[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Closing port 25 and 110 on Server 2003

Posted on 2006-04-29
10
Medium Priority
?
1,375 Views
Last Modified: 2013-12-04
Hey all,

Working on locking down our new server here. I did a port scan with LanGuard and it shows the server has port 25 and 110 open. This server will not be running exchange or any other mail server. I want to close the ports for 25 and 110.

How do I accompliish this?

I do not see SMTP or POP3 listed as services under computer management.
Exchange Server and IIS are NOT installed.

But, I still see the ports open when scanning the server.

What am I missing here? :-)
0
Comment
Question by:kruptos
  • 5
  • 3
  • 2
10 Comments
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 16569317
Telnet to them - do they respond?  What responds?  Usually the service identifies itself
0
 
LVL 4

Author Comment

by:kruptos
ID: 16569341
I can telnet to them but no banners are displayed. Just lets me open the telnet session. no command prompt just opens the session.
0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 16569350
Do you have IIS installed?  That has the ability to support SMTP - check IIS Administrator for a list of services including SMTP.

Also, on a command prompt, type
NET START > c:\ServicesRunning.txt
Then paste the contents of c:\servicesrunning.txt
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Author Comment

by:kruptos
ID: 16569414
IIS is not installed. Here is the info:

These Windows services are started:

   Application Experience Lookup Service
   Automatic Updates
   COM+ Event System
   Computer Browser
   Cryptographic Services
   DCOM Server Process Launcher
   DHCP Client
   Distributed File System
   Distributed Transaction Coordinator
   DNS Client
   DNS Server
   Error Reporting Service
   Event Log
   File Replication Service
   Help and Support
   Intel Alert Handler
   Intel Alert Originator
   Intel File Transfer
   Intel PDS
   Intersite Messaging
   IPSEC Services
   Kerberos Key Distribution Center
   Logical Disk Manager
   Net Logon
   Network Connections
   Network Location Awareness (NLA)
   Plug and Play
   Print Spooler
   Protected Storage
   Remote Access Connection Manager
   Remote Procedure Call (RPC)
   Remote Registry
   Secondary Logon
   Security Accounts Manager
   Server
   Shell Hardware Detection
   Symantec AntiVirus
   Symantec AntiVirus Definition Watcher
   Symantec Event Manager
   Symantec Settings Manager
   Symantec System Center Discovery Service
   System Event Notification
   Task Scheduler
   TCP/IP NetBIOS Helper
   Telephony
   Terminal Services
   Windows Audio
   Windows Management Instrumentation
   Windows Time
   Wireless Configuration
   Workstation
0
 
LVL 32

Expert Comment

by:r-k
ID: 16569433
You can see which applications have which ports open by typing:

 netstat -ab

at a command prompt.

Another good program for this purpose is TCPview from:

 http://www.sysinternals.com/Utilities/TcpView.html
0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 16569455
Well, theres a service or two I don't recall seeing before (Application Experience Lookup Service) but otherwise, you've got me stumped, I just don't see anything that should be using those ports.  I thought at my last post you didn't account for IIS and maybe you looked for POP3 Service as opposed to Microsoft or Windows POP3 service (which would of course alphabetize differently).
0
 
LVL 32

Expert Comment

by:r-k
ID: 16569460
When you run "netstat -ab" the list may scroll off the screen. You can save it to a text file with:

 netstat -ab > list.txt

and then review list.txt with Notepad.
0
 
LVL 4

Author Comment

by:kruptos
ID: 16569519
This is what i get :

Although it does now show the ports here, it does show it when I scan with Languard and Nmap.

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    BLACK:kerberos         BLACK.JAGUAR.Local:0   LISTENING       820
  [lsass.exe]

  TCP    BLACK:epmap            BLACK.JAGUAR.Local:0   LISTENING       1272
  RpcSs
  [svchost.exe]

  TCP    BLACK:ldap             BLACK.JAGUAR.Local:0   LISTENING       820
  [lsass.exe]

  TCP    BLACK:microsoft-ds     BLACK.JAGUAR.Local:0   LISTENING       4
  [System]

  TCP    BLACK:kpasswd          BLACK.JAGUAR.Local:0   LISTENING       820
  [lsass.exe]

  TCP    BLACK:http-rpc-epmap   BLACK.JAGUAR.Local:0   LISTENING       1272
  RpcSs
  [svchost.exe]

  TCP    BLACK:ldaps            BLACK.JAGUAR.Local:0   LISTENING       820
  [lsass.exe]

  TCP    BLACK:1026             BLACK.JAGUAR.Local:0   LISTENING       820
  [lsass.exe]

  TCP    BLACK:1027             BLACK.JAGUAR.Local:0   LISTENING       820
  [lsass.exe]

  TCP    BLACK:1044             BLACK.JAGUAR.Local:0   LISTENING       352
  [dns.exe]

  TCP    BLACK:1051             BLACK.JAGUAR.Local:0   LISTENING       648
  [ntfrs.exe]

  TCP    BLACK:2967             BLACK.JAGUAR.Local:0   LISTENING       1172
  [Rtvscan.exe]

  TCP    BLACK:msft-gc          BLACK.JAGUAR.Local:0   LISTENING       820
  [lsass.exe]

  TCP    BLACK:msft-gc-ssl      BLACK.JAGUAR.Local:0   LISTENING       820
  [lsass.exe]

  TCP    BLACK:ms-wbt-server    BLACK.JAGUAR.Local:0   LISTENING       2160
  TermService
  [svchost.exe]

  TCP    BLACK:12174            BLACK.JAGUAR.Local:0   LISTENING       1848
  [xfr.exe]

  TCP    BLACK:38292            BLACK.JAGUAR.Local:0   LISTENING       1544
  [MsgSys.EXE]

  TCP    BLACK:domain           BLACK.JAGUAR.Local:0   LISTENING       352
  [dns.exe]

  TCP    BLACK:1059             BLACK.JAGUAR.Local:0   LISTENING       1848
  [xfr.exe]

  TCP    BLACK:netbios-ssn      BLACK.JAGUAR.Local:0   LISTENING       1328
  [svchost.exe]

  TCP    BLACK:domain           BLACK.JAGUAR.Local:0   LISTENING       352
  [dns.exe]

  TCP    BLACK:netbios-ssn      BLACK.JAGUAR.Local:0   LISTENING       4
  [System]

  TCP    BLACK:ldap             BLACK.JAGUAR.Local:1035  ESTABLISHED     820
  [lsass.exe]

  TCP    BLACK:ldap             BLACK.JAGUAR.Local:activesync  ESTABLISHED     820
  [lsass.exe]

  TCP    BLACK:ldap             BLACK.JAGUAR.Local:1036  ESTABLISHED     820
  [lsass.exe]

  TCP    BLACK:ldap             BLACK.JAGUAR.Local:1040  ESTABLISHED     820
  [lsass.exe]

  TCP    BLACK:1026             BLACK.JAGUAR.Local:1049  ESTABLISHED     820
  [lsass.exe]

  TCP    BLACK:activesync       BLACK.JAGUAR.Local:ldap  ESTABLISHED     496
  [ismserv.exe]

  TCP    BLACK:1035             BLACK.JAGUAR.Local:ldap  ESTABLISHED     496
  [ismserv.exe]

  TCP    BLACK:1036             BLACK.JAGUAR.Local:ldap  ESTABLISHED     496
  [ismserv.exe]

  TCP    BLACK:1040             BLACK.JAGUAR.Local:ldap  ESTABLISHED     352
  [dns.exe]

  TCP    BLACK:1049             BLACK.JAGUAR.Local:1026  ESTABLISHED     820
  [lsass.exe]

  TCP    BLACK:epmap            BLACK.JAGUAR.Local:1278  ESTABLISHED     1272
  RpcSs
  [svchost.exe]

  TCP    BLACK:1278             BLACK.JAGUAR.Local:epmap  ESTABLISHED     392
  [mshta.exe]

  TCP    BLACK:epmap            206.89.122.179:1064    ESTABLISHED     1272
  RpcSs
  [svchost.exe]

  TCP    BLACK:epmap            206.89.122.179:1069    ESTABLISHED     1272
  RpcSs
  [svchost.exe]

  TCP    BLACK:ldap             BLACK.JAGUAR.Local:1053  ESTABLISHED     820
  [lsass.exe]

  TCP    BLACK:1026             206.89.122.179:1070    ESTABLISHED     820
  [lsass.exe]

  TCP    BLACK:1026             BLACK.JAGUAR.Local:1055  ESTABLISHED     820
  [lsass.exe]

  TCP    BLACK:1026             BLACK.JAGUAR.Local:1228  ESTABLISHED     820
  [lsass.exe]

  TCP    BLACK:1026             206.89.122.179:1071    ESTABLISHED     820
  [lsass.exe]

  TCP    BLACK:1026             206.89.122.179:1065    ESTABLISHED     820
  [lsass.exe]

  TCP    BLACK:1053             BLACK.JAGUAR.Local:ldap  ESTABLISHED     648
  [ntfrs.exe]

  TCP    BLACK:1055             BLACK.JAGUAR.Local:1026  ESTABLISHED     648
  [ntfrs.exe]

  TCP    BLACK:1228             BLACK.JAGUAR.Local:1026  ESTABLISHED     820
  [lsass.exe]

  TCP    BLACK:ms-wbt-server    206.89.122.200:3188    ESTABLISHED     2160
  TermService
  [svchost.exe]

  TCP    BLACK:1309             BLACK.JAGUAR.Local:ldap  CLOSE_WAIT      3916
  [mmc.exe]

  TCP    BLACK:2272             BLACK.JAGUAR.Local:ldap  CLOSE_WAIT      3916
  [mmc.exe]

  TCP    BLACK:2910             BLACK.JAGUAR.Local:ldap  CLOSE_WAIT      2784
  [mmc.exe]

  TCP    BLACK:2936             BLACK.JAGUAR.Local:ldap  CLOSE_WAIT      2784
  [mmc.exe]

  TCP    BLACK:3053             BLACK.JAGUAR.Local:microsoft-ds  TIME_WAIT       0
  UDP    BLACK:1050             *:*                                    512
  [NSCTOP.EXE]

  UDP    BLACK:1038             *:*                                    352
  [dns.exe]

  UDP    BLACK:ipsec-msft       *:*                                    820
  [lsass.exe]

  UDP    BLACK:1060             *:*                                    512
  [NSCTOP.EXE]

  UDP    BLACK:microsoft-ds     *:*                                    4
  [System]

  UDP    BLACK:38037            *:*                                    1544
  [MsgSys.EXE]

  UDP    BLACK:38293            *:*                                    480
  [pds.exe]

  UDP    BLACK:1028             *:*                                    1328
  Dhcp
  [svchost.exe]

  UDP    BLACK:1179             *:*                                    1328
  Dnscache
  [svchost.exe]

  UDP    BLACK:isakmp           *:*                                    820
  [lsass.exe]

  UDP    BLACK:ntp              *:*                                    1396
  W32Time
  [svchost.exe]

  UDP    BLACK:2403             *:*                                    3956
  [Explorer.EXE]

  UDP    BLACK:2909             *:*                                    2784
  [mmc.exe]

  UDP    BLACK:1097             *:*                                    288
  [Dfssvc.exe]

  UDP    BLACK:1282             *:*                                    3916
  [mmc.exe]

  UDP    BLACK:1216             *:*                                    3768
  [winlogon.exe]

  UDP    BLACK:2882             *:*                                    1368
  [IEXPLORE.EXE]

  UDP    BLACK:domain           *:*                                    352
  [dns.exe]

  UDP    BLACK:1080             *:*                                    748
  [winlogon.exe]

  UDP    BLACK:1164             *:*                                    3408
  [winlogon.exe]

  UDP    BLACK:3058             *:*                                    1164
  [hh.exe]

  UDP    BLACK:1039             *:*                                    352
  [dns.exe]

  UDP    BLACK:1037             *:*                                    352
  [dns.exe]

  UDP    BLACK:1033             *:*                                    496
  [ismserv.exe]

  UDP    BLACK:1052             *:*                                    648
  [ntfrs.exe]

  UDP    BLACK:kerberos         *:*                                    820
  [lsass.exe]

  UDP    BLACK:kpasswd          *:*                                    820
  [lsass.exe]

  UDP    BLACK:ntp              *:*                                    1396
  W32Time
  [svchost.exe]

  UDP    BLACK:389              *:*                                    820
  [lsass.exe]

  UDP    BLACK:netbios-ns       *:*                                    1328
  [svchost.exe]

  UDP    BLACK:netbios-dgm      *:*                                    1328
  [svchost.exe]

  UDP    BLACK:kpasswd          *:*                                    820
  [lsass.exe]

  UDP    BLACK:kerberos         *:*                                    820
  [lsass.exe]

  UDP    BLACK:domain           *:*                                    352
  [dns.exe]

  UDP    BLACK:389              *:*                                    820
  [lsass.exe]

  UDP    BLACK:ntp              *:*                                    1396
  W32Time
  [svchost.exe]

  UDP    BLACK:netbios-dgm      *:*                                    4
  [System]

  UDP    BLACK:netbios-ns       *:*                                    4
  [System]

0
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 16569531
I think your problem is the Antivirus scanner.  Stop it then scan again.

Reference:
http://m0n0.ch/wall/list/showmsg.php?id=94/4
0
 
LVL 97

Accepted Solution

by:
Lee W, MVP earned 2000 total points
ID: 16569532
Potentially more reliable link:
http://kbase.gfi.com/showarticle.asp?id=KBID002076
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Screencast - Getting to Know the Pipeline
Suggested Courses
Course of the Month20 days, 2 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question