Seems like you answered all your questions within your post. You definetly have the right idea. I am not going to address your question because you basically answered it. I will tell you how to prevent what you are talking about. You basically want to have as few ports open as possible, and to achieve this you have to figure out what app is opening the port then decide if you need that application running or not. If not, you kill the app, which closes the port. You also want to get a firewall just to be sure that what is getting through is only what you want to get through. For the apps opening ports that you need to have running, you want to go to the their website and be sure there are no patches or updates. netstat -a displays all connections and listening ports in XP. Just be safe.

edit
forgot to post a link: http://www.antionline.com/showthread...ghlight=telnet
this should help you with some questions about telnet. Also, if it is your computer and there are ports open that you don't know how to connect to, that is not a good sign. I think that link provides a pretty good overview of what to do with a lot of ports. But you got it when you said this:
Or... Do you port scan an ip address.. find the open ports, find the program that opens those ports.. And then find a vulerablity in that program.. and... AHH! I don't get it!
You basically would just search for a vulnerablility and either write or find code that exploits it. And if this is possible on your computer, then you need to either switch software if there are no patches or upgrades, or patch it if there are.