CLOSE ALL PORTS: my firewall is called Seconfig XP

...

... Please wait ... Scanning in progress ...and you have RESULTS of PC Flank Online Advanced Port Scanner: http://www.pcflank.com/scanner1.htm

'ALL the ports we have scanned are STEALTHED (by a firewall).'

Well, I closed all ports in the house, I don't like drafts.

My incomming connections firewall is called: Seconfig XP: http://seconfig.sytes.net/?sv=1.1 Use Memory (Working Set): 0. Period.

""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

If you want to test your outgoing connections, download Leak Test from our Steve here: http://www.grc.com/lt/leaktest.htm 25 KB only. Or Shields Up! But outgoing defense is NOT indispensable ...

""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

The ports that must remain open for normal use of the Internet (TCP/IP):

25: SMTP - outgoing E-Mail
110: POP - incomming E-Mail
80: HTTP - Web
21: FTP - File transfer
53: DNS - Servers names
119: NNTP - forums
.. and maybe 6667: IRC - IM



Stealthy PROROOTECT from Fort Lee, NJ

 

Trojan TCP/IP PORTS: http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html

""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

I closed (deactivated) Windows firewall and Windows Security Center of course; my svchost.exe (this fat) is VERY tiny now ...

Faster and faster ...


P.

 

Hi Pro

is good advice after all a closed port, is a closed port and is what I like to do. Seconfig looks useful but I need some of those ports to open - so what are the presets?

edit : okay I got it.

 

What has svchost.exe got to do with windows firewall or security centre ?

 

SVCHOST is the Service Host for a number of services, including the firewall, most LAN services, audio, etc. SVCHOST is like a wrapper or parent service for sub-services. This is why you can see minimum 3 instances of svchost or sometimes 6 or more. When you start a particular service, an instance of svchost.exe will 'host' that service. Some instances host only one service, others host many.

Open a command prompt, type in "tasklist /svc" and you will see. Open the snap-in for services, go to the windows firewall, and look at it's properties. You will see something like this in ImagePath "C:\WINDOWS\system32\svchost.exe -k netsvcs"

So, in some cases, svchost is housing the service that is holding a port open.

Sul.

 

Well, I have 3 (three) svchost.exe processes.

My fat svchost.exe today (= without Windows Firewall and Security Center), after restart of PC and some minutes, has now:

Working Set (= Use Memory): 20.13 MB
Handles: 1064
Threads: 45

(I have also Working Set for explorer.exe: 15.64 MB, and for ProcessHacker.exe: 26.5 MB, and talkative character).

Sully thank you for your presentation very informative.

Everybody can even add that, if you want to see cuts of your svchost.exe, this is not difficult:

* Process Hacker: Right-click on your svchost.exe/Properties/Modules ... et voila!

* Process Explorer: Right click on svchost.exe/Properties/Services, that's all.

* SpyDllRemover: on Process Viewer, click on your svchost.exe; you see all Dlls of this process, very easy.

*ESET SysInspector/Running Processes/Right clickon process/Show All Nodes - and you have all modules in all processes. Very readable.

All links are on my Signature, please.

""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

Seconfig XP PROROOTECTs story: Look on Posts 38 and 41 from 'The Best ... LAST MONTH: July, 2009' thread here: https://www.wilderssecurity.com/showthread.php?t=249467&page=2



P.

 

Well I need most of those services to load so processes stay. Nice tools such as WDevSec also good blog.

 

Yeah! Meriadoc, BreakPE v1.0 from our Seconfig XP site.

28 KB of BreakPE is able to disarm all malware, rootkits too!

Lightweight get ...


P.

 

Indeed I like BreakPE for its simpleness while strong and safe. Similar technique to other antirootkit I've seen.

 

PROROOTECT... i have some questions for you..
-that i remember you said in another post that after using SECONFIGXP we can disable from services "firewall and security center"..indeed this will make your pc faster..
-how does BreakPE work?..i have winxp-pro/sp3..how is the test done...
-i always has a nightmare with adblocking,i used some,,but i think privoxy does a great job it uses port 81118 ..is this ok?..

AND thanks for sharing your great knowledge

 

Hi acuariano,

Deceive yourself, I'm not great knowledge that you imagine, far from it! But I do my best to learn more.

* You have a pop-up from BreakPE: 'BreakPE uses direct access to storage volume of breakable file.'
It allows you to delete your suspicious file (of your choice) on your HD, any file of any malware.
You have the link for BreakPE - on thread 'ANTI-ROOTKITS: Good, Safe and Easy ...' Post #17 here: https://www.wilderssecurity.com/showpost.php?p=1540086&postcount=17
Also: you have 'Seconfig XP' link in my Signature.

* After disable Windows Firewall and Security Center ( I have WindowsXP SP2 exactly ...), and after 3 reboots of your PC, Use Memory (Working Set) of your fat svchost.exe decrease significantly. And your PC run ... FASTER.

* For hide your IP, safe and not censored surfing - you have 4 best choices (MY choices) in my Signature, please. You choose.


P.