Results 1 to 10 of 10

Thread: Need to Open Ports (help?)

  1. #1

    Need to Open Ports (help?)

    Hey all - I need to pry open all my ports on my WinXP Pro boxes.. I'm writing an analysis paper on BO2K (I'll share afterward!) and want to watch how it works, etc., in real time across the network.

    (Don't worry, I'm on my own LAN at home, not connected to the wild, wild Internet)

    I've got my firewall down, but every scanner I use says my ports are closed (except for the usual 137-139, 443 and 5000). Am I missing something here? I just need to bare my TCP and UDP ports to my network for a short while.

    Any suggestions much appreciated..

    l00p

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    Ports will come into use as required by services, you don`t just allow them to be open and then see what happens. For example if you fire up a web server it will listen on Port 80, so port 80 will be picked up by a port scan, switch the web server off and port 80 is not longer in use. So in the case of BO2k whatever port you tell it to listen on is the port that will then be open to connections. Your computer in default mode does not just sit there with 65535 ports open.
    Quis custodiet ipsos custodes

  3. #3
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    Your ports are closed because you have no services (programs) running that listen on those ports. If your firewall were on, most scans would say "filtered" or "firewalled" or something to that tune. For example, if you were running a webserver on port 80, that port would show up as open. Otherwise, it would show up as closed, since nothing is listening on that port.
    Cheers,
    cgkanchi

    EDIT: Damn, you guys are fast!
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    Also, isn`t it a little late to write an analysis paper on BO2k?
    Quis custodiet ipsos custodes

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    a port isnt open until a device is using it (opens it). if you run a network app you'll find another port is open on your next scan.

    (lately you really have to be fast....kinda like the old days :-) )
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Ya'll are awesome - thanks - four replies in 5 minutes. I didn't realize the method of opening/closing ports, but you've cleared it up.

    And yes, it's very late to write a paper on BO2K, but I don't really have the choice. My information warfare professor (I'm a grad student) picked a handful of "tools" for us to analyze, and most likely picked ones with a decent body of research/info on them..

    Thanks again,

    l00p

  7. #7
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397

    Lightbulb Here's an Idea!

    Just out of curiosity, how much time do you have to write the paper? If you have the time, and the resources, why not install Windows without any Service Packs or other defense mechanisms and install HoneyD on it and put snort on another box to sniff the traffic. You could use a one-way patch cable for the sniffer and set the NIC to operate in promiscuous mode.

    Just put the HoneyD box on the internet and watch what happens. It will be a lot more fun, as you'll actually be able to watch an attack develop in the wild, which is all the more interesting than doing it yourself. Given the popularity of tools like BO and Sub7 with the kiddies, It won't take long before the kiddies eat it up with trojans of all sorts. Just keep an eye on it.

    I built one and put it on the DMZ at work. It took exactly 38 seconds from the time it went live to the time a kiddie put a trojan on it (and by coincidence, it was BO)!

    When you begin to write the paper, you'll have a wealth of information to work with. Also, you could get together with some of your classmates and share the information gathered by your honeypot between you, you know...pool resources and the like. (Because it's highly likely that most all of the popular tojans will be used against it)

    Then after you write the papers, get with your professor and see if all the parties involved could get together and give a presentation to the rest of the class on what you observed and even have a classroom discussion.

    If the idea interests you, you can get more info and a copy of HoneyD from The Honeynet Project . Another good resource are Lance Spitzner's whitepapers on the subject.

    Good luck with your paper, and however you choose to go about your research project...have fun, and most of all...learn!

    BTW: You wouldn't happen to be going to CMU, would you? Just curious.

  8. #8
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    You could run netcat and have it listening on every single port but not actually doing anything....Then all the ports would show up as open.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  9. #9
    CMU? Uhh.. yeah. I've got a feeling I may have met you?

    The HoneyD idea is a great one, but I can't make time for it this time around. Paper is due Thursday, and although I'd be fascinated in seeing the attacks happen in real time, it won't net me much overall with this particular paper. The majority of it concerns policies and strategies we can use to defend against this sort of thing, but I'm really interested in looking under the hood.

    You have given me an excellent idea, though. I'm reading the "Know Your Enemy" book by the Honeynet Project, and I've wondered if I could collect some data such as that, too. Being careful enough, it would make for an excellent excersize.

    l00p

  10. #10
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Probably not...just been there and done that, that's all!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •