?
Solved

ports listening

Posted on 2003-02-27
6
Medium Priority
?
278 Views
Last Modified: 2010-04-13
Hello guys,
I got nailed by someone with firedeamon and a trojan. I have run netstat /an to see what ports are doing what but I am not a Guru in this area. What am I looking for that is bad? It does show that there are a bunch of ports listening. Can this be stopped? Which ones need to be listening?
Thanks a million
0
Comment
Question by:Premiernc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 1

Author Comment

by:Premiernc
ID: 8034516
By the way, I am using win2k sp3. This is also my domain controller, running AD and DHCP and DNS.
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 8035451
You can control which ports are listening in a couple of ways. One would be to stop the services that are using these ports (ex. stop IIS to stop listening on tcp 80). You can also use filtering in the 'Options' tab of the advanced TCP/IP properties. This will not stop the services from listening to the port, but it will stop your computer from allowing a connection on a given port. As far as which ports you *need* - this depends on what you're trying to do. I would look up the ports you are currently listening on isiomthink you will need based on the link below, then disable all but those ports and test.
You'll need port 53 for DNS, port 67 for DHCP, plus 137,138,139 for


http://www.iana.org/assignments/port-numbers
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 8035491
You can control which ports are listening in a couple of ways. One would be to stop the services that are using these ports (ex. stop IIS to stop listening on tcp 80). You can also use filtering in the 'Options' tab of the advanced TCP/IP properties. This will not stop the services from listening to the port, but it will stop your computer from allowing a connection on a given port. As far as which ports you *need* - this depends on what you're trying to do. I would look up the ports you are currently listening on using the link below, then disable the ones you don't think you need, and test.
You'll at least need port 53 for DNS, port 67 for DHCP, plus 137,138,139 for NetBIOS services, probably 389 for LDAP, 1512 if you use WINS, 42 for WINS replication...and on it goes.

http://www.iana.org/assignments/port-numbers

Here's another link to help in this regards. It discusses which firewall ports AC uses for replications.
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/ittasks/tasks/adrepfir.asp

HTH,
JP
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 1

Accepted Solution

by:
donnyr10 earned 400 total points
ID: 8035950
This link  is an excellent resource

SWEET !!!!!!!!!!!

http://www.robertgraham.com/pubs/firewall-seen.html

Also use Fport
fport reports all open TCP/IP and UDP ports and maps them to the owning application

http://www.foundstone.com/knowledge/proddesc/fport.html

Keep these links handy
They are very very good..

Hope this helps you out buddy

Take Care
./Donny
0
 
LVL 8

Expert Comment

by:netmage
ID: 8038076
Without having to go into the depths of getting a full understanding of how ip ports are used and which ones you need, You could use the zonelabs zonealarm to monitor all your ip traffic.

Simply, just lets its wizard annoy you to block or allow ip traffic but don;t allow permanent blocks until you sort out what ip resources you need and block the rest.



0
 
LVL 1

Author Comment

by:Premiernc
ID: 8091167
Thanks for the info, the links are great.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The Summer 2017 Scholarship Winners have been announced!
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question