Page 1 of 2 12 LastLast
Results 1 to 20 of 21

Thread: How do I close my open ports?

  1. #1
    ACEmeaniSPANKER EvilAngel's Avatar
    Join Date
    Oct 2000
    Location
    Garden Grove
    Posts
    19,015

    How do I close my open ports?

    I did a SG security scan and it fdound 5 open ports how do I close them? TIA


    (The 271 ports scanned but not shown below are in state: filtered)
    Port Status Service Description
    11/udp closed systat system / active users information.
    13/udp closed daytime Daytime service (RFC 867) - responds with the current time of day. Different machines respond with slightly different date/time format, so port can be used to fingerprint machines.
    19/udp closed chargen Generates and replies with a character when queried. Should be disabled if there is no specific need for it. Source for potential attacks.
    20/udp closed ftp-data
    21/udp closed ftp FSP/FTP
    22/udp closed ssh Old verson of pcAnywhere uses port 22/udp (no relation to ssh and port 22/tcp).
    The real pcAnywhere port is 5632. The value 0x0016 (hex) is 22 decimal; the value of 0x1600 (hex) is 5632 decimal. Some say that pcAnywhere had a byte-swapping bug that led to its incorrect use of port 22.
    49/udp closed tacacs Login Host Protocol (TACACS)
    53/udp closed domain DNS (Domain Name Service) is used for domain name resolution.

    Some trojans also use this port: ADM worm, li0n, MscanWorm, MuSka52
    67/udp closed dhcpserver Bootstrap protocol server. Used by DHCP servers to communicate addressing information to remote DHCP clients.
    68/udp closed dhcpclient Bootstrap protocol client. Used by client machines to obtain dynamic IP addressing information from a DHCP server.
    69/udp open tftp Trivial File Transfer Protocol - A less secure version of FTP, generally used in maintaining and updating systems, for configuration file transfers between LAN systems, firmware updates on routers, etc.

    Many trojans also use this port: BackGate Kit, Nimda, Pasana, Storm, Storm worm, Theef...
    W32.Blaster.Worm is a widely spread worm that exploits the MS DCOM RPC vulnerability described in MS Security Bulletin MS03-026. The worm allows remote access to an infected computer via ports 4444/tcp and 69/UDP, and spreads through port 135/tcp. To avoid being infected consider closing those ports.
    W32.Welchia.Worm - a wildly spread worm that removes the W32.Blaster.Worm and installs a TFTP server.
    79/udp closed finger Finger

    Trojans that also use this port: ADM worm, Firehotcker
    88/udp closed kerberos-sec KDC (Kerberos key distribution center) server.
    99/udp closed metagram metagram relay, gnutella?
    110/udp closed pop-3 POP3 server traffic (should be TCP only?)
    111/udp closed sunrpc Provides information between Unix based systems. Port is often probed, it can be used to fingerprint the Nix OS, and to obtain information about available services. Port used with NFS, NIS, or any rpc-based service.

    Trojans that use this port: ADM worm, MscanWorm
    113/udp closed auth Port 113 used for Identification/Authorization service. When a client program on your end contacts a remote server for services such as POP, IMAP, SMTP, IRC, FTP, etc. that remote server sends back a query to the IDENT port 113 asking for identification from your system...

    Port 113 can be probed by attackers and it poses some security concerns, but the problem with filtering/stealthing port 113 is that if legitimate requests get no response at all from port 113 queries, the connection to them (which initiated their query in the first place) will be delayed or perhaps even completely abandoned.

    The simplest solution is to close, rather than filter port 113.

    Some trojans also use this port: ADM worm, Alicia, Cyn, DataSpy Network X, Dosh, Gibbon, Invisible Identd Deamon, Kazimas, Taskman
    119/udp closed nntp NNTP (Network News Transfer Protocol) control messages.
    123/udp closed ntp Network Time Protocol (NTP)
    135/udp open loc-srv Port used by Messenger Service (not MSN Messenger) and exploited in popup net send messenger spam: MSKB 330904. To stop the popups you'd need to filter port 135 at the firewall level or stop the messenger service. The service uses all the following ports: 135/tcp, 135/udp, 137/udp 138/udp, 139/tcp, 445/tcp.
    137/udp open netbios-ns NetBIOS is a protocol used for File and Print Sharing under all current versions of Windows. While this in itself is not a problem, the way that the protocol is implemented can be.

    NetBios services:
    NETBIOS Name Service (TCP/UDP: 137)
    NETBIOS Datagram Service (TCP/UDP: 138)
    NETBIOS Session Service (TCP/UDP: 139)

    By default, when File and Print Sharing is enabled it binds to everything, including TCP/IP (The Internet Protocol), rather than just the local network, meaning your shared resources are available over the entire Internet for reading and deletion, unless configured properly. Any machine with NetBIOS enabled and not configured properly should be considered at risk. The best protection is to turn off File and Print Sharing, or block ports 135-139 completely. If you must enable it, use the following guidelines:

    1. Use strong passwords, containing non-alphanumeric characters.
    2. Attach "$" at the end of your share names (the casual snooper using net view might not see them).
    3. Unbind File and Print Sharing from TCP/IP and use NetBEUI instead (it's a non-routable protocol).
    4. Block ports 135-139 in your router/firewall.

    Keep in mind that you might still be leaking out information about your system that can be used against you (such as your computer and workgroup names) to the entire Internet, unless ports are filtered by a firewall.

    There is also a Critical Windows RPC vulnerability affecting ports 135,139 and 445, as detailed here: MS Technet Security Bulletin MS03-026

    The following trojans/backdoors also use these ports: Chode, God Message worm, Msinit, Netlog, Network, Qaz, W32.HLLW.Moega.
    138/udp open netbios-dgm same as port 137/udp
    139/udp open netbios-ssn same as port 137/udp
    143/udp closed imap2 IMAP
    161/udp closed snmp Simple network management protocol (SNMP). Used by various devices and applications (including firewalls and routers) to communicate logging and management information with remote monitoring applications.

    Typically, SNMP agents listen on UDP port 161, asynchronous traps are received on port 162.
    162/udp closed snmptrap same as port 161/udp
    194/udp closed irc Internet Relay Chat Protocol
    520/udp closed route RIP (Routing Information Protocol). Routers use RIP in order to advertise routing information to each other and communicate optimal paths.

    References: RFC1058 & RFC2453
    546/udp closed dhcpv6-client DHCP(v6) Client
    547/udp closed dhcpv6-server DHCP(v6) Server
    635/udp closed mount NFS (remote filesystem access) mount service.
    666/udp closed doom Used by the game Doom (ID Software), however, because of the cool connotations, this port is also used by numerous trojan horses/backdoors.
    Here is a list: Attack FTP, Back Construction, BLA trojan, Cain & Abel, NokNok, Satans Back Door - SBD, ServU, Shadow Phyre, th3r1pp3rz (the rippers).
    Backdoor.FTP_Ana.C - backdoor trojan, 03.2003. Affects all current Windows versions.
    Backdoor.Checkesp - backdoor trojan, 06.2003. Affects all current Windows versions.
    Backdoor.Private - backdoor trojan, 05.2003. Affects all current Windows versions.

    1025/udp closed blackjack Ports > 1024 are designated for dynamic allocation by Windows. When programs ask for the "next available" socket, they usually get sequential ports starting at 1025.
    1026/udp closed unknown same as port 1025/udp
    1027/udp closed unknown same as port 1025/udp
    1028/udp closed ms-lsa same as port 1025/udp
    1029/udp closed unknown same as port 1025/udp
    1122/udp closed unknown Trojans that use this port: Last 2000, Singularity (Backdoor.Singu)

    Port is also IANA registered for: availant-mgr
    1433/udp closed ms-sql-s Microsoft SQL Server.

    Vulnerabilities: Check CERT advisories CA-2002-22 - multiple vulnerabilities, CA-2003-04 MS SQL Server Worm.
    1434/udp closed ms-sql-m same as port 1433/udp
    1723/udp closed unknown PPTP virtual private network (VPN)

    1772/udp closed unknown Backdoor.Netcontrole - remote access trojan, 06.2002. Affects all current Windows versions.

    port is also registered with IANA for: EssWeb Gateway
    1863/udp closed unknown Port used by MSN Messenger
    1900/udp closed UPnP IANA registered by Microsoft for SSDP (Simple Service Discovery Protocol).

    UPnP discovery/SSDP, is a service that runs by default on WinXP, and creates an immediately exploitable security vulnerability for any network-connected system. Filtering this port proactively prevents XP systems from being remotely compromised by malicious worms or intruders.

    See UPnP vulnerabilities (port 5000).
    2049/udp closed nfs Network File System (NFS) - remote filesystem access. (RFC 1813)
    2140/udp closed unknown Some trojans use this port: Deep Throat, Foreplay, The Invasor
    3150/udp closed unknown Netmike assessor administrator port.

    Some trojans that also use this port: The Invasor (TCP), Deep Throat, Foreplay (UDP), Mini Backlash (UDP).
    5000/udp closed UPnP Universal Plug and Pray - "Universal Plug and Play (UPnP) is an architecture that supports peer-to-peer Plug and Play functionality for network devices." MSKB - Universal PnP

    UPnP discovery/SSDP, is a service that runs by default on WinXP, and creates an immediately exploitable security vulnerability for any network-connected system. Filtering this port proactively prevents XP systems from being remotely compromised by malicious worms or intruders. Here is a list of some known vulnerabilities with UPnP:
    MS Security Bulletin MS01-054
    MS Security Bulletin MS01-059
    UPnP Vulnerabilities

    Also, the following Trojan Horses use port 5000: Back Door Setup, Blazer5, Bubbel, ICKiller, Ra1d, Sockets des Troie
    5190/udp closed aol ICQ, AIM (AOL Instant Messenger)
    5191/udp closed aol-1 same as port 5190/udp
    5192/udp closed aol-2 same as port 5190/udp
    5193/udp closed aol-3 same as port 5190/udp
    5631/udp closed unknown PC-Anywhere sends UDP ping looking for a server on ports 22 and 5632. If it doesn't know the server address, it will ping the entire subnet to find one !.

    If you're running PC-Anywhere, make sure that you assign exact IP addresses of the systems that will be using it in the configuration, to avoid PC-Anywhere scanning an entire IP range looking for "your target system" and essentially advertising the service to every potential intruder in your IP block.
    5632/udp closed pcanywherestat same as port 5631/udp
    5678/udp closed unknown Port used by Linksys (and other) Cable/DSL Routers Remote Administration

    Vulnerable systems: Linksys Cable/DSL version 1.42.7 (BEFSR11 / BEFSR41 / BEFSRU31)
    Immune systems: Linksys Cable/DSL versions prior to 1.42.7 (BEFSR11 / BEFSR41 / BEFSRU31)

    6257/udp closed unknown port used by WinMX p2p sharing software.
    6665/udp closed unknown IRC (Internet Relay Chat)

    Many trojans/backdoors also use these ports: Dark Connection Inside, Dark FTP, Host Control, NetBus worm , ScheduleAgent, SubSeven, Trinity, WinSatan, Vampire.
    Backdoor.IRC.Flood.
    6666/udp closed unknown same as port 6665/udp
    6667/udp closed unknown same as port 6665/udp
    6668/udp closed unknown same as port 6665/udp
    6669/udp closed unknown same as port 6665/udp
    7788/udp closed unknown Trojans that use this port: Last 2000, Singularity (Backdoor.Singu)
    10067/udp closed unknown Portal of Doom (coded in Visual Basic, 03.1999) is a popular remote access trojan that uses ports 3700/tcp, 9872-9875/tcp, 10067/udp, 10167/udp.
    10167/udp closed unknown same as port 10067/udp
    27374/udp closed unknown SubSeven Trojan horse (TCP). Also used as a backdoor port left behind by exploit scripts, such as those in the Ramen worm. While some scans for this port may be due to SubSeven, others may be looking for a remote shell.

    Some other trojan horses/backdoors that use this port: Bad Blood, Ramen, Seeker, SubSeven (many versions), Ttfloader
    31337/udp closed BackOrifice This port number means "elite" in hacker/cracker spelling (3=E, 1=L, 7=T) and because of the special meaning is often used for interesting stuff... Many backdoors/trojans run on this port, the most notable being Back Orifice.

    Here are some others that run on the same port: Back Fire, Baron Night, Beeone, BO client, BO Facil, BO spy, BO2, cron / crontab, Freak88, Freak2k, icmp_pipe.c, Sockdmini
    31789/udp closed unknown Windows Hack'a'Tack trojan
    31790/udp closed unknown same as port 31789/udp
    Total scanned ports: 339
    Open ports: 5
    Closed ports: 63
    Filtered ports: 271
    5 open ports found on your system !

    SG Security Scan complete in: 41.009 sec.

    328725 systems tested since 03.25.2003.
    SG Security Scan engine v1.04, 06.25.2003.
    Quote Originally Posted by The Devil
    Tolerance is a virtue, not a requirement.
    .......
    SG Theme Song

  2. #2
    Vood Child hayc59's Avatar
    Join Date
    Jul 2001
    Location
    LSD melts in your mind, not in your hand.
    Posts
    2,413
    EvilAngel, what firewall are you using?
    do you have a router?

    r u xprincD
    Microsoft MVP Consumer Security
    Moderator-Beta Tester @ Outpost Users Support Forum

  3. #3
    ACEmeaniSPANKER EvilAngel's Avatar
    Join Date
    Oct 2000
    Location
    Garden Grove
    Posts
    19,015
    Quote Originally Posted by hayc59
    EvilAngel, what firewall are you using?
    do you have a router?
    I am useing a Lyksys router.. that's it though.
    Quote Originally Posted by The Devil
    Tolerance is a virtue, not a requirement.
    .......
    SG Theme Song

  4. #4
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,322
    Different versions of firmware will yield different results, is your firmware the most recent version?

    Is "Remote Upgrade" disabled? And "WAN Management" disabled, or is it called "Remote Management"...I forget. ///sips more coffee///

    You don't have any computers put in the DMZ, correct? Or any ports open/forwarded?
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  5. #5
    Elite Member TonyT's Avatar
    Join Date
    Jan 2000
    Location
    Fairfax, VA
    Posts
    10,173
    (The 271 ports scanned but not shown below are in state: filtered)
    Port Status Service Description
    11/udp closed systat system / active users information.
    13/udp closed daytime Daytime service (RFC 867) - responds with the current time of day. Different machines respond with slightly different date/time format, so port can be used to fingerprint machines.
    19/udp closed chargen Generates and replies with a character when queried. Should be disabled if there is no specific need for it. Source for potential attacks.
    20/udp closed ftp-data
    21/udp closed ftp FSP/FTP
    22/udp closed ssh Old verson of pcAnywhere uses port 22/udp (no relation to ssh and port 22/tcp).
    The real pcAnywhere port is 5632. The value 0x0016 (hex) is 22 decimal; the value of 0x1600 (hex) is 5632 decimal. Some say that pcAnywhere had a byte-swapping bug that led to its incorrect use of port 22.
    49/udp closed tacacs Login Host Protocol (TACACS)
    53/udp closed domain DNS (Domain Name Service) is used for domain name resolution.


    port 13 - disable Windows Time Service
    port 53 - rt click network icon & select properties\rt click local area network icon & select properties\select TCP for your nic & click properties\click advanced button\click DNS tab\remove check next to Register this connection's address with DNS" - then disable DNS Client Service.
    ports 20 & 21 should not be there unless running an ftp server or IIS is installed. If running IIS, then yiou must configure it to close some of the prots it uses. Or your isp is closiing those ports, but even still, a port scanner should not be able to detect that they are closed.

    With the Linksys, there should be NO closed or open ports shown: (I too have a Linksys)

    Total scanned ports: 128
    Open ports: 0
    Closed ports: 0
    Filtered ports: 128
    Our Security Scan found NO open ports.
    No one has any right to force data on you
    and command you to believe it or else.
    If it is not true for you, it isn't true.

    LRH

  6. #6
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,322
    Update EA?
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  7. #7
    Regular Member RAAF453_Shep's Avatar
    Join Date
    Jul 2003
    Location
    San Antonio, Tx
    Posts
    286
    got several emails this morning, asking how to close ( or stealth ) ports 1024-1029 . I ended up testing Full stealth, but I had 8 open, before I freaked out , and started my run through.... not certain what I did to stealth that range .... any help there ?
    nothing like my Virtual Spitfire Mk IXc and a few wingmen to cover my 6 !

  8. #8
    ACEmeaniSPANKER EvilAngel's Avatar
    Join Date
    Oct 2000
    Location
    Garden Grove
    Posts
    19,015
    Quote Originally Posted by YeOldeStonecat
    Different versions of firmware will yield different results, is your firmware the most recent version?

    Is "Remote Upgrade" disabled? And "WAN Management" disabled, or is it called "Remote Management"...I forget. ///sips more coffee///

    You don't have any computers put in the DMZ, correct? Or any ports open/forwarded?

    The firmware for my linksys?

    Last time I tried to update my firmware on my linksys it didnt work any longer. I had to get a new one.

    Let me check the seeting and see if any of those are listed....

    edit... Remote Management is disabled.
    Quote Originally Posted by The Devil
    Tolerance is a virtue, not a requirement.
    .......
    SG Theme Song

  9. #9
    ACEmeaniSPANKER EvilAngel's Avatar
    Join Date
    Oct 2000
    Location
    Garden Grove
    Posts
    19,015
    Quote Originally Posted by TonyT
    [i][SIZE=1]port 53 - rt click network icon & select properties\rt click local area network icon & select properties\select TCP for your nic & click properties\click advanced button\click DNS tab\remove check next to Register this connection's address with DNS" - then disable DNS Client Service.
    I did this.. well it closed one port.. not sure which one but I have 4 open now.

    I'm not sure how to disable DNS though.

    Will any of this affect my network?
    Quote Originally Posted by The Devil
    Tolerance is a virtue, not a requirement.
    .......
    SG Theme Song

  10. #10
    Elite Member TonyT's Avatar
    Join Date
    Jan 2000
    Location
    Fairfax, VA
    Posts
    10,173
    I'm not sure how to disable DNS though.
    Will any of this affect my network?
    Administrative Tools\Services - Disable DNS Client - will not effect network.
    Disable DNS in LAN Properties:
    http://members.cox.net/aturrisi/ea1.gif(click TCP properties and advanced button)
    http://members.cox.net/aturrisi/ea2.gif
    No one has any right to force data on you
    and command you to believe it or else.
    If it is not true for you, it isn't true.

    LRH

  11. #11
    ACEmeaniSPANKER EvilAngel's Avatar
    Join Date
    Oct 2000
    Location
    Garden Grove
    Posts
    19,015
    I disabled both those Tony! Thank you. But I still have 4 ports open 135/137/138/139udp. It says something about NeBios. I dont understand it at all.

    Is this were I filter the ports?
    ?
    Quote Originally Posted by The Devil
    Tolerance is a virtue, not a requirement.
    .......
    SG Theme Song

  12. #12
    ACEmeaniSPANKER EvilAngel's Avatar
    Join Date
    Oct 2000
    Location
    Garden Grove
    Posts
    19,015
    I turned off File And Printer Sharing and closed port 138/139 but 135/137 are still open.
    Quote Originally Posted by The Devil
    Tolerance is a virtue, not a requirement.
    .......
    SG Theme Song

  13. #13
    Junior Member
    Join Date
    May 2004
    Posts
    1

    Exclamation How to Close Port 1025 w Sygate Personal Firewall 5.5

    With Sygate Personal Firewall 5.5,
    Open the Advanced Rules, click ADD, then goto PORTS AND PROTOCOLS, Select TCP, two options now appear, in LOCAL box type in 1025 and leave Remote box clear, in the Traffic Direction box select Incomming. Click OK , then OK again...
    goto www.grc.com do the shields up, test ur computer, and then thank me... & youre welcome.
    carry on soldiers
    Swp&Clr

    get sygate personal firewall here, http://smb.sygate.com/free/default.php

    P.S. if this has helped you, please reply and let me know, thanks...
    also please note: that this port is prone to the Netsky worm, that is currently running itself all over the world. Dont believe me, see for yourself at the website of Trend Micro, http://housecall.trendmicro.com/ and check out their virus map of the world and which country is getting hit by what... due to the overwhelming amount of people who have this port 1025 open they are susceptible to these worms and trojans.
    i hope i have helped. good luck~

  14. #14
    ACEmeaniSPANKER EvilAngel's Avatar
    Join Date
    Oct 2000
    Location
    Garden Grove
    Posts
    19,015
    Quote Originally Posted by swpnclr
    With Sygate Personal Firewall 5.5,
    Open the Advanced Rules, click ADD, then goto PORTS AND PROTOCOLS, Select TCP, two options now appear, in LOCAL box type in 1025 and leave Remote box clear, in the Traffic Direction box select Incomming. Click OK , then OK again...
    goto www.grc.com do the shields up, test ur computer, and then thank me... & youre welcome.
    carry on soldiers
    Swp&Clr

    get sygate personal firewall here, http://smb.sygate.com/free/default.php

    P.S. if this has helped you, please reply and let me know, thanks...
    also please note: that this port is prone to the Netsky worm, that is currently running itself all over the world. Dont believe me, see for yourself at the website of Trend Micro, http://housecall.trendmicro.com/ and check out their virus map of the world and which country is getting hit by what... due to the overwhelming amount of people who have this port 1025 open they are susceptible to these worms and trojans.
    i hope i have helped. good luck~
    Thank you. That worked GREAT.

    Total scanned ports: 379
    Open ports: 0
    Closed ports: 0
    Filtered ports: 379
    Quote Originally Posted by The Devil
    Tolerance is a virtue, not a requirement.
    .......
    SG Theme Song

  15. #15
    Regular Member W_I_Z_K_I_D's Avatar
    Join Date
    Jun 2001
    Location
    !!!Your Computer-You Just Dont Know It YeT!!!
    Posts
    363

    Lightbulb

    Hi All..W_I_Z_K_I_D Here...
    Check this out,,,this should solve all of your problems guys..Simple little program , which does the job it has to.
    CHECKTHISOUT


    PortBlocker (click here to download) v1.02 229k


    Whenever you run a server on your machine, it uses what are called 'ports', which allow other machines to connect to them. Of course, sometimes you're just running them for your own internal use, but there's no easy way to stop someone from accessing the server. AnalogX PortBlocker allows you to basically block the Internet port of most servers, making them unreachable to other computers on the Internet. This program is NOT a Firewall, but it will allow you to run a server that is only available on the local network, and will log any access attempts made by other machines that are attempting to use the blocked interface. By default, PortBlocker is configured to block the most common types of servers that might be on a system (FTP, HTTP, etc), so will not require any modification for most users. If you are running a special server of some sort, then you can easily add it's ports (either TCP or UDP) to it's list, and have them blocked and/or logged.

    And You Can Grab PORTBLOCKER from here

    http://www.analogx.com/contents/down...ork/pblock.htm
    !!!What Man Can Make
    Man Can Brake!!!

    Windows XP ( Service Pack 2 )
    Pentium 4 (3) GHz
    2.00 GB of RAM

    ** Zone Allarm Pro
    ** AVG Anti Virus
    ** Cookie Wall
    ** Pop Up Stopper
    ** Spy Bot
    ** Spy Ware Blasster
    ** Add Aware se Pro
    ** Ccleaner
    ** Clean Up
    ** Port Bloacker
    ** Tweek UI WIn XP
    ** Port Scanner


    Dialup 56k
    DialUp-Syd.IPrimus....56k(Motorola internal Modem)

  16. #16
    Junior Member
    Join Date
    Dec 2004
    Posts
    1

    Unhappy Blocking ports 135 and 445

    Hi all, recently I discovered that the E1 link between my organization and my ISP is having excessive bandwidth utilization. On capturing the interface cache on my router, I found unwanted packets from my ISP towards my network with destination port 135. Following is copy of a part of the interface cache on my router [See the numbers of packets with Destination Port 0087 (hexadecimal) ie. 135 (decimal)]

    SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
    Se6/1 203.115.156.206 Null 203.115.126.134 06 1201 0087 1
    Se6/1 203.115.156.206 Null 203.115.106.107 06 06CA 0087 2
    Se6/1 141.130.250.27 Se4/1 203.115.106.90 06 0050 1606 16
    Se6/1 203.115.130.93 Null 203.115.126.69 06 0D89 0087 2
    Se6/1 203.115.156.206 Null 203.115.126.70 06 0C31 0087 2
    Se6/1 203.115.156.206 Null 203.115.106.75 06 0824 0087 2
    Se6/1 203.115.156.206 Null 203.115.106.150 06 086E 0087 2
    Se6/1 64.224.217.52 Se4/1 203.115.106.90 06 0050 160C 14
    Se6/1 66.94.234.13 Fa0/0 203.115.106.254 01 0000 0000 81
    Se6/1 219.65.8.98 Null 203.115.126.75 06 0848 0087 2
    Se6/1 219.65.8.98 Null 203.115.126.120 06 085E 0087 2
    Se6/1 64.151.95.28 Null 203.115.126.37 06 0035 0400 2
    Se6/1 203.115.86.35 Null 203.115.106.150 06 07B0 0401 3
    Se6/1 204.8.20.1 Local 202.9.146.34 01 0000 0800 10
    Se6/1 219.65.8.98 Null 203.115.126.216 06 0955 0087 2
    Se6/1 219.65.8.98 Null 203.115.126.147 06 0915 0087 2
    Se6/1 219.65.8.98 Null 203.115.126.72 06 0A14 0087 1
    Se6/1 203.115.156.206 Null 203.115.126.70 06 0F60 0087 2
    Se6/1 219.65.8.98 Null 203.115.106.34 06 0889 0087 2
    Se6/1 203.115.156.206 Null 203.115.126.148 06 084E 0087 2
    Se6/1 219.65.8.98 Null 203.115.106.197 06 08AA 0087 2
    Se6/1 203.115.156.206 Null 203.115.126.88 06 08B0 0087 2
    Se6/1 203.115.163.68 Null 203.115.106.194 06 1214 0087 2

    So I asked my ISP to block TCP/UDP port 135 and 445 as well. I have blocked these two ports on my router with an inbound and an outbound access-list on the interface. The access-list I have used goes like this...

    deny tcp any any eq 135
    deny udp any any eq 135
    deny tcp any any eq 445
    deny udp any any eq 445
    permit ip any any

    Now the problem occured when my ISP blocked these ports on their router using the same access-list (as told to me). The problem was, though I was able to browse, I was not able to "ping" any of the Internet IPs like yahoo.com or google.com or cisco.com. I need to monitor the average latency to the Internet as provided by my ISP and therefore cannot compromise to not being able to ping the Internet IPs (the mainly purpose was served though; I'am not getting packets from my ISP on port 135 or 445).
    Why am I not able to ping??? What might be the problem???
    Hope there are a lot of cisco gurus out there...PLZ HELP

  17. #17
    I have open ports of 80/tcp and 443/tcp. I didn't order any web service, so I guess I'd better close them. Could anybody tell me how? Many thanks!

  18. #18
    ACEmeaniSPANKER EvilAngel's Avatar
    Join Date
    Oct 2000
    Location
    Garden Grove
    Posts
    19,015
    Quote Originally Posted by jennyforex
    I have open ports of 80/tcp and 443/tcp. I didn't order any web service, so I guess I'd better close them. Could anybody tell me how? Many thanks!
    I downloaded sygate personal firewall and after installation all my ports were "filtered".

    It's free for personal use.

    http://soho.sygate.com/products/spf_standard.htm
    Quote Originally Posted by The Devil
    Tolerance is a virtue, not a requirement.
    .......
    SG Theme Song

  19. #19
    Quote Originally Posted by EvilAngel
    I downloaded sygate personal firewall and after installation all my ports were "filtered".

    It's free for personal use.

    http://soho.sygate.com/products/spf_standard.htm
    I have Windows XP SP2, and Norton Anti-virus 2003 in my computer. Will it be any confliction with Sygate Firewall? Many thanks!

    P.s. After updating, Norton Anti-virus seems include the function of firewall, becuae it asked me if I would choose to let Norton take over the firewall of Windows Xp.

  20. #20
    Junior Member
    Join Date
    Nov 2005
    Posts
    5

    stealthing ports

    I installed sygate personal firewall pro 5.5 but still only a couple of ports were stealthed. You said the tested ports were invisible after install.
    Any suggestion what i can do to stealth the ports?

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •