kruptos
asked on
Closing port 25 and 110 on Server 2003
Hey all,
Working on locking down our new server here. I did a port scan with LanGuard and it shows the server has port 25 and 110 open. This server will not be running exchange or any other mail server. I want to close the ports for 25 and 110.
How do I accompliish this?
I do not see SMTP or POP3 listed as services under computer management.
Exchange Server and IIS are NOT installed.
But, I still see the ports open when scanning the server.
What am I missing here? :-)
Working on locking down our new server here. I did a port scan with LanGuard and it shows the server has port 25 and 110 open. This server will not be running exchange or any other mail server. I want to close the ports for 25 and 110.
How do I accompliish this?
I do not see SMTP or POP3 listed as services under computer management.
Exchange Server and IIS are NOT installed.
But, I still see the ports open when scanning the server.
What am I missing here? :-)
Telnet to them - do they respond? What responds? Usually the service identifies itself
ASKER
I can telnet to them but no banners are displayed. Just lets me open the telnet session. no command prompt just opens the session.
Do you have IIS installed? That has the ability to support SMTP - check IIS Administrator for a list of services including SMTP.
Also, on a command prompt, type
NET START > c:\ServicesRunning.txt
Then paste the contents of c:\servicesrunning.txt
Also, on a command prompt, type
NET START > c:\ServicesRunning.txt
Then paste the contents of c:\servicesrunning.txt
ASKER
IIS is not installed. Here is the info:
These Windows services are started:
Application Experience Lookup Service
Automatic Updates
COM+ Event System
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
Distributed File System
Distributed Transaction Coordinator
DNS Client
DNS Server
Error Reporting Service
Event Log
File Replication Service
Help and Support
Intel Alert Handler
Intel Alert Originator
Intel File Transfer
Intel PDS
Intersite Messaging
IPSEC Services
Kerberos Key Distribution Center
Logical Disk Manager
Net Logon
Network Connections
Network Location Awareness (NLA)
Plug and Play
Print Spooler
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Registry
Secondary Logon
Security Accounts Manager
Server
Shell Hardware Detection
Symantec AntiVirus
Symantec AntiVirus Definition Watcher
Symantec Event Manager
Symantec Settings Manager
Symantec System Center Discovery Service
System Event Notification
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Windows Audio
Windows Management Instrumentation
Windows Time
Wireless Configuration
Workstation
These Windows services are started:
Application Experience Lookup Service
Automatic Updates
COM+ Event System
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
Distributed File System
Distributed Transaction Coordinator
DNS Client
DNS Server
Error Reporting Service
Event Log
File Replication Service
Help and Support
Intel Alert Handler
Intel Alert Originator
Intel File Transfer
Intel PDS
Intersite Messaging
IPSEC Services
Kerberos Key Distribution Center
Logical Disk Manager
Net Logon
Network Connections
Network Location Awareness (NLA)
Plug and Play
Print Spooler
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Registry
Secondary Logon
Security Accounts Manager
Server
Shell Hardware Detection
Symantec AntiVirus
Symantec AntiVirus Definition Watcher
Symantec Event Manager
Symantec Settings Manager
Symantec System Center Discovery Service
System Event Notification
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
Windows Audio
Windows Management Instrumentation
Windows Time
Wireless Configuration
Workstation
You can see which applications have which ports open by typing:
netstat -ab
at a command prompt.
Another good program for this purpose is TCPview from:
http://www.sysinternals.com/Utilities/TcpView.html
netstat -ab
at a command prompt.
Another good program for this purpose is TCPview from:
http://www.sysinternals.com/Utilities/TcpView.html
Well, theres a service or two I don't recall seeing before (Application Experience Lookup Service) but otherwise, you've got me stumped, I just don't see anything that should be using those ports. I thought at my last post you didn't account for IIS and maybe you looked for POP3 Service as opposed to Microsoft or Windows POP3 service (which would of course alphabetize differently).
When you run "netstat -ab" the list may scroll off the screen. You can save it to a text file with:
netstat -ab > list.txt
and then review list.txt with Notepad.
netstat -ab > list.txt
and then review list.txt with Notepad.
ASKER
This is what i get :
Although it does now show the ports here, it does show it when I scan with Languard and Nmap.
Active Connections
Proto Local Address Foreign Address State PID
TCP BLACK:kerberos BLACK.JAGUAR.Local:0 LISTENING 820
[lsass.exe]
TCP BLACK:epmap BLACK.JAGUAR.Local:0 LISTENING 1272
RpcSs
[svchost.exe]
TCP BLACK:ldap BLACK.JAGUAR.Local:0 LISTENING 820
[lsass.exe]
TCP BLACK:microsoft-ds BLACK.JAGUAR.Local:0 LISTENING 4
[System]
TCP BLACK:kpasswd BLACK.JAGUAR.Local:0 LISTENING 820
[lsass.exe]
TCP BLACK:http-rpc-epmap BLACK.JAGUAR.Local:0 LISTENING 1272
RpcSs
[svchost.exe]
TCP BLACK:ldaps BLACK.JAGUAR.Local:0 LISTENING 820
[lsass.exe]
TCP BLACK:1026 BLACK.JAGUAR.Local:0 LISTENING 820
[lsass.exe]
TCP BLACK:1027 BLACK.JAGUAR.Local:0 LISTENING 820
[lsass.exe]
TCP BLACK:1044 BLACK.JAGUAR.Local:0 LISTENING 352
[dns.exe]
TCP BLACK:1051 BLACK.JAGUAR.Local:0 LISTENING 648
[ntfrs.exe]
TCP BLACK:2967 BLACK.JAGUAR.Local:0 LISTENING 1172
[Rtvscan.exe]
TCP BLACK:msft-gc BLACK.JAGUAR.Local:0 LISTENING 820
[lsass.exe]
TCP BLACK:msft-gc-ssl BLACK.JAGUAR.Local:0 LISTENING 820
[lsass.exe]
TCP BLACK:ms-wbt-server BLACK.JAGUAR.Local:0 LISTENING 2160
TermService
[svchost.exe]
TCP BLACK:12174 BLACK.JAGUAR.Local:0 LISTENING 1848
[xfr.exe]
TCP BLACK:38292 BLACK.JAGUAR.Local:0 LISTENING 1544
[MsgSys.EXE]
TCP BLACK:domain BLACK.JAGUAR.Local:0 LISTENING 352
[dns.exe]
TCP BLACK:1059 BLACK.JAGUAR.Local:0 LISTENING 1848
[xfr.exe]
TCP BLACK:netbios-ssn BLACK.JAGUAR.Local:0 LISTENING 1328
[svchost.exe]
TCP BLACK:domain BLACK.JAGUAR.Local:0 LISTENING 352
[dns.exe]
TCP BLACK:netbios-ssn BLACK.JAGUAR.Local:0 LISTENING 4
[System]
TCP BLACK:ldap BLACK.JAGUAR.Local:1035 ESTABLISHED 820
[lsass.exe]
TCP BLACK:ldap BLACK.JAGUAR.Local:actives ync ESTABLISHED 820
[lsass.exe]
TCP BLACK:ldap BLACK.JAGUAR.Local:1036 ESTABLISHED 820
[lsass.exe]
TCP BLACK:ldap BLACK.JAGUAR.Local:1040 ESTABLISHED 820
[lsass.exe]
TCP BLACK:1026 BLACK.JAGUAR.Local:1049 ESTABLISHED 820
[lsass.exe]
TCP BLACK:activesync BLACK.JAGUAR.Local:ldap ESTABLISHED 496
[ismserv.exe]
TCP BLACK:1035 BLACK.JAGUAR.Local:ldap ESTABLISHED 496
[ismserv.exe]
TCP BLACK:1036 BLACK.JAGUAR.Local:ldap ESTABLISHED 496
[ismserv.exe]
TCP BLACK:1040 BLACK.JAGUAR.Local:ldap ESTABLISHED 352
[dns.exe]
TCP BLACK:1049 BLACK.JAGUAR.Local:1026 ESTABLISHED 820
[lsass.exe]
TCP BLACK:epmap BLACK.JAGUAR.Local:1278 ESTABLISHED 1272
RpcSs
[svchost.exe]
TCP BLACK:1278 BLACK.JAGUAR.Local:epmap ESTABLISHED 392
[mshta.exe]
TCP BLACK:epmap 206.89.122.179:1064 ESTABLISHED 1272
RpcSs
[svchost.exe]
TCP BLACK:epmap 206.89.122.179:1069 ESTABLISHED 1272
RpcSs
[svchost.exe]
TCP BLACK:ldap BLACK.JAGUAR.Local:1053 ESTABLISHED 820
[lsass.exe]
TCP BLACK:1026 206.89.122.179:1070 ESTABLISHED 820
[lsass.exe]
TCP BLACK:1026 BLACK.JAGUAR.Local:1055 ESTABLISHED 820
[lsass.exe]
TCP BLACK:1026 BLACK.JAGUAR.Local:1228 ESTABLISHED 820
[lsass.exe]
TCP BLACK:1026 206.89.122.179:1071 ESTABLISHED 820
[lsass.exe]
TCP BLACK:1026 206.89.122.179:1065 ESTABLISHED 820
[lsass.exe]
TCP BLACK:1053 BLACK.JAGUAR.Local:ldap ESTABLISHED 648
[ntfrs.exe]
TCP BLACK:1055 BLACK.JAGUAR.Local:1026 ESTABLISHED 648
[ntfrs.exe]
TCP BLACK:1228 BLACK.JAGUAR.Local:1026 ESTABLISHED 820
[lsass.exe]
TCP BLACK:ms-wbt-server 206.89.122.200:3188 ESTABLISHED 2160
TermService
[svchost.exe]
TCP BLACK:1309 BLACK.JAGUAR.Local:ldap CLOSE_WAIT 3916
[mmc.exe]
TCP BLACK:2272 BLACK.JAGUAR.Local:ldap CLOSE_WAIT 3916
[mmc.exe]
TCP BLACK:2910 BLACK.JAGUAR.Local:ldap CLOSE_WAIT 2784
[mmc.exe]
TCP BLACK:2936 BLACK.JAGUAR.Local:ldap CLOSE_WAIT 2784
[mmc.exe]
TCP BLACK:3053 BLACK.JAGUAR.Local:microso ft-ds TIME_WAIT 0
UDP BLACK:1050 *:* 512
[NSCTOP.EXE]
UDP BLACK:1038 *:* 352
[dns.exe]
UDP BLACK:ipsec-msft *:* 820
[lsass.exe]
UDP BLACK:1060 *:* 512
[NSCTOP.EXE]
UDP BLACK:microsoft-ds *:* 4
[System]
UDP BLACK:38037 *:* 1544
[MsgSys.EXE]
UDP BLACK:38293 *:* 480
[pds.exe]
UDP BLACK:1028 *:* 1328
Dhcp
[svchost.exe]
UDP BLACK:1179 *:* 1328
Dnscache
[svchost.exe]
UDP BLACK:isakmp *:* 820
[lsass.exe]
UDP BLACK:ntp *:* 1396
W32Time
[svchost.exe]
UDP BLACK:2403 *:* 3956
[Explorer.EXE]
UDP BLACK:2909 *:* 2784
[mmc.exe]
UDP BLACK:1097 *:* 288
[Dfssvc.exe]
UDP BLACK:1282 *:* 3916
[mmc.exe]
UDP BLACK:1216 *:* 3768
[winlogon.exe]
UDP BLACK:2882 *:* 1368
[IEXPLORE.EXE]
UDP BLACK:domain *:* 352
[dns.exe]
UDP BLACK:1080 *:* 748
[winlogon.exe]
UDP BLACK:1164 *:* 3408
[winlogon.exe]
UDP BLACK:3058 *:* 1164
[hh.exe]
UDP BLACK:1039 *:* 352
[dns.exe]
UDP BLACK:1037 *:* 352
[dns.exe]
UDP BLACK:1033 *:* 496
[ismserv.exe]
UDP BLACK:1052 *:* 648
[ntfrs.exe]
UDP BLACK:kerberos *:* 820
[lsass.exe]
UDP BLACK:kpasswd *:* 820
[lsass.exe]
UDP BLACK:ntp *:* 1396
W32Time
[svchost.exe]
UDP BLACK:389 *:* 820
[lsass.exe]
UDP BLACK:netbios-ns *:* 1328
[svchost.exe]
UDP BLACK:netbios-dgm *:* 1328
[svchost.exe]
UDP BLACK:kpasswd *:* 820
[lsass.exe]
UDP BLACK:kerberos *:* 820
[lsass.exe]
UDP BLACK:domain *:* 352
[dns.exe]
UDP BLACK:389 *:* 820
[lsass.exe]
UDP BLACK:ntp *:* 1396
W32Time
[svchost.exe]
UDP BLACK:netbios-dgm *:* 4
[System]
UDP BLACK:netbios-ns *:* 4
[System]
Although it does now show the ports here, it does show it when I scan with Languard and Nmap.
Active Connections
Proto Local Address Foreign Address State PID
TCP BLACK:kerberos BLACK.JAGUAR.Local:0 LISTENING 820
[lsass.exe]
TCP BLACK:epmap BLACK.JAGUAR.Local:0 LISTENING 1272
RpcSs
[svchost.exe]
TCP BLACK:ldap BLACK.JAGUAR.Local:0 LISTENING 820
[lsass.exe]
TCP BLACK:microsoft-ds BLACK.JAGUAR.Local:0 LISTENING 4
[System]
TCP BLACK:kpasswd BLACK.JAGUAR.Local:0 LISTENING 820
[lsass.exe]
TCP BLACK:http-rpc-epmap BLACK.JAGUAR.Local:0 LISTENING 1272
RpcSs
[svchost.exe]
TCP BLACK:ldaps BLACK.JAGUAR.Local:0 LISTENING 820
[lsass.exe]
TCP BLACK:1026 BLACK.JAGUAR.Local:0 LISTENING 820
[lsass.exe]
TCP BLACK:1027 BLACK.JAGUAR.Local:0 LISTENING 820
[lsass.exe]
TCP BLACK:1044 BLACK.JAGUAR.Local:0 LISTENING 352
[dns.exe]
TCP BLACK:1051 BLACK.JAGUAR.Local:0 LISTENING 648
[ntfrs.exe]
TCP BLACK:2967 BLACK.JAGUAR.Local:0 LISTENING 1172
[Rtvscan.exe]
TCP BLACK:msft-gc BLACK.JAGUAR.Local:0 LISTENING 820
[lsass.exe]
TCP BLACK:msft-gc-ssl BLACK.JAGUAR.Local:0 LISTENING 820
[lsass.exe]
TCP BLACK:ms-wbt-server BLACK.JAGUAR.Local:0 LISTENING 2160
TermService
[svchost.exe]
TCP BLACK:12174 BLACK.JAGUAR.Local:0 LISTENING 1848
[xfr.exe]
TCP BLACK:38292 BLACK.JAGUAR.Local:0 LISTENING 1544
[MsgSys.EXE]
TCP BLACK:domain BLACK.JAGUAR.Local:0 LISTENING 352
[dns.exe]
TCP BLACK:1059 BLACK.JAGUAR.Local:0 LISTENING 1848
[xfr.exe]
TCP BLACK:netbios-ssn BLACK.JAGUAR.Local:0 LISTENING 1328
[svchost.exe]
TCP BLACK:domain BLACK.JAGUAR.Local:0 LISTENING 352
[dns.exe]
TCP BLACK:netbios-ssn BLACK.JAGUAR.Local:0 LISTENING 4
[System]
TCP BLACK:ldap BLACK.JAGUAR.Local:1035 ESTABLISHED 820
[lsass.exe]
TCP BLACK:ldap BLACK.JAGUAR.Local:actives
[lsass.exe]
TCP BLACK:ldap BLACK.JAGUAR.Local:1036 ESTABLISHED 820
[lsass.exe]
TCP BLACK:ldap BLACK.JAGUAR.Local:1040 ESTABLISHED 820
[lsass.exe]
TCP BLACK:1026 BLACK.JAGUAR.Local:1049 ESTABLISHED 820
[lsass.exe]
TCP BLACK:activesync BLACK.JAGUAR.Local:ldap ESTABLISHED 496
[ismserv.exe]
TCP BLACK:1035 BLACK.JAGUAR.Local:ldap ESTABLISHED 496
[ismserv.exe]
TCP BLACK:1036 BLACK.JAGUAR.Local:ldap ESTABLISHED 496
[ismserv.exe]
TCP BLACK:1040 BLACK.JAGUAR.Local:ldap ESTABLISHED 352
[dns.exe]
TCP BLACK:1049 BLACK.JAGUAR.Local:1026 ESTABLISHED 820
[lsass.exe]
TCP BLACK:epmap BLACK.JAGUAR.Local:1278 ESTABLISHED 1272
RpcSs
[svchost.exe]
TCP BLACK:1278 BLACK.JAGUAR.Local:epmap ESTABLISHED 392
[mshta.exe]
TCP BLACK:epmap 206.89.122.179:1064 ESTABLISHED 1272
RpcSs
[svchost.exe]
TCP BLACK:epmap 206.89.122.179:1069 ESTABLISHED 1272
RpcSs
[svchost.exe]
TCP BLACK:ldap BLACK.JAGUAR.Local:1053 ESTABLISHED 820
[lsass.exe]
TCP BLACK:1026 206.89.122.179:1070 ESTABLISHED 820
[lsass.exe]
TCP BLACK:1026 BLACK.JAGUAR.Local:1055 ESTABLISHED 820
[lsass.exe]
TCP BLACK:1026 BLACK.JAGUAR.Local:1228 ESTABLISHED 820
[lsass.exe]
TCP BLACK:1026 206.89.122.179:1071 ESTABLISHED 820
[lsass.exe]
TCP BLACK:1026 206.89.122.179:1065 ESTABLISHED 820
[lsass.exe]
TCP BLACK:1053 BLACK.JAGUAR.Local:ldap ESTABLISHED 648
[ntfrs.exe]
TCP BLACK:1055 BLACK.JAGUAR.Local:1026 ESTABLISHED 648
[ntfrs.exe]
TCP BLACK:1228 BLACK.JAGUAR.Local:1026 ESTABLISHED 820
[lsass.exe]
TCP BLACK:ms-wbt-server 206.89.122.200:3188 ESTABLISHED 2160
TermService
[svchost.exe]
TCP BLACK:1309 BLACK.JAGUAR.Local:ldap CLOSE_WAIT 3916
[mmc.exe]
TCP BLACK:2272 BLACK.JAGUAR.Local:ldap CLOSE_WAIT 3916
[mmc.exe]
TCP BLACK:2910 BLACK.JAGUAR.Local:ldap CLOSE_WAIT 2784
[mmc.exe]
TCP BLACK:2936 BLACK.JAGUAR.Local:ldap CLOSE_WAIT 2784
[mmc.exe]
TCP BLACK:3053 BLACK.JAGUAR.Local:microso
UDP BLACK:1050 *:* 512
[NSCTOP.EXE]
UDP BLACK:1038 *:* 352
[dns.exe]
UDP BLACK:ipsec-msft *:* 820
[lsass.exe]
UDP BLACK:1060 *:* 512
[NSCTOP.EXE]
UDP BLACK:microsoft-ds *:* 4
[System]
UDP BLACK:38037 *:* 1544
[MsgSys.EXE]
UDP BLACK:38293 *:* 480
[pds.exe]
UDP BLACK:1028 *:* 1328
Dhcp
[svchost.exe]
UDP BLACK:1179 *:* 1328
Dnscache
[svchost.exe]
UDP BLACK:isakmp *:* 820
[lsass.exe]
UDP BLACK:ntp *:* 1396
W32Time
[svchost.exe]
UDP BLACK:2403 *:* 3956
[Explorer.EXE]
UDP BLACK:2909 *:* 2784
[mmc.exe]
UDP BLACK:1097 *:* 288
[Dfssvc.exe]
UDP BLACK:1282 *:* 3916
[mmc.exe]
UDP BLACK:1216 *:* 3768
[winlogon.exe]
UDP BLACK:2882 *:* 1368
[IEXPLORE.EXE]
UDP BLACK:domain *:* 352
[dns.exe]
UDP BLACK:1080 *:* 748
[winlogon.exe]
UDP BLACK:1164 *:* 3408
[winlogon.exe]
UDP BLACK:3058 *:* 1164
[hh.exe]
UDP BLACK:1039 *:* 352
[dns.exe]
UDP BLACK:1037 *:* 352
[dns.exe]
UDP BLACK:1033 *:* 496
[ismserv.exe]
UDP BLACK:1052 *:* 648
[ntfrs.exe]
UDP BLACK:kerberos *:* 820
[lsass.exe]
UDP BLACK:kpasswd *:* 820
[lsass.exe]
UDP BLACK:ntp *:* 1396
W32Time
[svchost.exe]
UDP BLACK:389 *:* 820
[lsass.exe]
UDP BLACK:netbios-ns *:* 1328
[svchost.exe]
UDP BLACK:netbios-dgm *:* 1328
[svchost.exe]
UDP BLACK:kpasswd *:* 820
[lsass.exe]
UDP BLACK:kerberos *:* 820
[lsass.exe]
UDP BLACK:domain *:* 352
[dns.exe]
UDP BLACK:389 *:* 820
[lsass.exe]
UDP BLACK:ntp *:* 1396
W32Time
[svchost.exe]
UDP BLACK:netbios-dgm *:* 4
[System]
UDP BLACK:netbios-ns *:* 4
[System]
I think your problem is the Antivirus scanner. Stop it then scan again.
Reference:
http://m0n0.ch/wall/list/showmsg.php?id=94/4
Reference:
http://m0n0.ch/wall/list/showmsg.php?id=94/4
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.