Windows 7 Open Ports

Discussion in 'other security issues & news' started by arran, Jun 25, 2011.

Thread Status:
Not open for further replies.
  1. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Good Grief, just installed windows 7 Ultimate for the first time. And I can't believe how many open ports there are, this can be quite hazardous for someone who isn't sitting behind a Router with Nat firewall with all these ports flapping their doors open. We had a good list of hardening tools for XP like here
    for example. http://www.malwarehelp.org/windows_hardening_tools_download.html

    but does anyone know of any hardening tools for W7?
     

    Attached Files:

    • p3.jpg
      p3.jpg
      File size:
      112.6 KB
      Views:
      4,411
    • p4.jpg
      p4.jpg
      File size:
      67.7 KB
      Views:
      4,317
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    My ports are trimmed down nicely IMO.
    crports_win7.jpg

    Sul.
     
  3. korben

    korben Registered Member

    Joined:
    Nov 5, 2009
    Posts:
    740
    ^the image is tad small, Sul.
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  5. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
  6. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139

    Attached Files:

    • p5.jpg
      p5.jpg
      File size:
      65.1 KB
      Views:
      3,676
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    The download states it's Windows 7 suitable, but I haven't tried it myself.
     
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ arran

    Yes, Shocking :eek:

    "Funny" how each windows release seems to open even more than before as default ! Now why would they do that when there is NO obvious need ?
     
  9. Dude111

    Dude111 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    212
    If its possible on Win7 YOU SHOULD REALLY STEALTH ALL YOUR PORTS!! (Dont have any open)

    Im on 98se and ALL MY PORTS ARE STEALTHED..... (Best way)
     
  10. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    Wow Windows 98SE. You are braver than I am. :eek:
     
  11. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    It does appear on each new version of Windows that they're making it harder to reduce the attack surface. It was easy to close all the ports on all versions of 98. Wasn't that hard on Win 2000. On XP, it's harder but still can be done without causing any big problems. Has anyone managed to close them all on Win7 by system configuration only?

    Controlling unsolicited inbound traffic is basic security 101. Any OS that doesn't allow this is vulnerable, no matter what else they've done. There's no excuse for 30+ open ports when there's no need for them. It literally appears that Win7 was made to be accessible from the net, whether the user wants it that way or not. Is this the result of the help they got from the NSA?
     
  12. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    It almost seems like they did it on purpose. It is amazing at all the services that are on by default that really shouldn't be unless you have a good reason. We could get into tin foil hat area with it. Most average joe computer users have no clue how to turn them off or stealth ports.
     
  13. Dude111

    Dude111 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    212
    Ya i have loved 98se since i first started using it :)

    I started using Windows with 95 and it was OK but 98se is even better :)
     
  14. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    I have an old computer with Windows 98se on it and a Voodoo graphics card (remember those?) just so I can play Carnivores 2. :cool:
     
  15. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    Love that game, lol:D
     
  16. Yakuman

    Yakuman Registered Member

    Joined:
    Aug 5, 2008
    Posts:
    75
    I'm down to the same ports - is it impossible to close them off without shutting down vital services? Back on XP I was able to close off all of them...

    edit: what I meant was although these ports are blocked by my firewall, these appear to be local listening connections. In that case is it possible to prevent them from even establishing in the first place?
     
  17. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I'm also a 98SE user. Although this PC is dual boot 98SE and XP-Pro, most of the time 98 is running. I very much enjoy the simplicity, lightness, and the small attack surface that's so easy to protect.
    Whenever an application or service is listening for incoming connections, the OS has an open port. The only way to truly close the port is to shut down that service or application. A firewall blocks access to those open ports. IMO, using a firewall to block open ports is a band-aid approach. If malware (or a system update) shuts down your firewall, you are vulnerable. On XP for instance, SP3 will shut down 3rd party firewalls during the install process.
    It obvious that Microsoft didn't learn anything from Slammer, and what can happen to systems with open, vulnerable ports. IMO, it's wishful thinking to believe that it couldn't happen again with all the open ports on Win-7.

    Regarding "tin foil hat area", when I look at this example, then combine that with the changes I've seen in Windows since the 9X systems, I'm finding it hard to come to any other conclusion. It's become so much harder to control and to close down the attack surface. Compared to earlier systems, the user/administrator has far less ability to access key areas of the system. It keeps so many usage records. It calls home, supposedly to make sure you haven't stolen it or abused the license. AFAIC, it's becoming spyware disguised as an operating system. I find it very difficult to trust software (or an OS) from a company that doesn't trust its customers. It makes no sense that they supposedly got help from the NSA with securing this OS, then left so many open entry points on it. There's too many contradictions for me to see this any other way. IMO, it comes down to one simple issue. If you don't have the final say over what is and isn't allowed to run on your system, including the services, and control over who or what can access your system from the outside, it's not secure. Everything I see says it's no longer possible to achieve this control on Windows 7.
     
  18. Dude111

    Dude111 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    212
    Excellent,one of the best :)
     
  19. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    It might seem shocking at first to see all of these open ports, but how many of these ports are actually open to the Internet? And how many of these ports are open to your other computers behind your router?

    To test the latter, use a port scanner such as PortScan to scan all of the 65000+ ports of the (internal) IP address of your other computer. My results: one open port - port 5357. And this port is only open because I'm using the Windows Firewall network location Home or Work. If I had used the network location of Public instead, port 5357 wouldn't have been open. See Choosing a network location for more information on network locations.

    To test if any of these ports are open to the Internet, separately test each "Listening" port from CurrPorts (or the list of open ports produced with PortScan when scanning your own (internal) IP address) with ShieldsUP or a similar web service. My results: no ports open to the Internet. I got the same results without a router as with a router.

    My Windows 7 computers' services haven't been tweaked much from Microsoft's installation defaults. I did disable two services - Remote Registry and Windows Media Player Network Sharing Service. Remote Desktop and Remote assistance are disabled (I don't remember if these are the default settings).
     
    Last edited: Oct 14, 2011
  20. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Out of curiosity, I tested which ports are open to the Internet with software firewall disabled and also no router.

    Results:
    135 - stealth
    139 - stealth
    445 - stealth
    5357 - open
    49152 - open
    49153 - open
    49154 - open
    49155 - open
    49156 - open
    49157 - closed
    61412 - open
     
  21. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Could this be due to the ISP blocking?

    regards,

    -rich
     
  22. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,785
    Rmus, yes, that very well could be. That was exactly the case years ago when I did some testing without a firewall or router.
     
  23. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Could be. Or maybe Windows 7 itself does it?
     
  24. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,785
    It's probably the ISP. At the time I was using Win2k and got the exact same results (same ports). I concluded it was the ISP. Apparently some ISPs block/stealth those ports and some don't.
     
  25. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
Loading...
Thread Status:
Not open for further replies.