?
Solved

Open ports on WinXP

Posted on 2003-03-08
37
Medium Priority
?
340 Views
Last Modified: 2013-12-04
helo!

i have winxp pro.. i have open port 25 and 110.. how can i disable it?
i have make choise what kind of services can run and what not.. but i did't find
and SMTP or POP3 services in "services" in "administrative tools".

btw is there any other way to get more poits?
or can i noly buy them?

tnx!

c'ya
0
Comment
Question by:guest51
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 8
  • 6
  • +7
37 Comments
 

Expert Comment

by:DiegoCruz
ID: 8093825
Take a look at the "advanced" tab of the properties of your Internet Connection. There you can find a button that can help you to configure the firewall of Windows XP.

Hope this helps
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8094919
TCP and UDP are like channels on your TV.  They are a way for the TCP/IP suite of protocols to communicate.  SMTP uses port 25 and is the Simple Mail Transfer Protocol.  It is used by mail programs like Outlook to send outgoing mail.  Port 110 is used by POP3 to retrieve incoming mail.  You can view a list of registered ports at:
http://www.ietf.org/rfc/rfc1700.txt?number=1700

Ports are not something you buy, they are assigned by the organizations that come up with the standards for TCP/IP.

I hope this helps, blocking those ports may disable your ability to send or receive e-mail.
0
 
LVL 4

Expert Comment

by:Ghost_Hacker
ID: 8096168
hmmmm...I think he meant points :-)


Also you might want to check that your not running the SMTP "service" on IIS or some other email server software.
0
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

 

Accepted Solution

by:
Homiebrah earned 120 total points
ID: 8096470
If you did a default load of XP Pro, then SMTP should not be running.  It would be open, however, if you leave your email client running, or some other application that uses 25 and 110 for email, such as a spam blocker, YahooPops!, etc.  

Using a firewall would help narrow down what is using those ports, as you would have to specify a rule for the application to be allowed access through those ports.  Of course, XP has a firewall, but there are much better ones at there that do a more thorough job.
0
 
LVL 3

Expert Comment

by:Flash828
ID: 8096536
Do you have IIS (Internet Information Services) running?  If so they provide SMTP and POP services and thus open the ports.  IIS will be running as a service, however if you run "mmc", then add the snap-in for IIS you will see the deatails regarding this.  I believe IIS is also accesible from control panel->administrative Tools->IIS.

0
 

Expert Comment

by:zhang7peng
ID: 8098075
port is not a real port. It is just a service. Shut down the service also shut down the port.
you can turn down all service related to the port.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8098361
Ghost Hacker.. thx  :)

zhang.. ports are ports. It is true services are assigne to ports to communicate, but shutting the service down does not necessarily close the port.
0
 

Expert Comment

by:hitbyaparkedcar
ID: 8108244
i need to close port 5001 i got a trojan in it called Sockets de Troie how do i close it
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 8109738
hitbyaparkedcar - Well you start off by asking a seperate question, and not adding on to someone elses:)
0
 
LVL 3

Expert Comment

by:Flash828
ID: 8109758
seriously.. I was just ignoring that
0
 

Expert Comment

by:hitbyaparkedcar
ID: 8115253
how do i start a new thing
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8115492
Upper left of screen click on "Ask your question"  Do this when your in the appropriate area, this area is for WinXP issues.
0
 
LVL 4

Expert Comment

by:ferg-o
ID: 8116471
TCP or UDP? If TCP:

First disable IIS in computer management. Then shut down your mail client. Then run a netstat -an |find "110" then do the same for "25" Anything? If there is anything scan your machine for viruses, could be a trojan, also check your process list in taksmgr for things that look suss.

You may have just seen your machine doing a send/receive for email - especially likely if you have a short check interval. If you turn on the XP firewall in advanced interface settings for your 'net connection then the listening ports will be invisible from the Internet.
0
 

Expert Comment

by:hitbyaparkedcar
ID: 8116610
ok, i also did wat u said but when i open netstat -an it closes automatically
0
 

Expert Comment

by:hitbyaparkedcar
ID: 8116682
then i just ran netstat by itself and it came up showing me all the traffic through my computer but.....it went down for a little bit then it closed the window. it showed my dads server going through it but it also showed something that i never saw. it said hal-d023e.blue.aol.com:5190  established. but then it showed a list of my dads server things called comprotech.com then a bunch of different numbers then it just shut the screen down. i no for sure i have a trojan called Sockets de Troie but then i did a port scan with something i got off of www.downloads.com and it showed a whole bunch more like 250 trojans or sometin like that in a whole bunch of ports. but all but 4 of the ports were closed anyway. also when i shutdown my computer a file came up saying IEXPLORER.exe is not responing. i never heard of iexplorer but i have heard of explorer.exe. also when i got to download some things off of download.com or somewhere it says Acces to specific program(i think),path, or (sometin else that just left my head) denied. please help. again my email is matt@comprotech.com . thank you
0
 
LVL 4

Expert Comment

by:ferg-o
ID: 8116752
OK - you REALLY need to scan & clean your machine for viruses. This will get rid of your trojans. By the sounds of it you are owned. iexplore.exe is def a trojan. If you don't have a commercial AV scanner like McAfee or Norton then I suggest this one:

http://www.grisoft.com/html/us_downl.htm

It's free & it's good - download it, update it and run a thorough scan & clean on your machine - will get rid of most of the trojans. Some may need to be manually removed but the scanner will tell you it couldn't get rid of them - do a search on them at mcafee.com etc, usually they have cleaners for thes.

Also get a firewall!! Cheap and functional is the Linksys BEFSX41 and will protect you and any other machines inside.  

0
 
LVL 4

Expert Comment

by:Ghost_Hacker
ID: 8118857
Iexplore.exe is simple Internet explorer. Internet Explorer can run in one of two "processes"...Explorer or iexplorer...how much memory you have is a factor in what "process" IE runs in.


Second... email clients should TALK to ports 110 and 25 but they should not be OPENING them on your computer. Those ports are "reserved" for email servers or MTAs not mail clints link Outlook Express. Clients should open high ports (any port above 1025) when talking to email servers.

If your not running an "email" server then those ports should not be open on YOUR computer nor in a "listening" state.


Also try running this command;

netstat -a >ports.txt


That will create a text file called "ports.txt" ,with the output from netstat that, you can open in notepad for easy viewing. (DO NOT POST THAT INFO ON THIS BOARD or you will be "owned" :-) )


Be aware
0
 
LVL 4

Expert Comment

by:Ghost_Hacker
ID: 8118910
hmmmmm.. my last line typed is a not comptete line...I thought I deleted it. OH well.....:-)


Anyway, I always recommend that if you find a trojan on your system, it's best to rebuild the system and restore data from backups. It's easier to do and makes sure that you got any backdoors the bad guy might have left.


If that's not something you can do or want to do, then do a Goggle search for trojan removers. (I use "swat it" but there are a few good ones out there.) Trojans removers can sometime do a good job of ..welll....trojan removal.

Also , as ferq-o mentioned, a lot of virus companies have detail instructions for removing various trojans and viruses. So give them a look.
0
 

Expert Comment

by:hitbyaparkedcar
ID: 8118927
i scanned my computer like 100 times with symatec and it didnt find anything. but whevev i try to run netstat -an it opnes tha box then shuts it down right away. samething when i type netstat, but tha waits a fews econds. and sometimes when i try to donwload so,mething a thing comes up sayign Access to specific device,path,(and somethings else) denied. wat does that mean
0
 

Expert Comment

by:hitbyaparkedcar
ID: 8118943
same thing when i tried to type in netstat -a >ports.txt and where would i creat the file
0
 
LVL 4

Expert Comment

by:Ghost_Hacker
ID: 8118955
Darn......I wish I could edit these darn post :-)


I just remembered one thing that does open ports 110 and 25 on you computer. Email scanners made by some virus scanning companies are used like "email proxies". These "proxies" will  set between your email client and the email servers those clients talk too.


If your running one you might see those ports open on your system.
0
 
LVL 4

Expert Comment

by:Ghost_Hacker
ID: 8118962
If you typed that line while the promtp was in "c:\windows" then that's where the file would be.


OR you can do a "find" for it.
0
 
LVL 4

Expert Comment

by:Ghost_Hacker
ID: 8119009
Also open a "command prompt" then type the commands...If you just type them into the "run" box the window will open and then close when the program is finished.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8119417
GH, I'm not trying to jump in, but as you noticed he has been typing these commands in the run box....

To be more explicit, if you go to run and type: "cmd" then type: "cd \"  this will put you at the root of your current drive which should be C:. Then type "netstat -a > ports.txt"

Your file ports.txt will be at the root of your C: drive when you look for it with explorer.

I concur with the rebuild recommendation.
0
 

Expert Comment

by:hitbyaparkedcar
ID: 8122757
i found the file but it didnt have anything in it. i rebooted my computer and this time it worked but i didnt sewe anythign in the port.txt file
0
 
LVL 4

Expert Comment

by:Ghost_Hacker
ID: 8125312
Ok..here's where things can get ugly.

There can be 2 reasons that netstat returned no resultes. (assuming that you ran the program correctly,but since the "ports.txt" file was created we can assume that you did everything right)

Either A... you don't have any open ports on your computer. Which is rare on a Windows box, since Windows by default always has a port in the 135-139 range open, sometimes  even if you disable the services that listen on those ports. Still it can be done if your running "NT".

Or B...the "netstat" your running is a trojan version.

To verify all this you can simply go to another Windows computer (hopefully this one doesn't have a "trojan" problem) and make a copy of it's "netstat.exe" to a floppy disk. ( it's in the "windows" directory) Once your have your copy , write protect the floppy ( I know seems silly, but bear with me ), Now go over to the other computer put your floppy in and open a command prompt, change the directory to "a:\" and type "netstat -an". Make a mental note of what you see and then try the same thing with the other version of netstat by typing "c:\" and then "netstat -an". If the output is VERY diffrent, then the old netstat is proably a trojan version.

If the output is the same (or close since a port's status can change between runnings), then you can trust what your seeing.


This is why rebuilding a computer after a "hack" can be a lot easier then cleaning one after a "hack". But if you don't mind a little work,it's doable.
0
 

Expert Comment

by:hitbyaparkedcar
ID: 8127321
ok, thansk alot. i will do that when i get back from school
0
 
LVL 4

Expert Comment

by:Ghost_Hacker
ID: 8127913
I reread this post and noticed your using XP.

So you may want to use a "pipe" to pause netstat's display.
After changing to the right "drive" type "netstat -an |more"

The "|" is the top character above the key with "\" as the bottom character. (look near the "enter" key.)


Also netstat won't be in the "windows" directory but will proably be located in the "winnt\system32" folder. ( if I'm wrong, and I could be since I don't remember XP's directory stucture, just do a "find" for it. (hit the "f3" key while explorer is open, type in netstat and it'll take you right to it.)


Netstat in XP also has the "o" option (netstat -ano ) which can be use to track the open port back to the program that opened it.It will display a "pid" number for a port which you can then compare to the output of this command "tasklist /svc" to find the program with that same "pid". ( if your "new" netstat doesn't come from an XP box you won't have the "o" option)

Just another tool you can use to track what program opened those ports.


Let us know if you run into any problems.

0
 

Expert Comment

by:hitbyaparkedcar
ID: 8131081
um. i dont have xp. i have 2000 pro. the other person has xp
0
 

Expert Comment

by:hitbyaparkedcar
ID: 8131164
anyway i did the ports thing and it worked this time. it wasnt a virus. thanks alot. i am still going to reformatt my computer this friday. thsnkd alot
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8132240
What the hay are we doing here helping hitbyaparkedcar??  

Pjedmond said "hitbyaparkedcar - Well you start off by asking a seperate question, and not adding on to someone elses:)"

Pjedmond, I am sorry I answered any of his (hitbyaparked car's) questions.
0
 

Expert Comment

by:hitbyaparkedcar
ID: 8132593
well thank u very much. i did this before i new how to post my own messages.
0
 

Expert Comment

by:CleanupPing
ID: 9070763
guest51:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 4

Expert Comment

by:ferg-o
ID: 9075929
Looks like we were all taken for a ride on this one. Rebuild your machine pal. GH - the name iexplorer.exe has been used for trojans - maybe it was a typo on the part of hbapc but the executable for IE is iexplore.exe like you said.

0
 
LVL 9

Expert Comment

by:MSGeek
ID: 9084733
guest51 and hitbyaparkedcar should lose their accounts for this abusive question, he/she (singular) rec'd a lot of good feedback here for nothing.
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses
Course of the Month8 days, 6 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question