port vulnerability??

[walter99]

i was not able to telnet to my isp shell account so i decided to shutdown my ZA firewall; once onto the shell account i monitored my listening ports and my netstat -an showed foreign IP port 80 was 'ESTABLISHED'; do i need to be concerned about this port vulnerability???

(ps: when i went back into windows IE i re-opened the firewall ; after half an hour i was surprised to see another established IP connection port 80; so i am wondering why the firewall would not have caught this)

[var_x]

I dont think you have anything to worry about.. The connection was on port 80 (www) so most likely it was a webserver making a connection. Were you on the web during this "attack"? If so, you should have nothing to worry about. any other info on this would be appreciated.

[bludgeon]

Um, I'm confused. . .telnet to your shell shouldn't be messed up by ZA, it should just ask if you want to allow it. . .port 80 is what IE is using so if you've got your browser open it is going to show a connection. . .the firewall wouldn't stop port80 connections if you have it set up to allow IE through. . .dunno if that answered anything but. . .

[walter99]

thanks bludgeon; i have added Telnet to program list in ZA

var_x; if i see a telent (port 23) established connection should i disconnect modem immediately (thats what i did); i got worried,,,,,; also can i allow the netbios ports (137-139) to remain active LISTENING or would it be better to close them; thanks

[SoggyBottom]

Personally, I only allow traffic through my Firewall that I require, and limit it to source, destination and port number to the best of my ability (there are some instances where you cannot get this granular).

I also think that it is a good idea to block all netBIOS traffic at your firewall, for you can pick up information about users if these ports are open, and if your machine is misconfigured, someone could even break you machine relatively easily.

[hurt-conveyor]

Port 80 is used for http, so firewalls dont block it. It could be an attack but probably isnt. I wouldnt worry about it if I were you.

[imaginedsanity]

They are definitely right about port 80. It is your http port and it's the main port used to connect to the internet. I'm guessing the reason it was established during your telnet to your ISP is because you probably had to telnet through port 80 to connect to your ISP instead of the usual port 21. Port 80 security issues aren't very common against computers not hosting a webserver. I hope this helps you out.

[var_x]

walter99 -- I hope you see this or something. You would most likely want to close netbios ports. ( unless you need file and print sharing ) if someone connects through telnet port 23, get their ip, check logs, etc... and notify authorities or something. Check the net for security updates on your OS and firewall as well as checking for exploits/vulns available for hackers to use with your $hit . Oh yea... change your password as well. just to be sure ( never know what "friends" are using your box when you're not looking ).

[v_squared_over_]

Where could I find a list of the most commonly used ports? I'm mainly curious about stuff like http, https, smtp, tcp/ip, and udp. Thanks in advance!

v_squared_over_r

[ac1dsp3ctrum]

Its probably a web spider, or just some person scanning for web servers =)