Open Ports
Results 1 to 9 of 9

Thread: Open Ports

  1. #1
    Junior Member
    Join Date
    Sep 2003
    Posts
    2

    Exclamation Open Ports

    I have a small home network which I am attempting to secure with a Netgear FVS318 firewall router. I have a total of 3 PC's on the network running Windows ME, Windows XP Home and Windows XP Pro. I am considering adding a Linksys BEFSX41 firewall router after the FVS318 as an added layer of protection. I do not run any software firewalls on any of the machines, all firewall functions are done by the router. The problem is that I am finding unknown open ports. The port numbers are 5870 and 15101. I am seeking assistance in identifying the ports. For the time being, I have blocked them through the router being that I do not know what they are.

  2. #2
    Senior Member
    Join Date
    Aug 2002
    Posts
    239
    Personally, I see no cause for concern. As you stated, all of your firewall functions are done through your Netgear router; this should be plenty sufficient for a home user.

    It may be some sort of auth service running from your router. I couldnt fine much more, but as I stated, there's really no cause for concern.

    But, for the extra paranoid, run a scan-through for any trojans that may be binding to the unusually high port numbers. Also, you can use fport, which can map applications to the unusual ports. Get that here: http://www.foundstone.com/index.htm?...desc/fport.htm

    Good luck
    It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.

    Hit it!

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    The official list of assigned and well known port numbers, and thier assigned applications, can be found at
    http://www.iana.org/assignments/port-numbers

    Neither of the ports you mentioned are on that list, which is THE official list. Blocking them would be a good idea.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  4. #4
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487

    Port and process lists...

    Great port lookup web site: http://www.treachery.net/security_tools/ports/
    Good list of ports at http://keir.net/portlist.html

    FPort is good, as Showtime8000 indicated, but I have had problems with it on XP (at least the Home version).

    I know this isn't specifically what you asked about but it might help to check what processes are running here's a few good tools (note: I dont work for or am affiliated with any of these companies):
    - PrcView at http://www.prcview.com
    - Process Explorer by SysInternals at http://www.sysinternals.com
    - PSList by SysInternals at http://www.sysinternals.com

    Hope this helps you sleep at night!

  5. #5
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    Personally, I dont rely on the iana port listings to determine what is responsible for opening ports on a host. I prefer finding out what application is opening these ports.

    For example, if you see port 1433 open on your machine, never assume that mssql is responsible for opening it. What if someone has installed netcat on your machine or a trojan, and configured it to open port 1433?

    I use a tool called Active Ports on my WinDoze machine. Its pretty good, it will tell you what application is responsible for each open port. Similiar to the netstat -pa command on linux, but with a pretty interface
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Yes, you must still look at which application is actually using these ports. However, the iana list will tell you whether or not they are supposed to be listening on those ports. The list is not a good resource on its own. You must still be aware of why each port on your computer is open. So unless you have changed applications specifically to use different ports, most valid applications will appear on the list.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  7. #7
    Senior Member
    Join Date
    Aug 2002
    Posts
    239
    Originally posted here by SoggyBottom
    What if someone has installed netcat on your machine or a trojan, and configured it to open port 1433?
    Good point, but its very difficult to backdoor through a router, especially a secure one.
    It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.

    Hit it!

  8. #8
    Junior Member
    Join Date
    Sep 2003
    Posts
    2
    Thanks for all the tips. I have simply closed the two ports in question through the firewall, especially since none of the process viewer apps advised in this thread showed why those ports were open. I have ran a check for trojans, virii and spyware to find nothing on any of my XP machine. I did find trojans on an older WindowsME machine that I never use. That may explain the mystery ports that showed open during the firewall test.

  9. #9
    Member
    Join Date
    Aug 2003
    Posts
    37
    Soggybottom and the group have some excellent information here! l

    Let's not forget that an attacker cannot launch a backdoor from a remote machine unless the attacker already owns the system of course. Check your system for "cleanliness" Many of the backdoor servers use know exploits in internet clients. Make sure you have the latest service packs and security updates as a first line of defense. Firewalls are a must! Shutdown all unecessary services (very important). Another way to block back doors is to prevent inbound access to listening ports commonly used such programs. Monitor outbound firewall access control as well. Asute attackers will configure their servers to communicate over ports like 80 and 25.

    Don't fall for the "nice free programs to remove backdoors" for example..... a BO-removal tool called BoSniffer is itself a trojan itself!


    Here is a list of anti-virus companies. Some include trojan scanners

    http://support.microsoft.com/default...NoWebContent=1

    Welcome to the silent world of control!

    Good luck,


    DarkCarniv0l
    \"The Only Kind Of Good Clown.... Is A Clown Gone Bad\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •