Solved

What ports to close

Posted on 2004-09-06
13
1,220 Views
Last Modified: 2010-04-09
I have Windows Xp with SP2. I've enabled the ICF and TCP/IP filtering. I know ICF makes a good job but I whant to add TCP/IP filtering functionality as a suppliment. :)
  What ports should I close or what ports should I leave open for a simple connection to the internet to work. I know that Ie or browsing works on 80 or 8080 and DNS service is at 53. Plus 137,139, 445 are for File print and sharing ( Functionality that I need ).
 Thanks !
0
Comment
Question by:CosminSocaciu
  • 4
  • 3
  • 3
  • +1
13 Comments
 
LVL 6

Assisted Solution

by:bloemkool1980
bloemkool1980 earned 60 total points
ID: 11994174
If you use winXP you can only close ports inbound. So if you do not need any services to be accessible via internet close everything down.
Outbound will still work.
If you have a webserver running on your XP you should leave port 80 open for inbound. It is best you close every windows related port such as 445.
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 11994269
..8080 is a proxy address witch is not used by IE if this is not a business environment.
File and print got its own mechanism in SP2, so no port numbers there..
0
 

Author Comment

by:CosminSocaciu
ID: 11994452
I have a simple workstation connected to the Internet. It isn't a webserver and neigher a business environment . I whant to have Share & Print functions over the Lan and to be fully secure to the Internet(if that is possible :) ) . So I thought to close all unnecessary ports.
 For exemple When I'm on a site my computer rings. Rings as a telephone rings. I have Yahoo messenger on and nothing else (at least as I know). The headphnes play a ring sound for 3 times and then pause for 5-10 ' and then again. I've checked the sound themes and set to "none" (thought is a netmeeting ring) but no response. I've noticed that the ring is not for a pariculary site but it is when browser is open (Ie 6)
  As I experince this I thought it's an attack to some of my opend ports so I've decided to close all unnecessary ones.
 
 So, what should I allow and what to deny with TCP/IP filtering ?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 6

Assisted Solution

by:bloemkool1980
bloemkool1980 earned 60 total points
ID: 11994474
Well as I said.
You have one NIC to internet and one to your LAN normally. THe one to internet you have to deny all inbound traffic and you will be fine.
XP per defautl does that when you enable the firewall so you are safe. The NIC going to your LAN is ok and should accept traffic from your LAN.
So you do not have to do anything as all ports on to internet are blocked.
0
 

Author Comment

by:CosminSocaciu
ID: 11994487
:)
 It's true, BUT:
 I have only one NIC, same for Lan and connection to the internet.
What to do then...
0
 
LVL 15

Assisted Solution

by:mattisflones
mattisflones earned 65 total points
ID: 11994493
As far as i know you dont have to block anything!
SP2`s firewall is built with the same technology that is used in their ISA server (Business firewall and proxy) and it does by default deny all connections. What you could do to make sure is to enter the security center->Firewall and set the "do not allow exeptions" on.. and simply allow what you need..
As you propably know theres no way one can trus MS products totally.. but if theres an error in this firewall configuring other port blocking features wont help as it is the first instance for communication. The TCP/IP filtering is allready built into the firewall...

As for your ringing tones.. I dont have a clue.. might it be the pop-up-blocker sound warning?
0
 
LVL 15

Accepted Solution

by:
mattisflones earned 65 total points
ID: 11994513
>>I have only one NIC, same for Lan and connection to the internet.
Well, basically you cant make that 100% safe as the MS firewall lack the features you find in ex: Zonealarm.. Maybe it would be a better choice for you?!
0
 
LVL 6

Expert Comment

by:bloemkool1980
ID: 11994520
thanks for using my answer and not giving me a grade
really good job
0
 

Author Comment

by:CosminSocaciu
ID: 11995793
YES, please
0
 
LVL 15

Expert Comment

by:mattisflones
ID: 11995849
Oh, please.. Dont be so cranky bloemkool1980, behave like an expert! The acceptance of a comment here is most subjective, and theres no way uou can claim "your" comment is right for the asker aslong as he/she does not explain the why`s and what`s...
0
 
LVL 15

Expert Comment

by:samri
ID: 11996049
I think it's true that it's up to the asker to decide, but still they are responsible to decide the best among the good answer.

I believe AnnieMod should be able to assist! "Use the Force!" :)

This one is even worst, believe me!.
http://www.experts-exchange.com/Web/Web_Servers/Apache/Q_20273863.html

cheers.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question