xp security

Discussion in 'Computer Security' started by Hank, Nov 4, 2003.

  1. Hank

    Hank Guest

    I'm trying to tighten my computer security by eliminating the open
    ports in my Xp pro system.

    When I do a netstat -an it show the following ports listening: 25,
    110, 135, 143, 1025, 1028, and 1121.

    When I do a Superscan 3.0 of my computer I get these open ports: 135,
    1025.

    Shields Up web site www.grc.com shows I am running stealth. But, when
    I bang into this site it know who I am. (Here is the information he
    receives from me: 24.229.134.70.cmts.tv13.ptd.net)

    Is there a way to tighten up my system more? BTW, I am running Zone
    Alarm…

    Thanks Hank from Pa
    Hank, Nov 4, 2003
    #1
    1. Advertising

  2. Hank

    Pete-X Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    "Hank" <> wrote in message
    news:eek:...
    > I'm trying to tighten my computer security by eliminating the open
    > ports in my Xp pro system.
    >
    > When I do a netstat -an it show the following ports listening: 25,
    > 110, 135, 143, 1025, 1028, and 1121.
    >
    > When I do a Superscan 3.0 of my computer I get these open ports: 135,
    > 1025.
    >
    > Shields Up web site www.grc.com shows I am running stealth. But, when
    > I bang into this site it know who I am. (Here is the information he
    > receives from me: 24.229.134.70.cmts.tv13.ptd.net)
    >
    > Is there a way to tighten up my system more? BTW, I am running Zone
    > Alarm.


    I'd like to know more about this myself, so here's my take on this, please
    feel free to correct ( I think it's gonna need it :/ ) :

    The ports you found to be 'listening' would be stealthed from an 'internet
    perspective', with your firewall running. www grc com is making external
    probes to your computer, but is finding nothing, because the firewall is
    'hiding' (for want of a better word) those ports from the scan. It is most
    likely 'dropping' the packets sent from www grc com. What this means to me
    is that the packets sent from www grc com are being blocked, but www grc
    com is not 'informed' of this, and so concludes that no port exists there.
    ( I think I may be in trouble now ...)

    The ports are still there, listening away, as 'netstat' discovered, but
    they can't be connected to because the firewall is making them 'deaf' to
    the outside world (internet). Of course, you can allow whatever ports you
    want, to be 'visible' to scans, and of course the whole Internet, by
    setting up rules in your firewall to do this. Chances are www grc com would
    then detect them as OPEN.

    You have ports 110 (pop3) and 25 (smtp) open it would appear. Do you have
    anti-virus software that checks your mail as it's downloaded running ?
    Might explain the 110 ... Or are you running a mail server ?

    As for www grc com getting your IP address, you may notice that the
    'http://' changes to 'https://' at the start of their web address when you
    start the scan. If you read the site again, it'll tell you why this
    happens, and how it is used to determine an IP address.

    Corrections and additions most welcome.

    Regards,

    Pete.

    - --
    'War doesn't prove who's right, just who's left.'

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.2

    iQA/AwUBP6frUPYt+hJ+PYFrEQJvmgCgsOk4ERfEQ3ou+S9m3S/fBJ5Tst4AniXg
    g+/1Q02xPg/+W683vGy2c2id
    =KNJq
    -----END PGP SIGNATURE-----
    Pete-X, Nov 4, 2003
    #2
    1. Advertising

  3. In article <>,
    says...
    > I'm trying to tighten my computer security by eliminating the open
    > ports in my Xp pro system.
    >
    > When I do a netstat -an it show the following ports listening: 25,
    > 110, 135, 143, 1025, 1028, and 1121.
    >
    > When I do a Superscan 3.0 of my computer I get these open ports: 135,
    > 1025.
    >
    > Shields Up web site www.grc.com shows I am running stealth. But, when
    > I bang into this site it know who I am. (Here is the information he
    > receives from me: 24.229.134.70.cmts.tv13.ptd.net)
    >
    > Is there a way to tighten up my system more? BTW, I am running Zone
    > Alarm?
    >
    > Thanks Hank from Pa
    >
    >
    >
    >



    Most of these online tests give false readings concerning port mapping.
    The ports you see open *could be* filters from your ISP, blocking
    attempts to connect to mail servers, http servers, etc. that break your
    ToS with the ISP. As for 24.229.134.70.cmts.tv13.ptd.net, that is your
    host mask, a reverse dns of your IP address, which is 24.229.134.70,
    this *needs* to be sent "somewhere". In your case, you're not using a
    proxy, therefore, it is sent. *If* you were to use a proxy, you'd be
    able to block websites from seeing your IP address and from connecting
    directly to your computer.


    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
    Colonel Flagg, Nov 5, 2003
    #3
  4. Hank

    Hank Guest

    Yes, I have anti-virus (avast) checking my email....
    Thanks for your input.

    Hank from pa


    On Tue, 4 Nov 2003 18:09:22 -0000, "Pete-X" <> wrote:

    >
    >-----BEGIN PGP SIGNED MESSAGE-----
    >Hash: SHA1
    >
    >"Hank" <> wrote in message
    >news:eek:...
    >> I'm trying to tighten my computer security by eliminating the open
    >> ports in my Xp pro system.
    >>
    >> When I do a netstat -an it show the following ports listening: 25,
    >> 110, 135, 143, 1025, 1028, and 1121.
    >>
    >> When I do a Superscan 3.0 of my computer I get these open ports: 135,
    >> 1025.
    >>
    >> Shields Up web site www.grc.com shows I am running stealth. But, when
    >> I bang into this site it know who I am. (Here is the information he
    >> receives from me: 24.229.134.70.cmts.tv13.ptd.net)
    >>
    >> Is there a way to tighten up my system more? BTW, I am running Zone
    >> Alarm.

    >
    >I'd like to know more about this myself, so here's my take on this, please
    >feel free to correct ( I think it's gonna need it :/ ) :
    >
    >The ports you found to be 'listening' would be stealthed from an 'internet
    >perspective', with your firewall running. www grc com is making external
    >probes to your computer, but is finding nothing, because the firewall is
    >'hiding' (for want of a better word) those ports from the scan. It is most
    >likely 'dropping' the packets sent from www grc com. What this means to me
    >is that the packets sent from www grc com are being blocked, but www grc
    >com is not 'informed' of this, and so concludes that no port exists there.
    >( I think I may be in trouble now ...)
    >
    >The ports are still there, listening away, as 'netstat' discovered, but
    >they can't be connected to because the firewall is making them 'deaf' to
    >the outside world (internet). Of course, you can allow whatever ports you
    >want, to be 'visible' to scans, and of course the whole Internet, by
    >setting up rules in your firewall to do this. Chances are www grc com would
    >then detect them as OPEN.
    >
    >You have ports 110 (pop3) and 25 (smtp) open it would appear. Do you have
    >anti-virus software that checks your mail as it's downloaded running ?
    >Might explain the 110 ... Or are you running a mail server ?
    >
    >As for www grc com getting your IP address, you may notice that the
    >'http://' changes to 'https://' at the start of their web address when you
    >start the scan. If you read the site again, it'll tell you why this
    >happens, and how it is used to determine an IP address.
    >
    >Corrections and additions most welcome.
    >
    >Regards,
    >
    >Pete.
    Hank, Nov 5, 2003
    #4
  5. Hank

    Hank Guest

    Thanks for all the info... I need more studding time on this huge
    subject.

    Hank from pa

    On Tue, 4 Nov 2003 20:34:57 -0500, Colonel Flagg
    <> wrote:

    >In article <>,
    >says...
    >> I'm trying to tighten my computer security by eliminating the open
    >> ports in my Xp pro system.
    >>
    >> When I do a netstat -an it show the following ports listening: 25,
    >> 110, 135, 143, 1025, 1028, and 1121.
    >>
    >> When I do a Superscan 3.0 of my computer I get these open ports: 135,
    >> 1025.
    >>
    >> Shields Up web site www.grc.com shows I am running stealth. But, when
    >> I bang into this site it know who I am. (Here is the information he
    >> receives from me: 24.229.134.70.cmts.tv13.ptd.net)
    >>
    >> Is there a way to tighten up my system more? BTW, I am running Zone
    >> Alarm?
    >>
    >> Thanks Hank from Pa
    >>
    >>
    >>
    >>

    >
    >
    >Most of these online tests give false readings concerning port mapping.
    >The ports you see open *could be* filters from your ISP, blocking
    >attempts to connect to mail servers, http servers, etc. that break your
    >ToS with the ISP. As for 24.229.134.70.cmts.tv13.ptd.net, that is your
    >host mask, a reverse dns of your IP address, which is 24.229.134.70,
    >this *needs* to be sent "somewhere". In your case, you're not using a
    >proxy, therefore, it is sent. *If* you were to use a proxy, you'd be
    >able to block websites from seeing your IP address and from connecting
    >directly to your computer.
    Hank, Nov 5, 2003
    #5
  6. @micro$oft.com, Nov 5, 2003
    #6
  7. Hank

    Leythos Guest

    In article <>, "@micro$oft.com"
    <""billyboi\"@micro$oft.com"> says...
    > Hank wrote:
    >
    > > Is there a way to tighten up my system more?

    >
    > Yes. Install Linux.


    Installing Linux would be just as bad, it has many security holes too.

    Get a router with NAT for your cable/dsl connection and you will be much
    better off as a FIRST layer.



    --
    --

    (Remove 999 to reply to me)
    Leythos, Nov 5, 2003
    #7
  8. Hank

    Pete-X Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    "Leythos" <> wrote in message
    news:...
    > In article <>, "@micro$oft.com"
    > <""billyboi\"@micro$oft.com"> says...
    > > Hank wrote:
    > >
    > > > Is there a way to tighten up my system more?

    > >
    > > Yes. Install Linux.

    >
    > Installing Linux would be just as bad, it has many security holes too.
    >
    > Get a router with NAT for your cable/dsl connection and you will be much
    > better off as a FIRST layer.


    Well said Mark. Nice to see someone daring to go 'against the grain' for
    once. Besides, it's the end users that often compromise security rather
    than the fact that they're running 'whatever' OS.

    NAT router from Belkin, Linksys etc would IMO give a user 'breathing space'
    to sort out other layers of security. Or, if you have an old PC lying
    around, whack a couple of NIC's (Network Interface Cards) in it, set up ICS
    (Internet Connection Sharing) with a decent (Kerio, Sygate etc) firewall on
    this 'gateway' PC, connect it to your main PC with a crossover cable, and
    you have much the same thing, but it will be infinitely more expandable and
    versatile. You can also try out Linux on this 'gateway' PC, and see which
    you prefer.

    For simplicity and speed, I think your NAT router suggestion comes out on
    top.

    Regards,

    Pete.

    - --
    'War doesn't prove who's right, just who's left.'



    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.2

    iQA/AwUBP6kthPYt+hJ+PYFrEQJc9QCg4/29lZjWmlBujJlpbBOQdyqOpzIAn2Je
    Ie0ThnKlaN69JSHZhWuhHk2e
    =Vlmp
    -----END PGP SIGNATURE-----
    Pete-X, Nov 5, 2003
    #8
  9. Hank

    Pete-X Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    "Pete-X" <> wrote in message
    news:...

    > NAT router from Belkin, Linksys etc would IMO give a user 'breathing
    > space' to sort out other layers of security. Or, if you have an old PC
    > lying
    > around, whack a couple of NIC's (Network Interface Cards) in it, set up
    > ICS (Internet Connection Sharing) with a decent (Kerio, Sygate etc)
    > firewall on this 'gateway' PC, connect it to your main PC with a
    > crossover cable, and you have much the same thing, but it will be
    > infinitely more expandable and versatile. You can also try out Linux on
    > this 'gateway' PC, and see which you prefer.


    To clarify what I said, by 'you', I was referring to 'anyone' . :)

    My other suggestion is a bit more work than installing a hardware router,
    but I find it works well for me. My current setup looks something like this
    :

    main pc --- gateway pc + firewall --- modem --- Internet

    My 'gateway' PC has two NIC's in it. One to connect to 'main pc', via a
    'crossover' cable, and the other to my modem. I can switch OS's on this
    gateway PC if and when I choose. Currently it's a fully patched up and
    tweaked Win2000 SP4 install running ICS, with Kerio Personal Firewall ( 'Is
    Running On Internet Gateway' mode selected) holding the fort. Ideally, I'd
    like to change the firewall to WinRoute Firewall 5 from Kerio, when and if
    funds allow ... :/

    To add more computers to my home network, I'd most likely buy a 'hub'. It
    might then look something like this ( sorry if this wraps ) :

    pc1----
    |
    pc2--------hub --- gateway pc + firewall --- modem --- Internet
    |
    pc3----


    My main PC has F-PROT anti-virus protection, and another install of Kerio
    Personal Firewall.

    So far ... so good. AFAIK ...

    Regards,

    Pete.

    - --
    'War doesn't prove who's right, just who's left.'


    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.2

    iQA/AwUBP6k3l/Yt+hJ+PYFrEQIjeACfWB61YvEa6j0xT7P3S5SjN/KjJUcAoKCw
    t6ZGwgzciHk10olS5xdgEAnE
    =GaRL
    -----END PGP SIGNATURE-----
    Pete-X, Nov 5, 2003
    #9
  10. "Pete-X" <> wrote in message
    news:...
    >
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > "Pete-X" <> wrote in message
    > news:...
    >
    > > NAT router from Belkin, Linksys etc would IMO give a user 'breathing
    > > space' to sort out other layers of security. Or, if you have an old PC
    > > lying
    > > around, whack a couple of NIC's (Network Interface Cards) in it, set up
    > > ICS (Internet Connection Sharing) with a decent (Kerio, Sygate etc)
    > > firewall on this 'gateway' PC, connect it to your main PC with a
    > > crossover cable, and you have much the same thing, but it will be
    > > infinitely more expandable and versatile. You can also try out Linux on
    > > this 'gateway' PC, and see which you prefer.

    >
    > To clarify what I said, by 'you', I was referring to 'anyone' . :)
    >
    > My other suggestion is a bit more work than installing a hardware router,
    > but I find it works well for me. My current setup looks something like

    this
    > :
    >
    > main pc --- gateway pc + firewall --- modem --- Internet
    >
    > My 'gateway' PC has two NIC's in it. One to connect to 'main pc', via a
    > 'crossover' cable, and the other to my modem. I can switch OS's on this
    > gateway PC if and when I choose. Currently it's a fully patched up and
    > tweaked Win2000 SP4 install running ICS, with Kerio Personal Firewall (

    'Is
    > Running On Internet Gateway' mode selected) holding the fort. Ideally, I'd
    > like to change the firewall to WinRoute Firewall 5 from Kerio, when and if
    > funds allow ... :/
    >
    > To add more computers to my home network, I'd most likely buy a 'hub'. It
    > might then look something like this ( sorry if this wraps ) :
    >
    > pc1----
    > |
    > pc2--------hub --- gateway pc + firewall --- modem --- Internet
    > |
    > pc3----
    >
    >
    > My main PC has F-PROT anti-virus protection, and another install of Kerio
    > Personal Firewall.
    >
    > So far ... so good. AFAIK ...
    >
    > Regards,
    >
    > Pete.


    Interesting, right now I have this set up:

    Linux PC----
    ----Router ----Cable Modem ---Internet
    XPPRo PC--

    Would I gain anything by using that linux box as a gateway PC and adding
    another NIC to it? I have an F-secure firewall running on the XP box,
    nothing on the Linux box as it is only used for web surfing by my son, and
    no valuable data on it at all...

    john
    Ernest T. Bass, Nov 5, 2003
    #10
  11. Hank

    Pete-X Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    "Ernest T. Bass" <> wrote in
    message news:HQaqb.128$...
    > Interesting, right now I have this set up:
    >
    > Linux PC----
    > ----Router ----Cable Modem ---Internet
    > XPPRo PC--
    >
    > Would I gain anything by using that linux box as a gateway PC and adding
    > another NIC to it? I have an F-secure firewall running on the XP box,
    > nothing on the Linux box as it is only used for web surfing by my son,
    > and no valuable data on it at all...
    >
    > john


    I have a Linksys router too. I decided a while ago that I wanted to have a
    bit more flexibility, plus I had an old P2 400Mhz PC lying around doing sod
    all. So I replaced the router with this 'gateway' PC. I can run
    applications like Ethereal on the desktop, rather than just inspecting a
    router's logs. There are some handy utilities for routers such as the
    Linksys range for viewing logs in a more user-friendly way. One that comes
    to mind is 'WallWatcher'. Google for it. It's free.

    I've run Red Hat 9, Slackware 9.1 and Windows 2000 on this PC. All did much
    the same thing when set up right. With Linux, particularly on Red Hat, I
    found it easier to download the free 'Firestarter' program for managing IP
    Tables through it's nice GUI.

    http://firestarter.sourceforge.net

    (Only two problems with this Firestarter program for me. NAT routing seems
    to be disabled if you reboot. Just open up the preferences dialog inside
    the Firestarter program, and then close it again, and NAT is back up !
    They've probably fixed this now. Also, by default, Firestarter spams
    connection attempts to the console window, even outside of X-Windows when
    you first run it. I did this to stop it :

    # su
    <enter password>
    #dmesg -n 1
    #exit
    $

    That will disable console logging except for really nasty errors. Again,
    they've probably fixed this now, and besides, in Linux, you won't be
    rebooting half as much as in Windows. Firestarter is really cool for
    setting up NAT routing, and is really easy to use in general.)

    Having rambled all that, I'm back to Windows 2000 SP4 now, as it runs the
    fastest. Plus I can link into the Kerio Firewall on this gateway PC from my
    main box's Kerio Firewall. Which is nice.

    For me personally, I prefer the GUI of the Kerio Firewall on Windows 2000,
    plus I can swap it for tons of other vendors applications really easily,
    should I want to. I also run Kerio Mail Server on this gateway PC, and even
    though it's an old P2 machine, it doesn't break a sweat. Yet .. :)

    http://www.kerio.com

    Maybe some people more conversant with Linux than I am (not hard to do)
    could better answer your actual question :) about advantages of Linux in
    this situation, than me.

    Regards,

    Pete.

    - --
    'War doesn't prove who's right, just who's left.'



    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.2

    iQA/AwUBP6lFJfYt+hJ+PYFrEQJ11ACguSFrSQ1FZbZtPzS8ajzjprbau8MAn2Cg
    WJ8cRfCN2eCWSx8f7uwQoa9U
    =xJno
    -----END PGP SIGNATURE-----
    Pete-X, Nov 5, 2003
    #11
  12. Hank

    Leythos Guest

    In article <HQaqb.128$>,
    says...
    [snip]
    >
    > Interesting, right now I have this set up:
    >
    > Linux PC----
    > ----Router ----Cable Modem ---Internet
    > XPPRo PC--
    >
    > Would I gain anything by using that linux box as a gateway PC and adding
    > another NIC to it? I have an F-secure firewall running on the XP box,
    > nothing on the Linux box as it is only used for web surfing by my son, and
    > no valuable data on it at all...


    You would gain nothing but a larger electric bill.

    Your router is far more secure a device than a gateway PC that is setup
    by a home user or non-security professional. In fact, your router is
    almost idiot proof (forgive the wording, nothing intended there).

    --
    --

    (Remove 999 to reply to me)
    Leythos, Nov 5, 2003
    #12
  13. Hank

    Pete-X Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    "Leythos" <> wrote in message
    news:...
    > In article <HQaqb.128$>,
    > says...
    > [snip]
    > >
    > > Interesting, right now I have this set up:
    > >
    > > Linux PC----
    > > ----Router ----Cable Modem ---Internet
    > > XPPRo PC--
    > >
    > > Would I gain anything by using that linux box as a gateway PC and
    > > adding another NIC to it? I have an F-secure firewall running on the
    > > XP box, nothing on the Linux box as it is only used for web surfing by
    > > my son, and no valuable data on it at all...

    >
    > You would gain nothing but a larger electric bill.
    >
    > Your router is far more secure a device than a gateway PC that is setup
    > by a home user or non-security professional. In fact, your router is
    > almost idiot proof (forgive the wording, nothing intended there).


    No worries. Very true. I was just too curious to see what I could do with
    my setup here. A router is by far the safest (and cheapest) option, than
    running a PC as it's equivalent. I totally agree with your last paragraph.

    However, home user doesn't always mean they've just fallen off the silly
    tree, which wasn't what you were saying I know.

    If my set up fails, then everybody here's going to hear about it.
    Unfortunately ... :)

    Regards,

    Pete.

    - --
    'War doesn't prove who's right, just who's left.'

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.2

    iQA/AwUBP6lHsPYt+hJ+PYFrEQLetACeNMU8PrgiKMWoeo4uBnVMcznRx7QAnjPW
    +JHDbPmbxJxAw0rcsbn2+Cj6
    =QcQI
    -----END PGP SIGNATURE-----
    Pete-X, Nov 5, 2003
    #13
  14. "Pete-X" <> wrote in message
    news:...
    >
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > "Leythos" <> wrote in message
    > news:...
    > > In article <HQaqb.128$>,
    > > says...
    > > [snip]
    > > >
    > > > Interesting, right now I have this set up:
    > > >
    > > > Linux PC----
    > > > ----Router ----Cable Modem ---Internet
    > > > XPPRo PC--
    > > >
    > > > Would I gain anything by using that linux box as a gateway PC and
    > > > adding another NIC to it? I have an F-secure firewall running on the
    > > > XP box, nothing on the Linux box as it is only used for web surfing by
    > > > my son, and no valuable data on it at all...

    > >
    > > You would gain nothing but a larger electric bill.
    > >
    > > Your router is far more secure a device than a gateway PC that is setup
    > > by a home user or non-security professional. In fact, your router is
    > > almost idiot proof (forgive the wording, nothing intended there).

    >
    > No worries. Very true. I was just too curious to see what I could do with
    > my setup here. A router is by far the safest (and cheapest) option, than
    > running a PC as it's equivalent. I totally agree with your last

    paragraph.
    >
    > However, home user doesn't always mean they've just fallen off the silly
    > tree, which wasn't what you were saying I know.
    >
    > If my set up fails, then everybody here's going to hear about it.
    > Unfortunately ... :)
    >
    > Regards,
    >
    > Pete.
    >


    Thanks Pete and all, I guess I'll leave well enough alone. I'm no Linux
    expert by any means, everything I do in Linux I have to RTFM step by step.
    I put RH 8.0 on an old Compaq Athlon 500 several months ago because I got
    tired of cleaning viruses off that machine when it had XP on it....the AVG
    free that was running on it did virtually nothing to prevent this, and with
    a 10 year old using it to get cheat codes for his XBox, it was eaten up with
    Viruses =) No problems since Linux was installed, but now he's getting me
    off my XP (work) box sometimes to play his favorite RPG of the day, so I
    might put XPPro bacl on that Athlon and install F-secure....maybe...

    john
    Ernest T. Bass, Nov 5, 2003
    #14
  15. In article <>,
    says...
    > In article <>, "@micro$oft.com"
    > <""billyboi\"@micro$oft.com"> says...
    > > Hank wrote:
    > >
    > > > Is there a way to tighten up my system more?

    > >
    > > Yes. Install Linux.

    >
    > Installing Linux would be just as bad, it has many security holes too.
    >


    Fine then. Install OpenBSD.




    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
    Colonel Flagg, Nov 6, 2003
    #15
  16. Hank

    oft Guest

    On Tue, 04 Nov 2003 12:37:13 -0500, Hank <> wrote:

    >I'm trying to tighten my computer security by eliminating the open
    >ports in my Xp pro system.
    >
    >When I do a netstat -an it show the following ports listening: 25,
    >110, 135, 143, 1025, 1028, and 1121.


    TCP or UDP?
    If you do netstat -ano you also get the PID.
    Then tasklist /svc should show you which program the PID belongs to.
    Or you could use fport from www.foundstone.com or ActivePorts.

    >When I do a Superscan 3.0 of my computer I get these open ports: 135,
    >1025.


    If you use the defaults it won't scan all ports. grc don't scan all
    ports either.

    >Shields Up web site www.grc.com shows I am running stealth. But, when
    >I bang into this site it know who I am. (Here is the information he
    >receives from me: 24.229.134.70.cmts.tv13.ptd.net)


    Your IP address must be known to send packets to you.
    Anyone can get your hostname (cmts.tv13.ptd.net) by typing
    nslookup 24.229.134.70 in a dos box. This info comes from grc's DNS
    servers, not your machine.

    >Is there a way to tighten up my system more? BTW, I am running Zone
    >Alarm…


    25 and 110 are most likely your anti-virus program unless you're
    running an email server.

    To close 135 UDP stop/disable the messenger service which should also
    close another port in the 10xx range.

    Backup registry before doing these.
    To close 135 TCP open regedit and go to:
    HKEY_LOCAL_MACHINEM/System/CurrentControlSet/Services/NetBT/Parameters
    and make a new DWORD key named:
    SmbDeviceEnabled
    The value should be zero.
    Then go to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\DCOM Protocols
    Edit the key and delete the value data (not the key)
    Then delete all the keys below:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\ClientProtocols

    Stopping the Task Scheduler service will close another port in the
    10xx range.

    fport or Active ports should show you what processes are opening the
    other ports.
    >Thanks Hank from Pa
    >
    >


    oft
    --
    The note he left was signed:
    OldFatherThames
    oft, Nov 6, 2003
    #16
  17. Hank

    Hank Guest

    I just bought and installed a router. (Netgear's RP614 v2)
    This, I hope, is a fairly good inexpensive router; it contains SPI and
    NAT protection.

    If anyone know about this router please let me know. I am still
    trying to figure out all it does.

    Hank from Pa

    On Wed, 05 Nov 2003 13:06:06 GMT, Leythos <> wrote:

    >In article <>, "@micro$oft.com"
    ><""billyboi\"@micro$oft.com"> says...
    >> Hank wrote:
    >>
    >> > Is there a way to tighten up my system more?

    >>
    >> Yes. Install Linux.

    >
    >Installing Linux would be just as bad, it has many security holes too.
    >
    >Get a router with NAT for your cable/dsl connection and you will be much
    >better off as a FIRST layer.
    >
    >
    >
    >--
    Hank, Nov 6, 2003
    #17
  18. -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    In article <>, on Thu, 06 Nov 2003 06:51:04 -0500, Hank
    <>
    wrote:

    | I just bought and installed a router. (Netgear's RP614 v2)
    | This, I hope, is a fairly good inexpensive router; it contains SPI and
    | NAT protection.
    |
    | If anyone know about this router please let me know. I am still
    | trying to figure out all it does.

    A good place to ask would be grc.security.hardware.

    Lots of knowlegable folks hang out there.

    <davidp />

    - --
    David Postill

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com
    Comment: Get key from pgpkeys.mit.edu:11370

    iQA/AwUBP6peb3xp7q1nhFwUEQK+3ACgmd6Bvp72pLNXIVMSn8l7CRf7vQcAoKma
    OeYj1VU9auZsMWBnv9trQ0+2
    =pJ4R
    -----END PGP SIGNATURE-----
    David Postill, Nov 6, 2003
    #18
  19. In article <>,
    says...
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > In article <>, on Thu, 06 Nov 2003 06:51:04 -0500, Hank
    > <>
    > wrote:
    >
    > | I just bought and installed a router. (Netgear's RP614 v2)
    > | This, I hope, is a fairly good inexpensive router; it contains SPI and
    > | NAT protection.
    > |
    > | If anyone know about this router please let me know. I am still
    > | trying to figure out all it does.
    >
    > A good place to ask would be grc.security.hardware.
    >
    > Lots of knowlegable folks hang out there.
    >
    > <davidp />
    >
    > - --
    > David Postill
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: PGP 8.0.3 - not licensed for commercial use: www.pgp.com
    > Comment: Get key from pgpkeys.mit.edu:11370
    >
    > iQA/AwUBP6peb3xp7q1nhFwUEQK+3ACgmd6Bvp72pLNXIVMSn8l7CRf7vQcAoKma
    > OeYj1VU9auZsMWBnv9trQ0+2
    > =pJ4R
    > -----END PGP SIGNATURE-----
    >
    >



    if it's grc, i seriously doubt "lots" would be accurate.



    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
    Colonel Flagg, Nov 6, 2003
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AM
    Replies:
    4
    Views:
    815
  2. Replies:
    0
    Views:
    704
  3. Rick Sears
    Replies:
    0
    Views:
    504
    Rick Sears
    Jul 29, 2003
  4. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    602
    COMSOLIT Messmer
    Sep 5, 2003
  5. Ablang
    Replies:
    2
    Views:
    584
    Gimpy
    Jun 10, 2006
Loading...

Share This Page