-
September 30th, 2003, 05:48 AM
#1
Junior Member
Open Ports
I have a small home network which I am attempting to secure with a Netgear FVS318 firewall router. I have a total of 3 PC's on the network running Windows ME, Windows XP Home and Windows XP Pro. I am considering adding a Linksys BEFSX41 firewall router after the FVS318 as an added layer of protection. I do not run any software firewalls on any of the machines, all firewall functions are done by the router. The problem is that I am finding unknown open ports. The port numbers are 5870 and 15101. I am seeking assistance in identifying the ports. For the time being, I have blocked them through the router being that I do not know what they are.
-
September 30th, 2003, 05:55 AM
#2
Personally, I see no cause for concern. As you stated, all of your firewall functions are done through your Netgear router; this should be plenty sufficient for a home user.
It may be some sort of auth service running from your router. I couldnt fine much more, but as I stated, there's really no cause for concern.
But, for the extra paranoid, run a scan-through for any trojans that may be binding to the unusually high port numbers. Also, you can use fport, which can map applications to the unusual ports. Get that here: http://www.foundstone.com/index.htm?...desc/fport.htm
Good luck
It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.
Hit it!
-
September 30th, 2003, 06:02 AM
#3
The official list of assigned and well known port numbers, and thier assigned applications, can be found at
http://www.iana.org/assignments/port-numbers
Neither of the ports you mentioned are on that list, which is THE official list. Blocking them would be a good idea.
Government is like fire - a handy servant, but a dangerous master - George Washington
Government is not reason, it is not eloquence - it is force. - George Washington.
Join the UnError community!
-
September 30th, 2003, 11:00 PM
#4
Port and process lists...
Great port lookup web site: http://www.treachery.net/security_tools/ports/
Good list of ports at http://keir.net/portlist.html
FPort is good, as Showtime8000 indicated, but I have had problems with it on XP (at least the Home version).
I know this isn't specifically what you asked about but it might help to check what processes are running here's a few good tools (note: I dont work for or am affiliated with any of these companies):
- PrcView at http://www.prcview.com
- Process Explorer by SysInternals at http://www.sysinternals.com
- PSList by SysInternals at http://www.sysinternals.com
Hope this helps you sleep at night!
-
October 1st, 2003, 01:28 AM
#5
Personally, I dont rely on the iana port listings to determine what is responsible for opening ports on a host. I prefer finding out what application is opening these ports.
For example, if you see port 1433 open on your machine, never assume that mssql is responsible for opening it. What if someone has installed netcat on your machine or a trojan, and configured it to open port 1433?
I use a tool called Active Ports on my WinDoze machine. Its pretty good, it will tell you what application is responsible for each open port. Similiar to the netstat -pa command on linux, but with a pretty interface
SoggyBottom.
[glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]
-
October 1st, 2003, 01:33 AM
#6
Yes, you must still look at which application is actually using these ports. However, the iana list will tell you whether or not they are supposed to be listening on those ports. The list is not a good resource on its own. You must still be aware of why each port on your computer is open. So unless you have changed applications specifically to use different ports, most valid applications will appear on the list.
Government is like fire - a handy servant, but a dangerous master - George Washington
Government is not reason, it is not eloquence - it is force. - George Washington.
Join the UnError community!
-
October 1st, 2003, 01:35 AM
#7
Originally posted here by SoggyBottom
What if someone has installed netcat on your machine or a trojan, and configured it to open port 1433?
Good point, but its very difficult to backdoor through a router, especially a secure one.
It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.
Hit it!
-
October 4th, 2003, 04:04 PM
#8
Junior Member
Thanks for all the tips. I have simply closed the two ports in question through the firewall, especially since none of the process viewer apps advised in this thread showed why those ports were open. I have ran a check for trojans, virii and spyware to find nothing on any of my XP machine. I did find trojans on an older WindowsME machine that I never use. That may explain the mystery ports that showed open during the firewall test.
-
October 4th, 2003, 05:39 PM
#9
Member
Soggybottom and the group have some excellent information here! l
Let's not forget that an attacker cannot launch a backdoor from a remote machine unless the attacker already owns the system of course. Check your system for "cleanliness" Many of the backdoor servers use know exploits in internet clients. Make sure you have the latest service packs and security updates as a first line of defense. Firewalls are a must! Shutdown all unecessary services (very important). Another way to block back doors is to prevent inbound access to listening ports commonly used such programs. Monitor outbound firewall access control as well. Asute attackers will configure their servers to communicate over ports like 80 and 25.
Don't fall for the "nice free programs to remove backdoors" for example..... a BO-removal tool called BoSniffer is itself a trojan itself!
Here is a list of anti-virus companies. Some include trojan scanners
http://support.microsoft.com/default...NoWebContent=1
Welcome to the silent world of control!
Good luck,
DarkCarniv0l
\"The Only Kind Of Good Clown.... Is A Clown Gone Bad\"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|