I had a friend scan me. And I found the following ports open TCP 135 412 25 110 143 366 465 993 995 Please advise, Worried.
Previous Post By JayK: "In fact, except for a few moderators etc. it would be laugable to call anyone here a "Security expert". Knowing how to use anti-virus, configure simple firewall rules , an expert one does not make. 3) There are a lot of senior members who might be very knowledgable about security products by the virtue of trying almost everything, but they actually understand very little about the fundamental security principles and what the products they use really do, or how they do it. ********************************************* JAY I sincerely wish you the very best in locating you port problem. Unfortunately, I am not a security expert so can't offer you any suggestions.......
Well snowy, i consider you an expert. After all, for someone who is a guest, you sure post a lot.I'm guessin you are some mysterious expert, unwilling to reveal yourself. Or there is some past history I'm not aware of ? Or perhaps there are a dozen people who like the guest name snowy....
Hey Jack, would a decent FW prevent the mail related ports from showing open? the last time i tried a firewall (no idea if it's decent) it still showed port 110 open. Is there anyway to use a mailserver and still keep them closed ? I would think not, but I would be happy to learn how to set the firewall rules to set it up. Also What do you make of TCP 412?
JayK Can you refresh our memories on what specific OS you are using? It really helps to know that as a starting point... Also, can you trace the questionable ports back to the specific program that is holding them open (i.e. listening)? That is key to moving forward with your question. LowWaterMark
Jay by no means am I an expert...not my desire or intent...but my ports are closed... an yupper I do post alot.....hope you can find the post at least laughable.....as I am laughing right now..... history...lets hope with those open ports you remain on the internet long enough to make a minor dent in history.... Jay do you notice I am not blinking
Administration and Mods its fairly obvious the direction this is leading....so in common respect for you folks I'll ignor any further comments
If you're running XP or W2K then there are probably lots of unnecessary services running on your machine which hold those ports open. There's a site...blackhawk or something similar (can't remember right now but I'm sure someone will chip in with the correct URL) which can advise you which services to permanently shut down. HTH
Howdy As much as I remember the rules: 1. get a decent firewall 2. get M$ security patches available 3. terminate all unnecessary applications running 4. online scan all your 65535 ports [ as well use local scanner if you found free one on net to copy, I do not give any links ] 5. Make sure any of your applications has not server rights If any of your 65535 ports appears being open, there is always a reason why, for example backport server or related. Did I forget something ? That is the particular reason we people are here at wilders JayK. We had to learn some basic rules. ~Ari~
Hello, :412 is synoptics-trap Trap Convention Port. I don't know what it's used for but it is also blocked with a FW. I am running a personal SMTP server on an exotic port, and of course it appears blocked from outside the LAN. If your are running a POP server and you don't want to serve as an open relay for spammers, just allow this application for the trustfull addresses of your LAN on the needed ports and if your rule bellow is deny you will get a closed respons from outside the LAN. If the rule is reject, you 'll get stealth. Rgds,
JACK 412 trap convention port = Remote MT Protocol While not absolutely certain..that may also be used by a trojan named: (BACKAGE) as a precaution Jay may want to consider scanning with a scanner of his choice.......you are best to advise
JACK good news.....trojan BACKAGE uses ports 411., 334 and 5333..........there are a few versions on this trojan
27/1 12:44:44 [PortRef] 412: SYNOPTICS-TRAP - Trap Convention Port, Direct Connect Peer-2-Peer File Sharing
Hi Snowy/Krusty/Jack/JayK: edit: hello also checkout, missed you How are you this fine day? [Sorry JayK about being cheerful, it's a Public Hol here in Oz, Australia Day] I hope JayK you can sort out Port Open problems and since I am also not a security expert I will leave offering advice to others. However Krusty mentioned scanning all 65,000+ ports. I have a nice site which breaks them up in groups and it works great. I have taken this little oddessy myself and it does take a while but the beauty of this site is you can scan so many then come back if out of time and continue with the next group. Also you can scan just individual ones if you like separated with commas, so JayK I can give you a small piece of advice after all, select those ports that are open and maybe confirm with another test. http://www.auditmypc.com/freescan/main.asp?S=2066 Cheers, TAS
Controller, here are those sites for tweaking Services. [BlackViper you were thinking of?] Thomas McGuire's Tweak Win2000 Services Guide [this one is excellent, laid out in one page, very easy to understand, look at this first as it's similar to XP with Services]: http://www.techspot.com/tweaks/win2k_services/print.shtml Thomas McGuire's Tweak XP Services Guide [this one is by same guy, but from within another site, and you have to keep going to "Next Page", but still laid out comprehensively]: http://www.techspot.com/tweaks/winxp_services/index.shtml BlackViper's Services Tweaks: http://blackviper.com/
Well Krusty, thanks, but I do know all the basics you mentioned above. I'm looking for more specific help . As for applications having "Server rights" I'm not sure what that means, though it sounds like a ZA term? I've never seen that in Kerio or another firewall.
Thanks to all for helping. To Lowwatermark I'm running a LAN working through ICS. The main computer (win2K) that acts as the internet gateway. The use of ICS totally complicates things compared to a single stand alone, so my problems are perhaps a little unusual. I've "mapped the ports" and accounted for 25 110 143 366 465 993 995 Those are basically held open by a email server. Not too bad, but not too good either. Currently it is not set as an open relay. I think since we can't figure out how to use the other exortic SSL email stuff we are only using 25 and 110, so I'm going to close down the rest just to be safe. After some googling I figured that 412 had something to do with Kazza or emule, and i checked, on another computer in the LAN, one computer was port forwarding to TCP 412 for emule use. Admittedly I'm not very familar (lol) with port forwarding, so it's more research time. Hello as you can see , I don't really understand the difference between SMTP and POP servers. Hmm. I guess I was mislead. Someone advised me that the SMTP server must always be open. At least you wanted to receive mail. If it appears blocked from outside the LAN, how do you receive SMTP Mail? As mentioned before the POP server application itself has an option to accept relays from only certain ip ranges. I have set it to allow only local LAN addresses, I did a check it's not an open relay. It still appears open to the world though?? I'll add a firewall and see what happens. Thanks all for the help again. I must be an idiot to have so many ports open , while all the senior members and even newbies here manages to keep all their ports stealthed. without even knowing what TCP/IP is.. I guess I must blame my complicated system which is not the atypical stand alone machine that runs no servers and is directly connected to the net. Mine has a email server, a ICS NAT, port forwarding and what not, it sure confused the heck out of me. Add to the fact that, 2 other people on the network are doing all kinds of weird stuff that you don't typically see on computers (at least for someone like me), so I'm trying to keep up. Well at least I lead a mroe exciting life, than when I had a standalone directly connected to the net.
Hi JayK The terminology different vendors use does add to the confusion at times. "Server rights" is a term used by ZA and simply means allowing the application to hold open a local service/port (listen) and permit "Inbound" communication to the application given server rights. Other rule based firewalls, such as Kerio, accomplish the same thing with a rule permitting "Inbound" traffic for a specific local service/port and server application. Regards, CrazyM
ZA has the option for server rights both locally and on the internet. So you can have the port held open on the internet also (not just locally) if the app requires it. The apps I use, for example, don't require server rights of any kind. So it's not a standard configuration but used only if the app requires server rights in order to perform its function.
Are you running a firewall on the gateway system? Are you running firewalls on the systems behind the gateway? If not, you might want to consider doing so as that would allow you more control over what is permitted to the different systems in your unique set up. Your decision to limit the forwarded ports to only those actually being used is a good one. Check the settings on the server to see if it is still listening on any of the others. You may have to disable those so it is only listening/using the services you want it to. Can/have you restricted the forwarding of that port to that one system? Unfortunately running a server requires the server to listen/hold open the appropriate service/port. The only way for it not to show open to the world would be if you could restrict access to it to certain remote IP's. Your use of the server and needs will determine if this is an option. If you have to leave the server open to the Internet, ensuring it is up to date, patched and configured properly is essential. Regards, CrazyM
Try visiting this url http://www.auditmypc.com/freescan/portsearch.asp?do=mje2002 and enter the port or ports you're looking for.
