August 10th, 2002, 08:27 PM
i was not able to telnet to my isp shell account so i decided to shutdown my ZA firewall; once onto the shell account i monitored my listening ports and my netstat -an showed foreign IP port 80 was 'ESTABLISHED'; do i need to be concerned about this port vulnerability???
(ps: when i went back into windows IE i re-opened the firewall ; after half an hour i was surprised to see another established IP connection port 80; so i am wondering why the firewall would not have caught this)
August 10th, 2002, 08:35 PM
I dont think you have anything to worry about.. The connection was on port 80 (www) so most likely it was a webserver making a connection. Were you on the web during this "attack"? If so, you should have nothing to worry about. any other info on this would be appreciated.
August 10th, 2002, 08:35 PM
Um, I'm confused. . .telnet to your shell shouldn't be messed up by ZA, it should just ask if you want to allow it. . .port 80 is what IE is using so if you've got your browser open it is going to show a connection. . .the firewall wouldn't stop port80 connections if you have it set up to allow IE through. . .dunno if that answered anything but. . .
Every now and then, one of you won't annoy me.
August 10th, 2002, 10:01 PM
thanks bludgeon; i have added Telnet to program list in ZA
var_x; if i see a telent (port 23) established connection should i disconnect modem immediately (thats what i did); i got worried,,,,,; also can i allow the netbios ports (137-139) to remain active LISTENING or would it be better to close them; thanks
August 11th, 2002, 11:30 PM
Personally, I only allow traffic through my Firewall that I require, and limit it to source, destination and port number to the best of my ability (there are some instances where you cannot get this granular).
I also think that it is a good idea to block all netBIOS traffic at your firewall, for you can pick up information about users if these ports are open, and if your machine is misconfigured, someone could even break you machine relatively easily.
[glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]
August 12th, 2002, 05:52 AM
Port 80 is used for http, so firewalls dont block it. It could be an attack but probably isnt. I wouldnt worry about it if I were you.
August 13th, 2002, 02:12 AM
They are definitely right about port 80. It is your http port and it's the main port used to connect to the internet. I'm guessing the reason it was established during your telnet to your ISP is because you probably had to telnet through port 80 to connect to your ISP instead of the usual port 21. Port 80 security issues aren't very common against computers not hosting a webserver. I hope this helps you out.
The radiance of ignorace in a world of nothingness and all of this time your pestilence has created nothing but uselessness
August 14th, 2002, 08:51 AM
walter99 -- I hope you see this or something. You would most likely want to close netbios ports. ( unless you need file and print sharing ) if someone connects through telnet port 23, get their ip, check logs, etc... and notify authorities or something. Check the net for security updates on your OS and firewall as well as checking for exploits/vulns available for hackers to use with your $hit . Oh yea... change your password as well. just to be sure ( never know what "friends" are using your box when you're not looking ).
August 17th, 2002, 03:14 AM
Commonly open port list?
Where could I find a list of the most commonly used ports? I'm mainly curious about stuff like http, https, smtp, tcp/ip, and udp. Thanks in advance!
August 17th, 2002, 03:35 AM
Its probably a web spider, or just some person scanning for web servers =)