Why do I have so many ports open?

Discussion in 'other security issues & news' started by pcalvert, May 29, 2006.

Thread Status:
Not open for further replies.
  1. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    237
    I am using Windows 2000 Pro with SP4. Today I followed some tips and was able to close ports 135 and 445. To verify that it worked, I typed "netstat -an" (no quotes) at a command prompt. As you can see, it worked:


    Code:
    Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1027           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1029           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1030           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1031           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1033           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1035           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:44334          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:44501          0.0.0.0:0              LISTENING
  TCP    127.0.0.1:1025         127.0.0.1:44334        ESTABLISHED
  TCP    127.0.0.1:1027         127.0.0.1:1029         ESTABLISHED
  TCP    127.0.0.1:1029         127.0.0.1:1027         ESTABLISHED
  TCP    127.0.0.1:1031         127.0.0.1:44334        ESTABLISHED
  TCP    127.0.0.1:1033         127.0.0.1:1035         ESTABLISHED
  TCP    127.0.0.1:1035         127.0.0.1:1033         ESTABLISHED
  TCP    127.0.0.1:44334        127.0.0.1:1025         ESTABLISHED
  TCP    127.0.0.1:44334        127.0.0.1:1031         ESTABLISHED
  UDP    0.0.0.0:1026           *:*
  UDP    0.0.0.0:1028           *:*
  UDP    0.0.0.0:1032           *:*
  UDP    0.0.0.0:1034           *:*
  UDP    0.0.0.0:44334          *:*

    Yup, ports 135 and 445 aren't showing up any longer. But why is my computer listening on all those other ports? I did the above right after rebooting; I hadn't even opened a web browser or any other software. So I don't understand why so many ports should be open at this point.

    I formerly used Kerio PF 2.1.5, and I remembered that it opens some high ports. So I did some checking, and it looks like Sunbelt Kerio PF 4.x is responsible for opening ports 44334 and 44501; so we can forget about those two. But that leaves seven others that are unaccounted for.

    Phil
     
    pcalvert, May 29, 2006
    #1
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hello Phil,

    I suggest you consider downloading Fport by Foundstone. It will identify unknown open ports and their associated applications. Also....it is not a program you have to install....simply run Fport.exe from a CMD/DOS prompt and it will display the info.

    Regards,
    Bubba
     
    Bubba, May 29, 2006
    #2
  3. tlu

    tlu Guest

    Bubba, I'm not familiar with Fport, but you can also do it with the built-in netstat command. Just type netstat -a -b. For an overview of the available options type netstat -? .

    Another nice free application is TCPView from http://www.sysinternals.com/Utilities/TcpView.html
     
    tlu, May 30, 2006
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...