-
June 19th, 2002, 03:21 AM
#1
How do i block these ports?
here's my latest port scan on my maching:
TCP: 127.0.0.1 [135-epmap]
TCP: 127.0.0.1 [389-ldap]
TCP: 127.0.0.1 [1002]
TCP: 127.0.0.1 [1025-blackjack]
TCP: 127.0.0.1 [1720-h323hostcall]
TCP: 127.0.0.1 [3001-redwood-broker]
TCP: 127.0.0.1 [3002-exlm-agent]
TCP: 127.0.0.1 [3003-cgms]
TCP: 127.0.0.1 [5000-commplex-main]
are these open right now or what?
how do i go about blocking these?
i'm running winXP pro w/ Zone Alarm
----------------------------------------------------------------
\"First you get the sugar, then you get the power, then you get the women\"
----------------------------------------------------------------
-
June 19th, 2002, 03:31 AM
#2
go into custom settings and then block each port
[gloworange]\"A hacker is someone who has a passion for technology, someone who is possessed by a desire to figure out how things work.\" [/gloworange]
-
June 19th, 2002, 05:13 AM
#3
Banned
It doesn't look like you scanned your ports online. Anyway if you did, you might have another program or software thats interfering and not intertwining with ZA's job as a firewall.
-
June 25th, 2002, 07:26 PM
#4
I am assuming you got this output from a netstat or you scanned the machine from itself based on the loopback address showing up?
If you have a personal firewall running, you probably shouldn't worry about it because those ports will be blocked from an external source by default. But if you are really worried, scan the machine from another machine with nmap and see what is truly open...
I am also curious as to why you have ldap running, is this a work machine?
-
June 25th, 2002, 09:05 PM
#5
Banned
Use netstat, and see if they really are open. I don't think they would be with zonealarm installed, zonealarm tend to block every port unless you give a program permission to use it and/or access the net. So, I don't really see how thats possible, but maybe you should try to reinstall zonealarm, so that the permissions are reset, or you edit them by using the zonealarm control panel. I strongly reccomend that you reinstall, as there are programs that are designed to mess with firewall and antivirus setting upon execution, so if that is true, zonealarm may have been compromised. If reinstalling doesn't work, that try getting another firewall as well as running a full virus scan of your system.
-
June 26th, 2002, 06:15 AM
#6
I just recently ran netstat, and here it is:
TCP 24.156.105.52:139 0.0.0.0:0 LISTENING
TCP 24.156.105.52:1185 63.108.181.201:80 TIME_WAIT
TCP 24.156.105.52:1186 168.143.179.189:80 ESTABLISHED
TCP 24.156.105.52:1187 63.108.181.201:80 TIME_WAIT
TCP 24.156.105.52:1195 63.108.181.204:80 CLOSE_WAIT
TCP 24.156.105.52:1196 63.108.181.204:80 CLOSE_WAIT
TCP 24.156.105.52:9533 0.0.0.0:0 LISTENING
here is what i got when I scanned remotely:
TCP: 24.156.105.52 [135-epmap]
TCP: 24.156.105.52 [139-netbios-ssn]
TCP: 24.156.105.52 [1025-blackjack]
TCP: 24.156.105.52 [5000-commplex-main]
TCP: 24.156.105.52 [9533]
9533 appears to be open in both cases, along with 139
port 139 is a NETBIOS session service, couldn't find what 9533 is used for.
before this i re-installed zone alarm and disabled the Win XP (non)-firewall.
----------------------------------------------------------------
\"First you get the sugar, then you get the power, then you get the women\"
----------------------------------------------------------------
-
June 26th, 2002, 06:28 AM
#7
Banned
Looks like you got something running that you don't want running. Try using another firewall, maybe you'll get different results. And run an antivirus scan as well. As for 139, are you using win95? There is a patch for that, but if you are going to install a new firewall anyway then you don't need it. And make sure you don't have file and printer sharing enabled.
-
June 26th, 2002, 11:15 AM
#8
yeah, i surely agree with KhaKisrule.
Try using another firewall, maybe you'll get different results. And run an antivirus scan as well.
-
June 26th, 2002, 12:29 PM
#9
TCP: 24.156.105.52 [1025-blackjack]
Do you run Norton Antivirus liveupdate??..that would be port 1025
-
June 26th, 2002, 04:36 PM
#10
I'm not running any live update at all, I don't even have Norton on the system. It's Windows XP pro, no file and print sharing and auto windows updates is disabled. I'm running Zone Alarm.
Any ideas on other firewalls would be appreciated as well. (I don't want to run Tiny or McAfee)
----------------------------------------------------------------
\"First you get the sugar, then you get the power, then you get the women\"
----------------------------------------------------------------
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|