    Port 445 is Microsoft-DS, Windows XP and 2000 use this port for file sharing.
    Port 135 is DCE endpoint resolution. This is also a microsoft file sharing port.
    I hope this helps you a little.
    Faqt


    If you want to make God laugh....make plans.

  3. #3
    Senior Member
    Join Date
    Sep 2001
    Posts
    831
    Netstat with the -o paramater should show you the processes that are controlling those ports.

    Check out this thread.
    -Matty_Cross
    \"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
    But when you\'re good and crazy, hehe, the skies the limit!!\"

  4. #4
    Junior Member
    Join Date
    Jun 2002
    Posts
    18
    Using 'shields up' at https://grc.com/x/ne.dll?bh0bkyd2 I got this report.

    135 RPC
    OPEN! (Remote Procedure Call) This impossible-to-close port appears in most Windows systems. Since many insecure Microsoft services use this port, it should never be left "open" to the outside world. Since it is impossible to close, you will need a personal firewall to block it from external access. Do it soon!

    445 MSFT DS
    OPEN! This impossible-to-close port first appeared on Windows 2000 and was carried over to Windows XP. Since several insecure Microsoft services use this port, it should never be left "open" to the outside world. Since it is impossible to close you'll need a personal firewall to block it from external access. Do it soon!

    Still not very informative though.
    Keyboard not detected. Press F1 to continue.

  5. #5
    Junior Member
    Join Date
    Jun 2002
    Posts
    18
    Thanks for everybodys help
    Keyboard not detected. Press F1 to continue.

  6. #6
    I heard RPC is exploited a lot, but I don't know to what extent.

  7. #7
    Senior Member
    Join Date
    Jun 2002
    Posts
    144
    im not sure what ports XP uses for this, but I do know that XP is known to "check-in" with Microsoft. This is done, behind the scenes and is not known for sure what it is talking to micro$oft for. Like stated before, A personal firewall can close these ports off to intruders, and some firewalls like zonealarm and sygate will actually allow you to keep the computer from communicating to micro$not......I also have a program which will allow you to configure xp to not communicate with the "mother ship" if you want this program, pm me. I hope this helps some.
    M$ support is like shooting yourself in the left foot and then putting a band-aid on the right one.

  8. #8
    str34m3r
    Guest
    Well, the website you found your answers from doesn't have their story exactly straight. It is possible to close both of those ports, but not without a little pain. One good write up about the procedure to close both of these ports can be found here:

    http://www.gpick.com/tq/TQ_Page1.htm

    Look at numbers 14 and 15. Be forewarned, there is some loss of functionality if you follow these steps, but there is also increased secuurity. Only you can decide the correct balance.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •