Why do I have so many ports open?

Discussion in 'other security issues & news' started by pcalvert, May 29, 2006.

Thread Status:
Not open for further replies.
  1. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    203
    I am using Windows 2000 Pro with SP4. Today I followed some tips and was able to close ports 135 and 445. To verify that it worked, I typed "netstat -an" (no quotes) at a command prompt. As you can see, it worked:


    Code:
    Active Connections
    
      Proto  Local Address          Foreign Address        State
      TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING
      TCP    0.0.0.0:1027           0.0.0.0:0              LISTENING
      TCP    0.0.0.0:1029           0.0.0.0:0              LISTENING
      TCP    0.0.0.0:1030           0.0.0.0:0              LISTENING
      TCP    0.0.0.0:1031           0.0.0.0:0              LISTENING
      TCP    0.0.0.0:1033           0.0.0.0:0              LISTENING
      TCP    0.0.0.0:1035           0.0.0.0:0              LISTENING
      TCP    0.0.0.0:44334          0.0.0.0:0              LISTENING
      TCP    0.0.0.0:44501          0.0.0.0:0              LISTENING
      TCP    127.0.0.1:1025         127.0.0.1:44334        ESTABLISHED
      TCP    127.0.0.1:1027         127.0.0.1:1029         ESTABLISHED
      TCP    127.0.0.1:1029         127.0.0.1:1027         ESTABLISHED
      TCP    127.0.0.1:1031         127.0.0.1:44334        ESTABLISHED
      TCP    127.0.0.1:1033         127.0.0.1:1035         ESTABLISHED
      TCP    127.0.0.1:1035         127.0.0.1:1033         ESTABLISHED
      TCP    127.0.0.1:44334        127.0.0.1:1025         ESTABLISHED
      TCP    127.0.0.1:44334        127.0.0.1:1031         ESTABLISHED
      UDP    0.0.0.0:1026           *:*
      UDP    0.0.0.0:1028           *:*
      UDP    0.0.0.0:1032           *:*
      UDP    0.0.0.0:1034           *:*
      UDP    0.0.0.0:44334          *:*

    Yup, ports 135 and 445 aren't showing up any longer. But why is my computer listening on all those other ports? I did the above right after rebooting; I hadn't even opened a web browser or any other software. So I don't understand why so many ports should be open at this point.

    I formerly used Kerio PF 2.1.5, and I remembered that it opens some high ports. So I did some checking, and it looks like Sunbelt Kerio PF 4.x is responsible for opening ports 44334 and 44501; so we can forget about those two. But that leaves seven others that are unaccounted for.

    Phil
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hello Phil,

    I suggest you consider downloading Fport by Foundstone. It will identify unknown open ports and their associated applications. Also....it is not a program you have to install....simply run Fport.exe from a CMD/DOS prompt and it will display the info.

    Regards,
    Bubba
     
  3. tlu

    tlu Guest

    Bubba, I'm not familiar with Fport, but you can also do it with the built-in netstat command. Just type netstat -a -b. For an overview of the available options type netstat -? .

    Another nice free application is TCPView from http://www.sysinternals.com/Utilities/TcpView.html
     
Loading...
Thread Status:
Not open for further replies.