How do i block these ports?
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: How do i block these ports?

  1. #1
    Junior Member
    Join Date
    Jun 2002
    Posts
    24

    How do i block these ports?

    here's my latest port scan on my maching:


    TCP: 127.0.0.1 [135-epmap]
    TCP: 127.0.0.1 [389-ldap]
    TCP: 127.0.0.1 [1002]
    TCP: 127.0.0.1 [1025-blackjack]
    TCP: 127.0.0.1 [1720-h323hostcall]
    TCP: 127.0.0.1 [3001-redwood-broker]
    TCP: 127.0.0.1 [3002-exlm-agent]
    TCP: 127.0.0.1 [3003-cgms]
    TCP: 127.0.0.1 [5000-commplex-main]

    are these open right now or what?
    how do i go about blocking these?
    i'm running winXP pro w/ Zone Alarm
    ----------------------------------------------------------------
    \"First you get the sugar, then you get the power, then you get the women\"
    ----------------------------------------------------------------

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    800
    go into custom settings and then block each port
    [gloworange]\"A hacker is someone who has a passion for technology, someone who is possessed by a desire to figure out how things work.\" [/gloworange]

  3. #3
    Banned
    Join Date
    Apr 2002
    Posts
    82
    It doesn't look like you scanned your ports online. Anyway if you did, you might have another program or software thats interfering and not intertwining with ZA's job as a firewall.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    I am assuming you got this output from a netstat or you scanned the machine from itself based on the loopback address showing up?

    If you have a personal firewall running, you probably shouldn't worry about it because those ports will be blocked from an external source by default. But if you are really worried, scan the machine from another machine with nmap and see what is truly open...

    I am also curious as to why you have ldap running, is this a work machine?

  5. #5
    Banned
    Join Date
    Jun 2002
    Posts
    458
    Use netstat, and see if they really are open. I don't think they would be with zonealarm installed, zonealarm tend to block every port unless you give a program permission to use it and/or access the net. So, I don't really see how thats possible, but maybe you should try to reinstall zonealarm, so that the permissions are reset, or you edit them by using the zonealarm control panel. I strongly reccomend that you reinstall, as there are programs that are designed to mess with firewall and antivirus setting upon execution, so if that is true, zonealarm may have been compromised. If reinstalling doesn't work, that try getting another firewall as well as running a full virus scan of your system.

  6. #6
    Junior Member
    Join Date
    Jun 2002
    Posts
    24
    I just recently ran netstat, and here it is:

    TCP 24.156.105.52:139 0.0.0.0:0 LISTENING
    TCP 24.156.105.52:1185 63.108.181.201:80 TIME_WAIT
    TCP 24.156.105.52:1186 168.143.179.189:80 ESTABLISHED
    TCP 24.156.105.52:1187 63.108.181.201:80 TIME_WAIT
    TCP 24.156.105.52:1195 63.108.181.204:80 CLOSE_WAIT
    TCP 24.156.105.52:1196 63.108.181.204:80 CLOSE_WAIT
    TCP 24.156.105.52:9533 0.0.0.0:0 LISTENING

    here is what i got when I scanned remotely:


    TCP: 24.156.105.52 [135-epmap]
    TCP: 24.156.105.52 [139-netbios-ssn]
    TCP: 24.156.105.52 [1025-blackjack]
    TCP: 24.156.105.52 [5000-commplex-main]
    TCP: 24.156.105.52 [9533]

    9533 appears to be open in both cases, along with 139
    port 139 is a NETBIOS session service, couldn't find what 9533 is used for.

    before this i re-installed zone alarm and disabled the Win XP (non)-firewall.
    ----------------------------------------------------------------
    \"First you get the sugar, then you get the power, then you get the women\"
    ----------------------------------------------------------------

  7. #7
    Banned
    Join Date
    Jun 2002
    Posts
    458
    Looks like you got something running that you don't want running. Try using another firewall, maybe you'll get different results. And run an antivirus scan as well. As for 139, are you using win95? There is a patch for that, but if you are going to install a new firewall anyway then you don't need it. And make sure you don't have file and printer sharing enabled.

  8. #8
    Banned
    Join Date
    Oct 2001
    Posts
    55
    yeah, i surely agree with KhaKisrule.
    Try using another firewall, maybe you'll get different results. And run an antivirus scan as well.

  9. #9
    Senior Member Info_Au's Avatar
    Join Date
    Jul 2001
    Location
    Melbourne
    Posts
    273
    TCP: 24.156.105.52 [1025-blackjack]
    Do you run Norton Antivirus liveupdate??..that would be port 1025

  10. #10
    Junior Member
    Join Date
    Jun 2002
    Posts
    24
    I'm not running any live update at all, I don't even have Norton on the system. It's Windows XP pro, no file and print sharing and auto windows updates is disabled. I'm running Zone Alarm.
    Any ideas on other firewalls would be appreciated as well. (I don't want to run Tiny or McAfee)
    ----------------------------------------------------------------
    \"First you get the sugar, then you get the power, then you get the women\"
    ----------------------------------------------------------------

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides