?
Solved

ports listening

Posted on 2003-02-27
6
Medium Priority
?
285 Views
Last Modified: 2010-04-13
Hello guys,
I got nailed by someone with firedeamon and a trojan. I have run netstat /an to see what ports are doing what but I am not a Guru in this area. What am I looking for that is bad? It does show that there are a bunch of ports listening. Can this be stopped? Which ones need to be listening?
Thanks a million
0
Comment
Question by:Premiernc
6 Comments
 
LVL 1

Author Comment

by:Premiernc
ID: 8034516
By the way, I am using win2k sp3. This is also my domain controller, running AD and DHCP and DNS.
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 8035451
You can control which ports are listening in a couple of ways. One would be to stop the services that are using these ports (ex. stop IIS to stop listening on tcp 80). You can also use filtering in the 'Options' tab of the advanced TCP/IP properties. This will not stop the services from listening to the port, but it will stop your computer from allowing a connection on a given port. As far as which ports you *need* - this depends on what you're trying to do. I would look up the ports you are currently listening on isiomthink you will need based on the link below, then disable all but those ports and test.
You'll need port 53 for DNS, port 67 for DHCP, plus 137,138,139 for


http://www.iana.org/assignments/port-numbers
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 8035491
You can control which ports are listening in a couple of ways. One would be to stop the services that are using these ports (ex. stop IIS to stop listening on tcp 80). You can also use filtering in the 'Options' tab of the advanced TCP/IP properties. This will not stop the services from listening to the port, but it will stop your computer from allowing a connection on a given port. As far as which ports you *need* - this depends on what you're trying to do. I would look up the ports you are currently listening on using the link below, then disable the ones you don't think you need, and test.
You'll at least need port 53 for DNS, port 67 for DHCP, plus 137,138,139 for NetBIOS services, probably 389 for LDAP, 1512 if you use WINS, 42 for WINS replication...and on it goes.

http://www.iana.org/assignments/port-numbers

Here's another link to help in this regards. It discusses which firewall ports AC uses for replications.
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/ittasks/tasks/adrepfir.asp

HTH,
JP
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
LVL 1

Accepted Solution

by:
donnyr10 earned 400 total points
ID: 8035950
This link  is an excellent resource

SWEET !!!!!!!!!!!

http://www.robertgraham.com/pubs/firewall-seen.html

Also use Fport
fport reports all open TCP/IP and UDP ports and maps them to the owning application

http://www.foundstone.com/knowledge/proddesc/fport.html

Keep these links handy
They are very very good..

Hope this helps you out buddy

Take Care
./Donny
0
 
LVL 8

Expert Comment

by:netmage
ID: 8038076
Without having to go into the depths of getting a full understanding of how ip ports are used and which ones you need, You could use the zonelabs zonealarm to monitor all your ip traffic.

Simply, just lets its wizard annoy you to block or allow ip traffic but don;t allow permanent blocks until you sort out what ip resources you need and block the rest.



0
 
LVL 1

Author Comment

by:Premiernc
ID: 8091167
Thanks for the info, the links are great.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Good news! Plesk 12.5 (with update #28 and above) now includes support for HTTP/2. This is a major update to HTTP1.1, which is over 15 years old. Read below to learn how to enable HTTP/2 on your Media Temple DV with Plesk.
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
SQL Database Recovery Software repairs the MDF & NDF Files, corrupted due to hardware related issues or software related errors. Provides preview of recovered database objects and allows saving in either MSSQL, CSV, HTML or XLS format. Ensures recov…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question