Printable View
Just curious....
Within a Windows environment (98/Me/2000/XP), is there a command that can be run in the consol that can close open ports on my machine?
i.e. if I run netstat -a and see 4380 open and I'm not certain if it's legit - can I manually close that port from a command line?
I'm not sure if there is or not but if you have a firewall it will tell you what ports and services are runing on your box. ;)
Remote_Access_
That's a very good question. I've never even thought about how to close ports manually. I've always used a handy little program called proport that monitors my ports and gives an option of closing them manually. If you're interested you can download it here...
I'd be very interested to see if you can close ports from a command prompt...
I don't know of any way to accomplish what you are talking about - but if your not already, you should be running some sort of Firewall (either hardware or software). Something like Zone Alarm would do fine - that way, the firewall will bring to your attention any programs that are trying to access remote sites or gain access to your machine. Then you'll have the option of blocking that program. But like I said, I don't know of any way to 'manually' close those ports.
AFAIK, no, there is not built-in commands or anything you can do, you have to write/get a program to do it for you, there aren't any Dos commands for it.
What you CAN do is shut down the running program that controls the port, then the port will close. But, if the program won't show up in the control-alt-delete list, then, again, you need a program to intercede for you.
In NT and 2000 there is a function called "IP security" settings (under TCP/IP settings) were you can allow or disallow ports..
This is a real basic packet filter, I have used it to lock down computers but always as a first defence and even if using this port blocking feature I would recomend a firewall.
XP has a simple firewall function aswell, still I would recomend to use better thirdparty softwares as ZA or other personal firewalls.
About to lock down ports manually from the command line!? Nope I have never heard or used such a command.. And it would maybe be a nice feature but I would still recomend a firewall and a good security policy to achive protection.
In Win you cannot close the ports manually yiu have to use some program to close it like a firewall. You can use for example ZoneAlarm but i didn´t like it. If you want to prevent a enter in your computer yu can install BlackIce that show possible intrusion on your computer. To see what kind of ports you can put netstat -an to see what ports have you open. You can search in a seracher port-blocker for close your open ports. Bye :)
The key here is shutting down things you do not need. Just pressing ctrl+alt+delete will not do the trick, because services do not show up there. What you have to do is go to serices under the Administration tools menu or control panel (depending on the windows version) and stop any unnecessary services. If there is a service you need, like NetBIOS if you are doing file sharing on your LAN, then you must look at getting some kind of firewall.
Another suggestion (assuming you have a multiple PC LAN setup) is to install a second NIC. That way you have one ethernet interface with your internal network for file/print sharing and the other one for the internet at large. Unbind everything from the NIC directly connected to your internet connection (ie, cable, dsl, etc...) except for TCP/IP. Of course, if you don't have multiple PCs using a single internet connection, nevermind....
...And naturally, always use a firewall. ;)
HI. I am running win2k PRO, with Blackice server as my firewall, i have tryed a few ideas to try to close some of my open PORTS..... First i set the blackice firewall to "paranoid" to block all incomming connections, but when i run (cmd) "netstat -an" i keep getting ports "listening" and when i am using MORPHEUS people can still connect to download, (i know i can disable file sharing but im just testing the results) Second i tryed to use the IPFiltering feature in "PRO" and filtered all ports but "80" but then again i was still able to use 25 for my mail and 1214 for morpheus and ICQ port. Can anyone clear this issue for me:confused:
well as far as i can see ur wondering why certain programs can go through ur firewall...
well its all about permissions... ur programs seems to have permissions to go through the firewall.. like everyone's else.. i gave permissions to some of my proggy's to go through the wall and i blocked some.. and i have a lock out mode.. where incase something happen i lock my firewall and only the cmd line can go through..
as far as the firewall is concerned those poroggys of urs are allowed to go through since they are yours.. as for morpheus.. once the program is allowed to go though the wall that means ppl can download from ur puter via morpheus..
the firewall is basically like a security guard.. if the proggy has a pass.. then it can go through..if not then go away.. lolz..
There are a couple of things to know about ports.
Firstly Ports 0 - 1024 are 'popular ports' and usually blocked (ftp 21, http 80, telnet 23 etc)
Secondly there are some 'Trojan Ports' like 12345 (net bus) that firewalls block for you.
Thirdly ports 135-139 are Netbios/IP share ports that you should block inbound.
When you surf the net, or get email: You're computer uses ports from 1025 to 65355 (outbound) (While blocking 0-1024 inbound.)
If you look at your netstat list port 80 is the remote computer, and your port is > 1025 and the internal port numbers rise as you keep making connections.
To use ICQ, you must allow port 4000
To use IRC , you must allow port 6667 (and sometimes 113 for identification)
Each IP program has a specific port that it uses (like Morpheus, ICQ, IRC, email, http, etc)
The built in port filtering in 2000 isn't that great. If you have a proper DMZ then this sort of thing wouldn't be a issue.
Even better is if you use a switch in your DMZ which does layer 2 ACL packet filtering, not real stateful packet inspection, but at least you can drop the packets on ports that you don't want to allow
While we are on the subject of ports being open, I have a question for yall. When using NAT with a software firewall on the machine connected to the net. Is this a fairly secure method of preventing intrusion? I asked a few other ppl about his and the responses were about evenn either way. Since most of yall seem fairly knowledgable about security and networks, I thought I would ask here.
so with all this said..
what really is the point of M$ products having a services file?
odd....
~THEJRC~
Quote:
Originally posted by devolved
The built in port filtering in 2000 isn't that great. If you have a proper DMZ then this sort of thing wouldn't be a issue.
Even better is if you use a switch in your DMZ which does layer 2 ACL packet filtering, not real stateful packet inspection, but at least you can drop the packets on ports that you don't want to allow
A switch can't do layer 2 packet filtering. Packet filtering is always done at layer 3 as this is where IP resides. Layer 2 does not even look at the IP address, so it is impossible to filter based on a source IP.
What you can do however with a switch, is block connections on a certain port based on MAC address. Although this would only prevent an unauthorized user from plugging in a different machine to the switch.
Stateful inspection is simply the process of the firewall keeping certain information about a session (state) in a table. When a reply packet is received, it is simply checked against the state table instead of being processed through the rulebase to verify that is a valid response. Stateful inspection is typically done at layer 4 because it keeps information about specific ports.
One more type of filtering, Proxy, is done all the way up at layer 7. Although this is probably the most secure method, it is also the slowest.
NAT in itself is not intended to provide any type of security, but what it does provide is obscurity. A static NAT (one-to-one) does just maps a single public IP to a single private IP, so everything destined for the public address is simply passed to the private network. So this provides nothing for you at all in the context of security.Quote:
Originally posted by Tortured Spirit
While we are on the subject of ports being open, I have a question for yall. When using NAT with a software firewall on the machine connected to the net. Is this a fairly secure method of preventing intrusion? I asked a few other ppl about his and the responses were about evenn either way. Since most of yall seem fairly knowledgable about security and networks, I thought I would ask here.
PAT or hide NAT or whatever else you might call it, hides multiple hosts behind a single IP address and this is where the topic of security and NAT can be arguable. Like I said earlier, NAT in itself does not provide any type of security, but certainly if your source IP is disguised, a hacker would have a little bit more of a difficult time, although definately not impossible.
Hope this helps!!
Understood, with that being said...As long as the gateway machine is firewalled, would it require a bit of work to get thru to a machine on the network?Quote:
Originally posted by iNViCTuS
NAT in itself is not intended to provide any type of security, but what it does provide is obscurity. A static NAT (one-to-one) does just maps a single public IP to a single private IP, so everything destined for the public address is simply passed to the private network. So this provides nothing for you at all in the context of security.
PAT or hide NAT or whatever else you might call it, hides multiple hosts behind a single IP address and this is where the topic of security and NAT can be arguable. Like I said earlier, NAT in itself does not provide any type of security, but certainly if your source IP is disguised, a hacker would have a little bit more of a difficult time, although definately not impossible.
Hope this helps!!
I realize of course that it's not gonna be foolproof but considering that I have very little of inportance on this home-lan should this setup be good enuff to provide basic invisibility from most of the wannabes and script-kiddies out there?
Thanks
The key word here is firewalled. Yes, if you have a firewall at the gateway, then that is probably good enough for a home LAN. But many routers can do NAT without providing any firewall protection. If this is the case, I wouldn't trust just NAT to do the job, even against script kiddies. There are too many automated tools available for anyone to do anything. Especially on a wide open network.Quote:
Originally posted by Tortured Spirit
Understood, with that being said...As long as the gateway machine is firewalled, would it require a bit of work to get thru to a machine on the network?
When I use netstat, the foreign address is port 80, and my port is 1245 which is a known trojan port, does this mean that someone is trying to install a trojan on my computer or that their is already one in there. Is my firewall monitering this port 1245 or is it just monitering the remote computer. I use norton.
I think that you don´t have any trojan if you see the rest of connections to a web pages you will see that they start in ports of the range like 1673 1671 1580, this is in the case of my computer. If you think that you can have a trojan you can try the program named The cleaner from the page http://www.moosoft.com. Bye :)