Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: what are port scans and ow do I close a port ?

  1. #1
    Junior Member
    Join Date
    Feb 2003
    Posts
    17

    Question what are port scans and ow do I close a port ?

    what are port scans and ow do I close a port ? for seurity reasons I wanted to know whats a port scan some of the information thats here is a little vague, but I did get a lot of information also wanted to kow how di I know a port is running and how do I close it or black it off ????



    Hello and thank you everyone for your help in helping me configure my computers on a P2P in my home. I hope that I am posting this in the right place.

    thank you all
    Rolo67

  2. #2
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    ports are only open when there is a application listening/serving on that port... to close a port simply close the application that is using it. my suggestion would be to get a firewall!
    yeah, I\'m gonna need that by friday...

  3. #3
    Senior Member
    Join Date
    May 2003
    Posts
    747
    A firewall is the most common way, but the most effective is to shut the ports down manually. All ports that are open are related to a certain service, to shut these ports down manually including messenger, type services.msc in the command prompt, and disable all the services you dont want running. I would definately follow that link to blackviper.com, so you can familiarize yourself with each service.
    This was my response to a similar thread. This will help you atleast on the ports portion of your question.

  4. #4
    Junior Member
    Join Date
    Aug 2002
    Posts
    22
    I would also thing it depends on the system, im assuimg that your running windows sp what tampabay420 told you is most likly the corect way to do it, but if its linux it might be another story(witch i dont know) just something to think about

  5. #5
    Senior Member
    Join Date
    Jun 2002
    Posts
    394
    first, what is a port number and what does it mean?

    a ``port'' or protocol number is how the internet protocol multiplexes and de-multiplexes transport protocols. or in more everyday words, its how a computer interface through one internet protocol address, like your network interface card or your modulator/demodulator, can have and keep track of multiple ``conversations'' in various different ``languages'' with one or more computers.

    so when you conduct a ``port scan'' of an ip address that is attached to an interface on a computer, what you are doing is asking that computer if it wants to talk to you in a specific language. if the remote computer wants to have a chat in ``language'' 80 or 21 or 23 it waits for someone to start the conversation in that language. or on that port.

    now i must make a distinction. a computer can be set up to speak ``language 80'', or http, on any port number. so this is where my analogy breaks down, and i stop.

    you can close a port by telling your computer to stop ``wanting to chat in that language', shutting down the program or service/daemon that is listening on that port. or, you could stick a big gigantic wall infront of the listening port. a wall made out of fire, with gun turrets. or not the turrets. but the point is that your computer is still listening on this port, but doesn;t know that nobody is talking to it because there is a firewall between it and everybody else.


    and keep reading here, 'cause there is plenty of hardcore technical information that is as straight forward as this post is vague and confusing.

    if your port starts running, you better run right out there after it to see where its going.

    use the good ol'e netstat protocol to check for open ports, from the command prompt of course. or use third party programs like tcpview or active ports to see what is listening on a port - with the option to close it.

    now i must go paralyse my body and allow my subconscious to digest all the wonderful events that have transpired over the last thirthy two hours
    Hmm...theres something a little peculiar here. Oh i see what it is! the sentence is talking about itself! do you see that? what do you mean? sentences can\'t talk! No, but they REFER to things, and this one refers directly-unambigeously-unmistakably-to the very sentence which it is!

  6. #6
    A port scan is like this... lets say if you run a scan on your own box. You see that port 139 and a bunch of other netbios ports and things are open. Each of these ports run services in your PC. These services are used to tell the printer to print, the mail server to mail, the FTP program to give away its files, & (ect).

    You could do port scans or just run command promt (DOS) then do some of the netstat commands to find the ports then like tampabay420 said... either dissable the programs that are opening the ports or get a firewall that'll drop some of the connections & packets flowing in and out of your comp. These packets and cells being sent are like commands that tell your programs and sometime hardware nodes like printers and fax what to do. If your worried about someone scanning you then you should notice alot of syn.

    Try my fav. netstat commands netstat -a and netstat -n *hint *hint...

  7. #7
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    what are port scans and ow do I close a port ? for seurity reasons I wanted to know whats a port scan some of the information thats here is a little vague, but I did get a lot of information also wanted to kow how di I know a port is running and how do I close it or black it off ????
    To test your own box you can go to www.grc.com This command will Displays all connections and listening ports.

    C:\WINDOWS>netstat -a

    You really should get a firewall you can download them here @ http://download.com.com/3120-20-0.ht...search=+Go%21+

  8. #8
    A port scan is a scan that scans a specific IP range for open ports on that ip or range of ips. And for closing them i would recommend a firewall you can download firewalls at www.download.com. To close the ports manually i cant tell you how to do that.

  9. #9
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604

    PortScans

    If you want to really understand portscans you have to understand a little bit about network protocols. The protocols most commonly used today on the internet are TCP/IP and UDP/IP. These protocols are used to establish connections or sessions between computers or other hardware components. Both the affore mentioned protocols are actually 2 protocols in one. Both TCP and UDP are encapsulated within the IP protocols. The IP part tells the data(packet) what computer to go to and the TCP/UDP indicates what service the data is destined for. When a service or application needs to be able to communicate via the network it attaches itself to a specific port,this is called binding. Many services operate on default ports but are not restricted to these ports but is merely common practice to make life in general easier. Usually ports 1-1023 are used by the various operating systems for OS services but this again, is not a rule as many Windows applications use any port they like. Some common ports are:

    21 for FTP services
    23 for Telnet
    25 SMTP (mail)
    79 finger
    80 HTTP

    the list is virtually endless. Now to the meat, a portscan is usually an automated process by which the scanner attempts to connect to a port/ports to determine if a service is running. Once the scanner has determined what ports are open and bound to a service he can then attempt to use the service if properly authenticated and authorized or in the case of a hacker attempt to exploit the service and gain access to the system. Shutting down services depends from OS to OS but in linux/unix various scripts are executed at boot time which bind certain services(daemons) to ports and can be changed there, in the case of Windows the services are diabled in the control panel under the services icon. Many of the services running are used by the system and should not neccesarily be shut off, so I reccomend you get a port list and google the ports/services and determine if the service needs/should be running. Then you can configure the service to either start at boot(automatic) or manually or disabled completely. A firewall comes in handy when you realize you have services that you may want to be available to other machines on your network but not to everyone with a computer and a phone. A firewall will handle all in bound traffic to your network according to its configuration and can be used to effectively "drop" or "reject" packets destined to ports which you do not want to recieve data from the scary internet(and much more but you get the idea). For example, you may have a trojan listening on port 5150 but a firewall can easily prevent anyone from the internet from connecting to that port. All though the ports remain open they are in-accessable to machines beyond your firewall. I reccomend you download a portscanner (Nmap being one of the most popular) and conduct a scan on yourself(127.0.0.1) The default settings should work fine (worry about the bells and whistles later when you know what they do) After you compare your scan results to a ports list you can shut off the services unneccesary to your needs, and then as previously mentioned get a firewall, either software(BlackIce Defender,ZoneAlarm) or hardware based(most routers for home use come with built in firewall capabilities) Then do some reading on protocols and the OSI seven layer model, for a more complete understanding of the topics discussed here. Hope this helps you out. One more thing, portscans are easily detectable and are often interpreted by SysAdmins as the first stage of an attack so don't run amok with your portscanners, you might find yourself in hotwater. Stick to scanning machines you own or have been give permission to scan. Hope this helps out.

    -Maestro

  10. #10
    MaestrO has some great advice. I would also like to suggest zonealarm, I installed it back in the day and it has only gotten better. Its found at www.zonelabs.com

    It is the firey wall that was mentioned earlier. This will give you well over average protection for your ports. (which doesn't mean a lot, but is better than 90% of computers out there)

    hope this link helps

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •