Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 344
  • Last Modified:

Open ports on WinXP

helo!

i have winxp pro.. i have open port 25 and 110.. how can i disable it?
i have make choise what kind of services can run and what not.. but i did't find
and SMTP or POP3 services in "services" in "administrative tools".

btw is there any other way to get more poits?
or can i noly buy them?

tnx!

c'ya
0
guest51
Asked:
guest51
  • 11
  • 8
  • 6
  • +7
1 Solution
 
DiegoCruzCommented:
Take a look at the "advanced" tab of the properties of your Internet Connection. There you can find a button that can help you to configure the firewall of Windows XP.

Hope this helps
0
 
MSGeekCommented:
TCP and UDP are like channels on your TV.  They are a way for the TCP/IP suite of protocols to communicate.  SMTP uses port 25 and is the Simple Mail Transfer Protocol.  It is used by mail programs like Outlook to send outgoing mail.  Port 110 is used by POP3 to retrieve incoming mail.  You can view a list of registered ports at:
http://www.ietf.org/rfc/rfc1700.txt?number=1700

Ports are not something you buy, they are assigned by the organizations that come up with the standards for TCP/IP.

I hope this helps, blocking those ports may disable your ability to send or receive e-mail.
0
 
Ghost_HackerCommented:
hmmmm...I think he meant points :-)


Also you might want to check that your not running the SMTP "service" on IIS or some other email server software.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
HomiebrahCommented:
If you did a default load of XP Pro, then SMTP should not be running.  It would be open, however, if you leave your email client running, or some other application that uses 25 and 110 for email, such as a spam blocker, YahooPops!, etc.  

Using a firewall would help narrow down what is using those ports, as you would have to specify a rule for the application to be allowed access through those ports.  Of course, XP has a firewall, but there are much better ones at there that do a more thorough job.
0
 
Flash828Commented:
Do you have IIS (Internet Information Services) running?  If so they provide SMTP and POP services and thus open the ports.  IIS will be running as a service, however if you run "mmc", then add the snap-in for IIS you will see the deatails regarding this.  I believe IIS is also accesible from control panel->administrative Tools->IIS.

0
 
zhang7pengCommented:
port is not a real port. It is just a service. Shut down the service also shut down the port.
you can turn down all service related to the port.
0
 
MSGeekCommented:
Ghost Hacker.. thx  :)

zhang.. ports are ports. It is true services are assigne to ports to communicate, but shutting the service down does not necessarily close the port.
0
 
hitbyaparkedcarCommented:
i need to close port 5001 i got a trojan in it called Sockets de Troie how do i close it
0
 
pjedmondCommented:
hitbyaparkedcar - Well you start off by asking a seperate question, and not adding on to someone elses:)
0
 
Flash828Commented:
seriously.. I was just ignoring that
0
 
hitbyaparkedcarCommented:
how do i start a new thing
0
 
MSGeekCommented:
Upper left of screen click on "Ask your question"  Do this when your in the appropriate area, this area is for WinXP issues.
0
 
ferg-oCommented:
TCP or UDP? If TCP:

First disable IIS in computer management. Then shut down your mail client. Then run a netstat -an |find "110" then do the same for "25" Anything? If there is anything scan your machine for viruses, could be a trojan, also check your process list in taksmgr for things that look suss.

You may have just seen your machine doing a send/receive for email - especially likely if you have a short check interval. If you turn on the XP firewall in advanced interface settings for your 'net connection then the listening ports will be invisible from the Internet.
0
 
hitbyaparkedcarCommented:
ok, i also did wat u said but when i open netstat -an it closes automatically
0
 
hitbyaparkedcarCommented:
then i just ran netstat by itself and it came up showing me all the traffic through my computer but.....it went down for a little bit then it closed the window. it showed my dads server going through it but it also showed something that i never saw. it said hal-d023e.blue.aol.com:5190  established. but then it showed a list of my dads server things called comprotech.com then a bunch of different numbers then it just shut the screen down. i no for sure i have a trojan called Sockets de Troie but then i did a port scan with something i got off of www.downloads.com and it showed a whole bunch more like 250 trojans or sometin like that in a whole bunch of ports. but all but 4 of the ports were closed anyway. also when i shutdown my computer a file came up saying IEXPLORER.exe is not responing. i never heard of iexplorer but i have heard of explorer.exe. also when i got to download some things off of download.com or somewhere it says Acces to specific program(i think),path, or (sometin else that just left my head) denied. please help. again my email is matt@comprotech.com . thank you
0
 
ferg-oCommented:
OK - you REALLY need to scan & clean your machine for viruses. This will get rid of your trojans. By the sounds of it you are owned. iexplore.exe is def a trojan. If you don't have a commercial AV scanner like McAfee or Norton then I suggest this one:

http://www.grisoft.com/html/us_downl.htm

It's free & it's good - download it, update it and run a thorough scan & clean on your machine - will get rid of most of the trojans. Some may need to be manually removed but the scanner will tell you it couldn't get rid of them - do a search on them at mcafee.com etc, usually they have cleaners for thes.

Also get a firewall!! Cheap and functional is the Linksys BEFSX41 and will protect you and any other machines inside.  

0
 
Ghost_HackerCommented:
Iexplore.exe is simple Internet explorer. Internet Explorer can run in one of two "processes"...Explorer or iexplorer...how much memory you have is a factor in what "process" IE runs in.


Second... email clients should TALK to ports 110 and 25 but they should not be OPENING them on your computer. Those ports are "reserved" for email servers or MTAs not mail clints link Outlook Express. Clients should open high ports (any port above 1025) when talking to email servers.

If your not running an "email" server then those ports should not be open on YOUR computer nor in a "listening" state.


Also try running this command;

netstat -a >ports.txt


That will create a text file called "ports.txt" ,with the output from netstat that, you can open in notepad for easy viewing. (DO NOT POST THAT INFO ON THIS BOARD or you will be "owned" :-) )


Be aware
0
 
Ghost_HackerCommented:
hmmmmm.. my last line typed is a not comptete line...I thought I deleted it. OH well.....:-)


Anyway, I always recommend that if you find a trojan on your system, it's best to rebuild the system and restore data from backups. It's easier to do and makes sure that you got any backdoors the bad guy might have left.


If that's not something you can do or want to do, then do a Goggle search for trojan removers. (I use "swat it" but there are a few good ones out there.) Trojans removers can sometime do a good job of ..welll....trojan removal.

Also , as ferq-o mentioned, a lot of virus companies have detail instructions for removing various trojans and viruses. So give them a look.
0
 
hitbyaparkedcarCommented:
i scanned my computer like 100 times with symatec and it didnt find anything. but whevev i try to run netstat -an it opnes tha box then shuts it down right away. samething when i type netstat, but tha waits a fews econds. and sometimes when i try to donwload so,mething a thing comes up sayign Access to specific device,path,(and somethings else) denied. wat does that mean
0
 
hitbyaparkedcarCommented:
same thing when i tried to type in netstat -a >ports.txt and where would i creat the file
0
 
Ghost_HackerCommented:
Darn......I wish I could edit these darn post :-)


I just remembered one thing that does open ports 110 and 25 on you computer. Email scanners made by some virus scanning companies are used like "email proxies". These "proxies" will  set between your email client and the email servers those clients talk too.


If your running one you might see those ports open on your system.
0
 
Ghost_HackerCommented:
If you typed that line while the promtp was in "c:\windows" then that's where the file would be.


OR you can do a "find" for it.
0
 
Ghost_HackerCommented:
Also open a "command prompt" then type the commands...If you just type them into the "run" box the window will open and then close when the program is finished.
0
 
MSGeekCommented:
GH, I'm not trying to jump in, but as you noticed he has been typing these commands in the run box....

To be more explicit, if you go to run and type: "cmd" then type: "cd \"  this will put you at the root of your current drive which should be C:. Then type "netstat -a > ports.txt"

Your file ports.txt will be at the root of your C: drive when you look for it with explorer.

I concur with the rebuild recommendation.
0
 
hitbyaparkedcarCommented:
i found the file but it didnt have anything in it. i rebooted my computer and this time it worked but i didnt sewe anythign in the port.txt file
0
 
Ghost_HackerCommented:
Ok..here's where things can get ugly.

There can be 2 reasons that netstat returned no resultes. (assuming that you ran the program correctly,but since the "ports.txt" file was created we can assume that you did everything right)

Either A... you don't have any open ports on your computer. Which is rare on a Windows box, since Windows by default always has a port in the 135-139 range open, sometimes  even if you disable the services that listen on those ports. Still it can be done if your running "NT".

Or B...the "netstat" your running is a trojan version.

To verify all this you can simply go to another Windows computer (hopefully this one doesn't have a "trojan" problem) and make a copy of it's "netstat.exe" to a floppy disk. ( it's in the "windows" directory) Once your have your copy , write protect the floppy ( I know seems silly, but bear with me ), Now go over to the other computer put your floppy in and open a command prompt, change the directory to "a:\" and type "netstat -an". Make a mental note of what you see and then try the same thing with the other version of netstat by typing "c:\" and then "netstat -an". If the output is VERY diffrent, then the old netstat is proably a trojan version.

If the output is the same (or close since a port's status can change between runnings), then you can trust what your seeing.


This is why rebuilding a computer after a "hack" can be a lot easier then cleaning one after a "hack". But if you don't mind a little work,it's doable.
0
 
hitbyaparkedcarCommented:
ok, thansk alot. i will do that when i get back from school
0
 
Ghost_HackerCommented:
I reread this post and noticed your using XP.

So you may want to use a "pipe" to pause netstat's display.
After changing to the right "drive" type "netstat -an |more"

The "|" is the top character above the key with "\" as the bottom character. (look near the "enter" key.)


Also netstat won't be in the "windows" directory but will proably be located in the "winnt\system32" folder. ( if I'm wrong, and I could be since I don't remember XP's directory stucture, just do a "find" for it. (hit the "f3" key while explorer is open, type in netstat and it'll take you right to it.)


Netstat in XP also has the "o" option (netstat -ano ) which can be use to track the open port back to the program that opened it.It will display a "pid" number for a port which you can then compare to the output of this command "tasklist /svc" to find the program with that same "pid". ( if your "new" netstat doesn't come from an XP box you won't have the "o" option)

Just another tool you can use to track what program opened those ports.


Let us know if you run into any problems.

0
 
hitbyaparkedcarCommented:
um. i dont have xp. i have 2000 pro. the other person has xp
0
 
hitbyaparkedcarCommented:
anyway i did the ports thing and it worked this time. it wasnt a virus. thanks alot. i am still going to reformatt my computer this friday. thsnkd alot
0
 
MSGeekCommented:
What the hay are we doing here helping hitbyaparkedcar??  

Pjedmond said "hitbyaparkedcar - Well you start off by asking a seperate question, and not adding on to someone elses:)"

Pjedmond, I am sorry I answered any of his (hitbyaparked car's) questions.
0
 
hitbyaparkedcarCommented:
well thank u very much. i did this before i new how to post my own messages.
0
 
CleanupPingCommented:
guest51:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
ferg-oCommented:
Looks like we were all taken for a ride on this one. Rebuild your machine pal. GH - the name iexplorer.exe has been used for trojans - maybe it was a typo on the part of hbapc but the executable for IE is iexplore.exe like you said.

0
 
MSGeekCommented:
guest51 and hitbyaparkedcar should lose their accounts for this abusive question, he/she (singular) rec'd a lot of good feedback here for nothing.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 11
  • 8
  • 6
  • +7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now