January 21st, 2003, 01:34 AM
I've been curious lately, after seeing that without a firewall up, I have several ports that are open and listening on my WinXP box. Though I always have a firewall up, I'd like to close the ports on my box, so I'll feel better, in case my firewall fails me somehow.
Any ideas on how to do this?
January 21st, 2003, 01:39 AM
Rather than close the ports why not mask them. I use ZoneAlarm to block anything incoming. My system appears to be off to anyone who is doing a port scan.
January 21st, 2003, 01:39 AM
Turn off any unneeded services. Not sure exactly where it is in XP, probably something similar to 2k (control panel->administrative tools->services).
Check out www.blkviper.com for what you can turn off and why.
This should help reduce your port signature greatly...
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
January 21st, 2003, 01:42 AM
I have indeed turned off all of my services, especially after discovering, while checking the security of my friend's machine, that port 80 automatically works as a web server for MS!
As for the firewall, I have Sygate up, which seems to do a better job than Zone Alarm 2 and almost every other firewall I've seen, for free. (Yes, it puts all ports into full stealth mode. But remember, I want to close ports, not just block/mask them.)
January 21st, 2003, 01:48 AM
the only way to 'close' the port is to turn off the service thats listening on it but as long as your firewall blocks connection to them i wouldn't worry. just keep up to date on security allerts for your FW and get all the latest patchs for it and you OS.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
January 21st, 2003, 08:34 AM
You can always check if your firewall is in good stealthmode.
January 21st, 2003, 01:08 PM
mayhem991, when you say that
What do you mean????
My system appears to be off to anyone who is doing a port scan.
I believe you mean that incomming packets are dropped. Dropping packets does not prove that your box does not exist. If you drop the packets, you make aware that you are running a firewall. Unless you are rejecting them. Then the attacker gets an error saying "Destination host unreachable" or something like that. If i get no response at all (dropping the packets), i then know that there is a firewall.
Please correct me if i am wrong
And also one more thing, i can still portscan you
Ubuntu-: Means in African : "Im too dumb to use Slackware"
January 21st, 2003, 06:00 PM
There are many shades of meaning possible here. While one generally closes ports by stopping the service that has it open, that doesn't prevent another service (such as a trojan) from opening it. That is why a firewall is a good idea -- it can block both incoming and outgoing unauthorized traffic. At this point it is worth noting that the firewall included with Windows XP monitors only incoming traffic, so ZoneAlarm or one of the other software firewalls is a good add on. Something like Ad-Aware or one of the varients on that theme is also good to have. Generally, this sort of thing, along with remaining current with OS patches, is probably enough for a home machine or a non-mission-critical machine (although who's to say how much is enough?).
However, it may do your peace of mind some good to get a tool such as fport from foundstone (www.foundstone.com) that will show you the running processes that have ports open. If you are used to seeing the typical operation of your system, then a new one stands out. Also, at least with ZoneAlarm and Snort, an IDS sitting behind a software firewall sees only those incoming packets that make it past the firewall (this, of course, is what should happen). Therefore, if you are running a good IDS behind your firewall, you will be alerted to anything that penetrates your firewall. There's no end to this list of actions that you could take. How many are worthwhile depends on how much trouble you are willing to take. Of course, every piece of software you install has the potential to interact with other software and cause more trouble than you save.
January 21st, 2003, 06:37 PM
Norton Internet Security is a good one, not only for closing ports...
January 21st, 2003, 11:29 PM
I posted this before in a prior thread, it's a link to an indexed listing of many services and/or applications, a brief explanation of each service, and if it's essential or not.
and btw, instronics, excellent point.
The object of war is not to die for your country but to make the other bastard die for his - George Patton