-
October 2nd, 2001, 04:35 PM
#1
Junior Member
Ports
How do I close some malicious ports that are open on my server??
NT4
cheers
Arkaig
-
October 2nd, 2001, 06:29 PM
#2
Senior Member
What ports are they? How are they malicious? Generally speaking you would need to find the program that's running to keep the port open, be it netcat or whatever else. When posting in future try to include a little more detail.
Pete
-
October 2nd, 2001, 08:05 PM
#3
Unless you want to get really-technical and in-the-guts-of-the-sockets, you should either STOP the programs running which are using those ports, or keep them from running in the first place, (E.G.: The start-up section of the Windows Start Menu, or the registry auto-run).
Failing that, firewall, block them. They'll still be open, but you can keep people from getting to them.
[HvC]Terr: L33T Technical Proficiency
-
October 2nd, 2001, 09:42 PM
#4
Junior Member
Thanks
Sorry folks, I was being deliberitely vague for a good reason. It was my SMTP server. As my e-mail address may be visible I didn't want to announce it! if that makes sense? Anyhow, I had a hunt around the registry and removed the offenders. Netbus being one. My firewall is also now blocking the offending ports.
Thanks again
Arkaig
-
October 2nd, 2001, 10:08 PM
#5
Senior Member
I'd still be concerned about that box, its common enough that an entry in the registry is just there to throw the sys admin off the trail, there are plenty of other places to put a back door.
Why wasn't your firewall blocking the ports in the first place - is it not better policy to close all sockets except for the ones you really need as opposed to selectively blocking ports?
-
October 2nd, 2001, 10:13 PM
#6
if someone got netbus on there....there could be more stuff. go here : www.agnitum.com get tauscan and run it to be safe. just my 2 worthless pennies.
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
October 3rd, 2001, 09:24 AM
#7
Junior Member
Thanks again
Thanks again for your input guys. I ran a copy of Retina on the troublesome server after I deleted the offending apps and registry entries and a reboot. I ran it again this morning. All clear. I am not the Firewall or router admin so I can't comment as to why it wasn't done in the first place.
thanks again,
Arkaig
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|