netstat-a and closing ports

[ali1]

I see a lot of open ports when i do the netstat-a command on my DOS...this is the result of netstat-a when i was disconnected from the internet today:

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:1 0.0.0.0:0 LISTENING
TCP 0.0.0.0:6670 0.0.0.0:0 LISTENING
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING
TCP 0.0.0.0:23 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2583 0.0.0.0:0 LISTENING
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING
TCP 0.0.0.0:31 0.0.0.0:0 LISTENING
TCP 0.0.0.0:12345 0.0.0.0:0 LISTENING
TCP 0.0.0.0:20034 0.0.0.0:0 LISTENING
TCP 0.0.0.0:31337 0.0.0.0:0 LISTENING
TCP 0.0.0.0:113 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1243 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
UDP 127.0.0.1:1025 *:*
Kindly please tell me how do i disable these ports..I've got Zone Alarm and Protect X and running windows 98..how do i close the services that are usin these ports?As you can see some of the ports are really important ones like 25,23,even 21.So i'm anxious to close them as soon as possible.

[meister]

0.0.0.0 is assigned to your computer if there's not other ip adress assigende (0.0.0.0 'unknown adress') so nobody can connect to your host using ip 0.0.0.0 .
anyway you are using zonealarm. it doesn't matter if this ports are open as soon an app is trying to broadcast something about this port zonealarm will pop-up and ask you wether to alow app xy to access internet using port z.
anyway here are the app's assigned to these ports
http://www.iana.org/assignments/port-numbers
and try google "port portnumber"
some of the ports mentioned also might have trojan apps e.x. port 6670 used by # BackWeb Server
# Deep Throat,# Foreplay,# WinNuke eXtreame

use tools like procview32 under win98 to view all apps running: www.blumentals.net/products/procview.php
also use Startup Monitor to chekc all possible startup location for apps www.mlin.net/StartupMonitor.shtml
finally if necessary use an antivir tool to remove any trojans or use online virusscan housecall.trendmicro.com

this doesn't mean that you necessarily have trojans on your system any app can use any port that is not allready in use...

[ali1]

the address 0.0.0.0 is there because i did the netstat -an thing when i wasnt connected to the internet.Anyways...your post was helpful but i want to close the ports..despite the fact that ZA monitors them,i'm anxious to close them.Could you tell me how do i do that?is there any port disabling tool for Win.98?if your answer is that to simply close the services that are using the ports...then could you tell me how do i find which services are using which ports and how to end those services?I downloaded ProcView but it only lists the processes that are running..doesn't show which ones are using the ports.

[meister]

sorry my error. i use sygate firewall. sygate lists all apps and the ports that are in use. so its easy to close the app using procview.
zonealarm doesn't seem to display the apps and their ports in use (or i can'just find the option to enable this...)

anyway if i do netstat -a i get a whole bunch of open ports. if you quite a few are used by ie an other system services (win2000) other i don't know and don't care cause of the firewall.
anyway if you really want to close the apps using this ports you can either use sygate or Pulist (microsoft 2000 resource kit) i don't know if it works under win98 goto: http://www.microsoft.com/windows2000...g/pulist-o.asp
(at least there is nothing mentioned that it doesn't work...) the tool will show you the process id and you can exit them using procview.

[meister]

ahh, found it ;-)

in zonealarm there are on top of the window little icons for the permanent active apps if you hold your mouse on one of these icons a little tooltip will pop up showing the port the app uses...

[ali1]

thanks man...this was it..ProtectX was listening to the ports...now i wonder if i need to close them..after all its ProtectX man..i reckon because its listening to incoming traffic on these ports the ports are showed as open..so,what do you say?should i close'em?personally i think no but anyways what do u say?

[meister]

protectx is used to detect intruders trying to infiltrate your system. so protectx needs to have some ports open to enable a intruders to connect. if there are no open ports the intruder can't connect and protectx won't be able to log the incident. if you disable the ports it's like not having protectx running only your firewall...