?
Solved

What ports to close

Posted on 2004-09-06
13
Medium Priority
?
1,230 Views
Last Modified: 2010-04-09
I have Windows Xp with SP2. I've enabled the ICF and TCP/IP filtering. I know ICF makes a good job but I whant to add TCP/IP filtering functionality as a suppliment. :)
  What ports should I close or what ports should I leave open for a simple connection to the internet to work. I know that Ie or browsing works on 80 or 8080 and DNS service is at 53. Plus 137,139, 445 are for File print and sharing ( Functionality that I need ).
 Thanks !
0
Comment
Question by:CosminSocaciu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +1
13 Comments
 
LVL 6

Assisted Solution

by:bloemkool1980
bloemkool1980 earned 180 total points
ID: 11994174
If you use winXP you can only close ports inbound. So if you do not need any services to be accessible via internet close everything down.
Outbound will still work.
If you have a webserver running on your XP you should leave port 80 open for inbound. It is best you close every windows related port such as 445.
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 11994269
..8080 is a proxy address witch is not used by IE if this is not a business environment.
File and print got its own mechanism in SP2, so no port numbers there..
0
 

Author Comment

by:CosminSocaciu
ID: 11994452
I have a simple workstation connected to the Internet. It isn't a webserver and neigher a business environment . I whant to have Share & Print functions over the Lan and to be fully secure to the Internet(if that is possible :) ) . So I thought to close all unnecessary ports.
 For exemple When I'm on a site my computer rings. Rings as a telephone rings. I have Yahoo messenger on and nothing else (at least as I know). The headphnes play a ring sound for 3 times and then pause for 5-10 ' and then again. I've checked the sound themes and set to "none" (thought is a netmeeting ring) but no response. I've noticed that the ring is not for a pariculary site but it is when browser is open (Ie 6)
  As I experince this I thought it's an attack to some of my opend ports so I've decided to close all unnecessary ones.
 
 So, what should I allow and what to deny with TCP/IP filtering ?
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 6

Assisted Solution

by:bloemkool1980
bloemkool1980 earned 180 total points
ID: 11994474
Well as I said.
You have one NIC to internet and one to your LAN normally. THe one to internet you have to deny all inbound traffic and you will be fine.
XP per defautl does that when you enable the firewall so you are safe. The NIC going to your LAN is ok and should accept traffic from your LAN.
So you do not have to do anything as all ports on to internet are blocked.
0
 

Author Comment

by:CosminSocaciu
ID: 11994487
:)
 It's true, BUT:
 I have only one NIC, same for Lan and connection to the internet.
What to do then...
0
 
LVL 15

Assisted Solution

by:mattisflones
mattisflones earned 195 total points
ID: 11994493
As far as i know you dont have to block anything!
SP2`s firewall is built with the same technology that is used in their ISA server (Business firewall and proxy) and it does by default deny all connections. What you could do to make sure is to enter the security center->Firewall and set the "do not allow exeptions" on.. and simply allow what you need..
As you propably know theres no way one can trus MS products totally.. but if theres an error in this firewall configuring other port blocking features wont help as it is the first instance for communication. The TCP/IP filtering is allready built into the firewall...

As for your ringing tones.. I dont have a clue.. might it be the pop-up-blocker sound warning?
0
 
LVL 15

Accepted Solution

by:
mattisflones earned 195 total points
ID: 11994513
>>I have only one NIC, same for Lan and connection to the internet.
Well, basically you cant make that 100% safe as the MS firewall lack the features you find in ex: Zonealarm.. Maybe it would be a better choice for you?!
0
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 11994520
thanks for using my answer and not giving me a grade
really good job
0
 

Author Comment

by:CosminSocaciu
ID: 11995793
YES, please
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 11995849
Oh, please.. Dont be so cranky bloemkool1980, behave like an expert! The acceptance of a comment here is most subjective, and theres no way uou can claim "your" comment is right for the asker aslong as he/she does not explain the why`s and what`s...
0
 
LVL 15

Expert Comment

by:samri
ID: 11996049
I think it's true that it's up to the asker to decide, but still they are responsible to decide the best among the good answer.

I believe AnnieMod should be able to assist! "Use the Force!" :)

This one is even worst, believe me!.
http://www.experts-exchange.com/Web/Web_Servers/Apache/Q_20273863.html

cheers.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question