how to ensure and monitor security/open ports?

G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I'm using XP sp2. i recently ran Local Port Scanner (v1.2.2) and it showed
that i've got 7 open ports, some of which are vulnerable to several different
trojans, with Windows firewall turned on. I'm connected via a router, so i
don't know if these ports are really even open or not.

Also i recently turned on the security logging feature of the windows
firewall, but i have no idea how to decipher it to tell if any intrusion is
going on.

Does anybody know how to block or stealth the open ports, and how to read
the security log??? Please help a very paranoid newbie layman.
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "ehipasso" <ehipasso@discussions.microsoft.com>

| I'm using XP sp2. i recently ran Local Port Scanner (v1.2.2) and it showed
| that i've got 7 open ports, some of which are vulnerable to several different
| trojans, with Windows firewall turned on. I'm connected via a router, so i
| don't know if these ports are really even open or not.
|
| Also i recently turned on the security logging feature of the windows
| firewall, but i have no idea how to decipher it to tell if any intrusion is
| going on.
|
| Does anybody know how to block or stealth the open ports, and how to read
| the security log??? Please help a very paranoid newbie layman.

Open ports are NOT open to Trojans. They are open to Internet worms. Trojans open ports.

If you are connected to Broadband Internet then i suggest using a Cable/Dsl outer such as
the Linksys BEFSR41. Such a device can act as a simplistic FireWall and indeed most allow
you to block ports. As always, I suggest bliock TCP and UDP ports 135 ~ 139 and 445 on
*any* SOHO Router.

Note that some Routers have full FireWall implementations.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>


|
| Open ports are NOT open to Trojans. They are open to Internet worms. Trojans open ports.
|
| If you are connected to Broadband Internet then i suggest using a Cable/Dsl outer such as
| the Linksys BEFSR41. Such a device can act as a simplistic FireWall and indeed most allow
| you to block ports. As always, I suggest bliock TCP and UDP ports 135 ~ 139 and 445 on
| *any* SOHO Router.
|
| Note that some Routers have full FireWall implementations.
|
| --
| Dave
| http://www.claymania.com/removal-trojan-adware.html
| http://www.ik-cs.com/got-a-virus.htm
|

I forgot to mention that to monitor activity at the Router there is the software
WallWatcher.

http://www.wallwatcher.com/

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

You can do this:

1 - go to Command Prompt
2 - do the following command line: netstat -a -o
appears an report, in the PID column you have the ID of the process
that is running the listening port.
3 - go to Task Manager (CTRL-ALT-DEL)
4 - set the PID "on" in View-Select Column
5 - compare one and other and you will know who is....

ok?

alf



"ehipasso" <ehipasso@discussions.microsoft.com> wrote in message
news:9915243F-3681-4288-B96D-1BA1A84A9F86@microsoft.com...
> I'm using XP sp2. i recently ran Local Port Scanner (v1.2.2) and it
showed
> that i've got 7 open ports, some of which are vulnerable to several
different
> trojans, with Windows firewall turned on. I'm connected via a router, so
i
> don't know if these ports are really even open or not.
>
> Also i recently turned on the security logging feature of the windows
> firewall, but i have no idea how to decipher it to tell if any intrusion
is
> going on.
>
> Does anybody know how to block or stealth the open ports, and how to read
> the security log??? Please help a very paranoid newbie layman.
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "alfranze" <alfranze@horizon.com.br>

| You can do this:
|
| 1 - go to Command Prompt
| 2 - do the following command line: netstat -a -o
| appears an report, in the PID column you have the ID of the process
| that is running the listening port.
| 3 - go to Task Manager (CTRL-ALT-DEL)
| 4 - set the PID "on" in View-Select Column
| 5 - compare one and other and you will know who is....
|
| ok?
|

If you use TCPVIEW from Sysinternals -- http://www.sysinternals.com/Utilities/TcpView.html
You will see not a static command line view but a dynamic GUI view. It will show what
program is opening up what port and is communicating to what Internet site.

Not only can you view the fully qualified name and path of the executable but also the
command line switches used when it was loaded.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"David H. Lipman" wrote:

> From: "alfranze" <alfranze@horizon.com.br>
>
> | You can do this:
> |
> | 1 - go to Command Prompt
> | 2 - do the following command line: netstat -a -o
> | appears an report, in the PID column you have the ID of the process
> | that is running the listening port.
> | 3 - go to Task Manager (CTRL-ALT-DEL)
> | 4 - set the PID "on" in View-Select Column
> | 5 - compare one and other and you will know who is....
> |
> | ok?
> |
>
> If you use TCPVIEW from Sysinternals -- http://www.sysinternals.com/Utilities/TcpView.html
> You will see not a static command line view but a dynamic GUI view. It will show what
> program is opening up what port and is communicating to what Internet site.
>
> Not only can you view the fully qualified name and path of the executable but also the
> command line switches used when it was loaded.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
> thanks a million for the help!