Blocking open ports

July 28, 2009 at 13:08:07
Specs: Windows XP
Hi

I have used www.grc.com's ShieldsUp for a long time to check for open ports, but up until now I used to get perfect steath with no open ports, but now I get Port 21 FTP, Port 23 Telnet and Port 80 HTTP open.
I don't know how I can close these ports as before.
Are they dangerous to be open, how can I close them.
I'm using wireless through an EchoLife HG520s router.
Thanks


See More: Blocking open ports

Report •


#1
July 28, 2009 at 13:19:54
So you might have been infected by virus or trojan.
Check, which programs uses the open ports by opening a command prompt and use netstat to figure it out.

netstat -abn

Post back the result.

Please send a reply, if you solved the problem !!!


Report •

#2
July 28, 2009 at 13:29:16
you need port 80 if you expect to access web pages

your router should allow you to close the other two ports easily.


Report •

#3
July 28, 2009 at 13:29:21
Hi Paul

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
[System]

TCP 192.168.1.2:139 0.0.0.0:0 LISTENING 4
[System]

UDP 0.0.0.0:445 *:* 4
[System]

UDP 0.0.0.0:54962 *:* 2012
[vsmon.exe]

UDP 127.0.0.1:1781 *:* 3208
[iexplore.exe]

UDP 192.168.1.2:138 *:* 4
[System]

UDP 192.168.1.2:137 *:* 4
[System]


Report •

Related Solutions

#4
July 28, 2009 at 13:47:19
neither ftp or telnet shows. You have no problems

Report •

#5
July 28, 2009 at 13:59:28
Yepp, indead, there isn't any open port, you mentioned above.
But you should check, whether your router, if you're using one, has web administration enabled.
Depending on the router you're using, it might have an build in FTP server for e.g. ftp access to an possibly attached USB drive.

Please send a reply, if you solved the problem !!!


Report •

#6
July 28, 2009 at 14:24:39
Thanks Wanderer & Paulsep


Yepp, indead, there isn't any open port, you mentioned above.
But you should check, whether your router, if you're using one, has web administration enabled.
Depending on the router you're using, it might have an build in FTP server for e.g. ftp access to an possibly attached USB drive

Hi Paul
Paul I don't understand what do I set in the router or do I just leave it alone, if it's safe.


Report •

#7
July 28, 2009 at 14:34:54
Most routers do allow the router configuration from LAN as well as from the Web.
So if the Web configuration is enabled and you haven't changed the default password of your router, someone can access your router and open ports or reconfigure the router for his needs. So it's absolutely risky to let Web configuration enabled, if it is.

As I mentioned above, there are also routers with a build in FTP server. This routers mostely have USB ports to connect USB harddisks or something like that.
The build in FTP server then can be used to give web users access to that USB drive via FTP.

This depends on the router you're using.
E.g. AVM Fritzbox 7270 has such options.

Please send a reply, if you solved the problem !!!


Report •

#8
July 29, 2009 at 10:44:36
Thanks Paul
I no expert on these things
I enabled all these in the Security section of the Router.
I left SPI Disabled as I have no idea what that is.
I can still surf the net ok.

Security

Internet Security
Enable Telnet Telnet traffic is blocked from the WAN to the LAN
Enable FTP FTP traffic is blocked from the WAN to the LAN
Enable TFTP TFTP traffic is blocked from the WAN to the LAN
Enable Web Web traffic is blocked from the WAN to the LAN
Enable SNMP SNMP traffic is blocked from the WAN
Enable Ping Ping traffic is blocked from the WAN
Firewall Enable
SPI Disable
(All traffics initiated from WAN would be blocked, including DMZ, Virtual Server, and ACL WAN side.)

Report •

#9
July 29, 2009 at 10:46:34
SPI = stateful packet inspect which should be ENABLED

Report •

#10
July 29, 2009 at 13:21:10
Hi Paul

Thanks again for your usefull info.

dtech10


Report •

#11
July 29, 2009 at 18:29:56
As wanderer mentioned, SPI should be enabled.

Please send a reply, if you solved the problem !!!


Report •

#12
July 29, 2009 at 18:44:12
Do under stand how shieldsup works?

It test outgoing ports using state full packet inspection. In other words it establishes a connection from the inside of your firewall which is allowed through because that is how you connect to web pages. In order to block these you need an outgoing firewall to block shieldsup. Try using Zonealarm, blackice or my favorit is commodo or upgrade to Windows 7 which now has outgoing firewall support.


Report •


Ask Question