Results 1 to 7 of 7

Thread: Ports

  1. #1
    Junior Member
    Join Date
    Oct 2001
    Posts
    3

    Ports

    How do I close some malicious ports that are open on my server??

    NT4

    cheers

    Arkaig

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    412
    What ports are they? How are they malicious? Generally speaking you would need to find the program that's running to keep the port open, be it netcat or whatever else. When posting in future try to include a little more detail.
    Pete

  3. #3
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    Unless you want to get really-technical and in-the-guts-of-the-sockets, you should either STOP the programs running which are using those ports, or keep them from running in the first place, (E.G.: The start-up section of the Windows Start Menu, or the registry auto-run).

    Failing that, firewall, block them. They'll still be open, but you can keep people from getting to them.
    [HvC]Terr: L33T Technical Proficiency

  4. #4
    Junior Member
    Join Date
    Oct 2001
    Posts
    3

    Talking Thanks

    Sorry folks, I was being deliberitely vague for a good reason. It was my SMTP server. As my e-mail address may be visible I didn't want to announce it! if that makes sense? Anyhow, I had a hunt around the registry and removed the offenders. Netbus being one. My firewall is also now blocking the offending ports.

    Thanks again

    Arkaig

  5. #5
    Senior Member
    Join Date
    Sep 2001
    Posts
    412
    I'd still be concerned about that box, its common enough that an entry in the registry is just there to throw the sys admin off the trail, there are plenty of other places to put a back door.
    Why wasn't your firewall blocking the ports in the first place - is it not better policy to close all sockets except for the ones you really need as opposed to selectively blocking ports?

  6. #6
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    if someone got netbus on there....there could be more stuff. go here : www.agnitum.com get tauscan and run it to be safe. just my 2 worthless pennies.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  7. #7
    Junior Member
    Join Date
    Oct 2001
    Posts
    3

    Thanks again

    Thanks again for your input guys. I ran a copy of Retina on the troublesome server after I deleted the offending apps and registry entries and a reboot. I ran it again this morning. All clear. I am not the Firewall or router admin so I can't comment as to why it wasn't done in the first place.

    thanks again,

    Arkaig

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •