|
-
April 9th, 2007, 02:53 PM
#1
Netstat and open ports
Hi everyone
I have XP Pro SP2 which is fully updated, connected to ADSL via a router. I read an old thread (about 18 months old) on another forum about person X doing a port scan, finding ports 139 and 445 open and then getting into the remote computer to see what was there. He said that there wasn't anything "interesting" and it hadn't been worth the effort. I'm not asking about how he managed to get into the other PC (I know that I'd get some terse comments!) but I'd like to know about checking open ports and closing them. I ran netstat -a and received the following output:
Active Connections
Proto Local Address Foreign Address State
TCP ComputerName:echo ComputerName:0 LISTENING
TCP ComputerName:discard ComputerName:0 LISTENING
TCP ComputerName:daytime ComputerName:0 LISTENING
TCP ComputerName:qotd ComputerName:0 LISTENING
TCP ComputerName:chargen ComputerName:0 LISTENING
TCP ComputerName:epmap ComputerName:0 LISTENING
TCP ComputerName:microsoft-ds ComputerName:0 LISTENING
TCP ComputerName:1045 ComputerName:0 LISTENING
TCP ComputerName:1899 localhost:1898 TIME_WAIT
TCP ComputerName:netbios-ssn ComputerName:0 LISTENING
TCP ComputerName:echo ComputerName:0 LISTENING 0
TCP ComputerName:discard ComputerName:0 LISTENING 0
TCP ComputerName:daytime ComputerName:0 LISTENING 0
TCP ComputerName:qotd ComputerName:0 LISTENING 0
TCP ComputerName:chargen ComputerName:0 LISTENING 0
TCP ComputerName:epmap ComputerName:0 LISTENING 0
UDP ComputerName:echo *:*
UDP ComputerName:discard *:*
UDP ComputerName:daytime *:*
UDP ComputerName:qotd *:*
UDP ComputerName:chargen *:*
UDP ComputerName:snmp *:*
UDP ComputerName:microsoft-ds *:*
UDP ComputerName:isakmp *:*
UDP ComputerName:1025 *:*
UDP ComputerName:1052 *:*
UDP ComputerName:1062 *:*
UDP ComputerName:1234 *:*
UDP ComputerName:1604 *:*
UDP ComputerName:3544 *:*
UDP ComputerName:4500 *:*
UDP ComputerName:ntp *:*
UDP ComputerName:1090 *:*
UDP ComputerName:1900 *:*
UDP ComputerName:ntp *:*
UDP ComputerName:netbios-ns *:*
UDP ComputerName:netbios-dgm *:*
UDP ComputerName:router *:*
UDP ComputerName:1601 *:*
UDP ComputerName:1900 *:*
UDP ComputerName:47393 *:*
UDP ComputerName:echo *:*
UDP ComputerName:discard *:*
UDP ComputerName:daytime *:*
UDP ComputerName:qotd *:*
UDP ComputerName:chargen *:*
whilst netstat -a -n gave me this:
Proto Local Address Foreign Address State
TCP 0.0.0.0:7 0.0.0.0:0 LISTENING
TCP 0.0.0.0:9 0.0.0.0:0 LISTENING
TCP 0.0.0.0:13 0.0.0.0:0 LISTENING
TCP 0.0.0.0:17 0.0.0.0:0 LISTENING
TCP 0.0.0.0:19 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1045 0.0.0.0:0 LISTENING
TCP 192.168.0.2:139 0.0.0.0:0 LISTENING
TCP [::]:7 [::]:0 LISTENING 0
TCP [::]:9 [::]:0 LISTENING 0
TCP [::]:13 [::]:0 LISTENING 0
TCP [::]:17 [::]:0 LISTENING 0
TCP [::]:19 [::]:0 LISTENING 0
TCP [::]:135 [::]:0 LISTENING 0
UDP 0.0.0.0:7 *:*
UDP 0.0.0.0:9 *:*
UDP 0.0.0.0:13 *:*
UDP 0.0.0.0:17 *:*
UDP 0.0.0.0:19 *:*
UDP 0.0.0.0:161 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1025 *:*
UDP 0.0.0.0:1052 *:*
UDP 0.0.0.0:1062 *:*
UDP 0.0.0.0:1234 *:*
UDP 0.0.0.0:1604 *:*
UDP 0.0.0.0:3544 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1090 *:*
UDP 127.0.0.1:1900 *:*
UDP 192.168.0.2:123 *:*
UDP 192.168.0.2:137 *:*
UDP 192.168.0.2:138 *:*
UDP 192.168.0.2:520 *:*
UDP 192.168.0.2:1601 *:*
UDP 192.168.0.2:1900 *:*
UDP 192.168.0.2:46085 *:*
UDP [::]:7 *:*
UDP [::]:9 *:*
UDP [::]:13 *:*
UDP [::]:17 *:*
UDP [::]:19 *:*
I have a few questions:
firstly, my port 445 seems to be open so do I need to worry or do anything about it?
second, I had Outlook open when I ran the netstat commands. As far as I know, it uses SMTP and POP3 so why aren't ports 25 and 110 mentioned as being open or "listening"; and
finally, what exactly do the entries such as "ComputerName:discard" and "ComputerName:chargen" mean in the first listing? They "map" directly to 0.0.0.0:9 and 0.0.0.0:19 in the second.
Sorry that this has been such a long post and the nicely tabbed netstat output hasn't been retained. I looked for tags to enclose the netstat outputs but couldn't find any.
Thanks for your time (and patience!).
Similar Threads
-
By Irongeek in forum AntiOnline's General Chit Chat
Replies: 7
Last Post: August 9th, 2004, 10:48 PM
-
By gore in forum Operating Systems
Replies: 3
Last Post: March 7th, 2004, 08:02 AM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote