Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Closing ports

  1. #1

    Closing ports

    I've been curious lately, after seeing that without a firewall up, I have several ports that are open and listening on my WinXP box. Though I always have a firewall up, I'd like to close the ports on my box, so I'll feel better, in case my firewall fails me somehow.

    Any ideas on how to do this?


  2. #2
    Join Date
    Aug 2002
    Rather than close the ports why not mask them. I use ZoneAlarm to block anything incoming. My system appears to be off to anyone who is doing a port scan.

  3. #3
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Turn off any unneeded services. Not sure exactly where it is in XP, probably something similar to 2k (control panel->administrative tools->services).

    Check out www.blkviper.com for what you can turn off and why.

    This should help reduce your port signature greatly...

    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  4. #4
    I have indeed turned off all of my services, especially after discovering, while checking the security of my friend's machine, that port 80 automatically works as a web server for MS!

    As for the firewall, I have Sygate up, which seems to do a better job than Zone Alarm 2 and almost every other firewall I've seen, for free. (Yes, it puts all ports into full stealth mode. But remember, I want to close ports, not just block/mask them.)

  5. #5
    Senior Member
    Join Date
    Nov 2001
    the only way to 'close' the port is to turn off the service thats listening on it but as long as your firewall blocks connection to them i wouldn't worry. just keep up to date on security allerts for your FW and get all the latest patchs for it and you OS.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Trumpet-Eared Gentoo Freak
    Join Date
    Jan 2003
    You can always check if your firewall is in good stealthmode.


    Come and check out our wargame-site @ http://www.rootcontest.org
    We chat @ irc.smdc-network.org #lobby

  7. #7
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    mayhem991, when you say that

    My system appears to be off to anyone who is doing a port scan.
    What do you mean????

    I believe you mean that incomming packets are dropped. Dropping packets does not prove that your box does not exist. If you drop the packets, you make aware that you are running a firewall. Unless you are rejecting them. Then the attacker gets an error saying "Destination host unreachable" or something like that. If i get no response at all (dropping the packets), i then know that there is a firewall.

    Please correct me if i am wrong


    And also one more thing, i can still portscan you
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  8. #8
    Member GandalfTheGray's Avatar
    Join Date
    Jan 2003
    There are many shades of meaning possible here. While one generally closes ports by stopping the service that has it open, that doesn't prevent another service (such as a trojan) from opening it. That is why a firewall is a good idea -- it can block both incoming and outgoing unauthorized traffic. At this point it is worth noting that the firewall included with Windows XP monitors only incoming traffic, so ZoneAlarm or one of the other software firewalls is a good add on. Something like Ad-Aware or one of the varients on that theme is also good to have. Generally, this sort of thing, along with remaining current with OS patches, is probably enough for a home machine or a non-mission-critical machine (although who's to say how much is enough?).

    However, it may do your peace of mind some good to get a tool such as fport from foundstone (www.foundstone.com) that will show you the running processes that have ports open. If you are used to seeing the typical operation of your system, then a new one stands out. Also, at least with ZoneAlarm and Snort, an IDS sitting behind a software firewall sees only those incoming packets that make it past the firewall (this, of course, is what should happen). Therefore, if you are running a good IDS behind your firewall, you will be alerted to anything that penetrates your firewall. There's no end to this list of actions that you could take. How many are worthwhile depends on how much trouble you are willing to take. Of course, every piece of software you install has the potential to interact with other software and cause more trouble than you save.

  9. #9
    Norton Internet Security is a good one, not only for closing ports...

  10. #10
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    New Jersey
    I posted this before in a prior thread, it's a link to an indexed listing of many services and/or applications, a brief explanation of each service, and if it's essential or not.


    and btw, instronics, excellent point.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts