Premiernc
asked on
ports listening
Hello guys,
I got nailed by someone with firedeamon and a trojan. I have run netstat /an to see what ports are doing what but I am not a Guru in this area. What am I looking for that is bad? It does show that there are a bunch of ports listening. Can this be stopped? Which ones need to be listening?
Thanks a million
I got nailed by someone with firedeamon and a trojan. I have run netstat /an to see what ports are doing what but I am not a Guru in this area. What am I looking for that is bad? It does show that there are a bunch of ports listening. Can this be stopped? Which ones need to be listening?
Thanks a million
You can control which ports are listening in a couple of ways. One would be to stop the services that are using these ports (ex. stop IIS to stop listening on tcp 80). You can also use filtering in the 'Options' tab of the advanced TCP/IP properties. This will not stop the services from listening to the port, but it will stop your computer from allowing a connection on a given port. As far as which ports you *need* - this depends on what you're trying to do. I would look up the ports you are currently listening on isiomthink you will need based on the link below, then disable all but those ports and test.
You'll need port 53 for DNS, port 67 for DHCP, plus 137,138,139 for
http://www.iana.org/assignments/port-numbers
You'll need port 53 for DNS, port 67 for DHCP, plus 137,138,139 for
http://www.iana.org/assignments/port-numbers
You can control which ports are listening in a couple of ways. One would be to stop the services that are using these ports (ex. stop IIS to stop listening on tcp 80). You can also use filtering in the 'Options' tab of the advanced TCP/IP properties. This will not stop the services from listening to the port, but it will stop your computer from allowing a connection on a given port. As far as which ports you *need* - this depends on what you're trying to do. I would look up the ports you are currently listening on using the link below, then disable the ones you don't think you need, and test.
You'll at least need port 53 for DNS, port 67 for DHCP, plus 137,138,139 for NetBIOS services, probably 389 for LDAP, 1512 if you use WINS, 42 for WINS replication...and on it goes.
http://www.iana.org/assignments/port-numbers
Here's another link to help in this regards. It discusses which firewall ports AC uses for replications.
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/ittasks/tasks/adrepfir.asp
HTH,
JP
You'll at least need port 53 for DNS, port 67 for DHCP, plus 137,138,139 for NetBIOS services, probably 389 for LDAP, 1512 if you use WINS, 42 for WINS replication...and on it goes.
http://www.iana.org/assignments/port-numbers
Here's another link to help in this regards. It discusses which firewall ports AC uses for replications.
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/ittasks/tasks/adrepfir.asp
HTH,
JP
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Without having to go into the depths of getting a full understanding of how ip ports are used and which ones you need, You could use the zonelabs zonealarm to monitor all your ip traffic.
Simply, just lets its wizard annoy you to block or allow ip traffic but don;t allow permanent blocks until you sort out what ip resources you need and block the rest.
Simply, just lets its wizard annoy you to block or allow ip traffic but don;t allow permanent blocks until you sort out what ip resources you need and block the rest.
ASKER
Thanks for the info, the links are great.
ASKER