CLOSE ALL PORTS: my firewall is called Seconfig XP

Discussion in 'other software & services' started by PROROOTECT, Sep 8, 2009.

Thread Status:
Not open for further replies.
  1. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    ...

    ... Please wait ... Scanning in progress ...and you have RESULTS of PC Flank Online Advanced Port Scanner: http://www.pcflank.com/scanner1.htm

    'ALL the ports we have scanned are STEALTHED (by a firewall).'

    Well, I closed all ports in the house, I don't like drafts.

    My incomming connections firewall is called: Seconfig XP: http://seconfig.sytes.net/?sv=1.1 Use Memory (Working Set): 0. Period.

    """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

    If you want to test your outgoing connections, download Leak Test from our Steve here: http://www.grc.com/lt/leaktest.htm 25 KB only. Or Shields Up! But outgoing defense is NOT indispensable ...

    """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

    The ports that must remain open for normal use of the Internet (TCP/IP):

    25: SMTP - outgoing E-Mail
    110: POP - incomming E-Mail
    80: HTTP - Web
    21: FTP - File transfer
    53: DNS - Servers names
    119: NNTP - forums
    .. and maybe 6667: IRC - IM



    Stealthy PROROOTECT from Fort Lee, NJ
     
  2. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Trojan TCP/IP PORTS: http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html

    """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

    I closed (deactivated) Windows firewall and Windows Security Center of course; my svchost.exe (this fat) is VERY tiny now ...

    Faster and faster ...


    P.
     
  3. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Hi Pro:D

    is good advice after all a closed port, is a closed port and is what I like to do. Seconfig looks useful but I need some of those ports to open - so what are the presets?

    edit : okay I got it.
     
  4. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    What has svchost.exe got to do with windows firewall or security centre ?
     
  5. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    SVCHOST is the Service Host for a number of services, including the firewall, most LAN services, audio, etc. SVCHOST is like a wrapper or parent service for sub-services. This is why you can see minimum 3 instances of svchost or sometimes 6 or more. When you start a particular service, an instance of svchost.exe will 'host' that service. Some instances host only one service, others host many.

    Open a command prompt, type in "tasklist /svc" and you will see. Open the snap-in for services, go to the windows firewall, and look at it's properties. You will see something like this in ImagePath "C:\WINDOWS\system32\svchost.exe -k netsvcs"

    So, in some cases, svchost is housing the service that is holding a port open.

    Sul.
     
  6. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Well, I have 3 (three) svchost.exe processes.

    My fat svchost.exe today (= without Windows Firewall and Security Center), after restart of PC and some minutes, has now:

    Working Set (= Use Memory): 20.13 MB
    Handles: 1064
    Threads: 45

    (I have also Working Set for explorer.exe: 15.64 MB, and for ProcessHacker.exe: 26.5 MB, and talkative character).

    Sully thank you for your presentation very informative.

    Everybody can even add that, if you want to see cuts of your svchost.exe, this is not difficult:

    * Process Hacker: Right-click on your svchost.exe/Properties/Modules ... et voila!

    * Process Explorer: Right click on svchost.exe/Properties/Services, that's all.

    * SpyDllRemover: on Process Viewer, click on your svchost.exe; you see all Dlls of this process, very easy.

    *ESET SysInspector/Running Processes/Right clickon process/Show All Nodes - and you have all modules in all processes. Very readable.

    All links are on my Signature, please.

    """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

    Seconfig XP PROROOTECTs story: Look on Posts 38 and 41 from 'The Best ... LAST MONTH: July, 2009' thread here: https://www.wilderssecurity.com/showthread.php?t=249467&page=2



    P.
     
  7. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Well I need most of those services to load so processes stay. Nice tools such as WDevSec also good blog.
     
  8. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Yeah! Meriadoc, BreakPE v1.0 from our Seconfig XP site.

    28 KB of BreakPE is able to disarm all malware, rootkits too!

    Lightweight get ...


    P.
     
  9. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Indeed I like BreakPE for its simpleness while strong and safe. Similar technique to other antirootkit I've seen.
     
  10. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    PROROOTECT... i have some questions for you..
    -that i remember you said in another post that after using SECONFIGXP we can disable from services "firewall and security center"..indeed this will make your pc faster..
    -how does BreakPE work?..i have winxp-pro/sp3..how is the test done...
    -i always has a nightmare with adblocking,i used some,,but i think privoxy does a great job it uses port 81118 ..is this ok?..

    AND thanks for sharing your great knowledge
     
  11. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hi acuariano,

    Deceive yourself, I'm not great knowledge that you imagine, far from it! But I do my best to learn more.

    * You have a pop-up from BreakPE: 'BreakPE uses direct access to storage volume of breakable file.'
    It allows you to delete your suspicious file (of your choice) on your HD, any file of any malware.
    You have the link for BreakPE - on thread 'ANTI-ROOTKITS: Good, Safe and Easy ...' Post #17 here: https://www.wilderssecurity.com/showpost.php?p=1540086&postcount=17
    Also: you have 'Seconfig XP' link in my Signature.

    * After disable Windows Firewall and Security Center ( I have WindowsXP SP2 exactly ...), and after 3 reboots of your PC, Use Memory (Working Set) of your fat svchost.exe decrease significantly. And your PC run ... FASTER.

    * For hide your IP, safe and not censored surfing - you have 4 best choices (MY choices) in my Signature, please. You choose.:thumb:


    P.
     
Loading...
Thread Status:
Not open for further replies.