I checked the open ports on the system and there are like a zillion ports that are open. What is the solution to automatically close then down. Doing it manually gives me no result. For this I was using Windows 7.
What is Close_wait, time_wait, established and listening?
Can a single port be used for two purposes at the same time?
Almost a zillion ports open
- Broken Angel
- Fame ! Where are the chicks?!
- Posts: 432
- Joined: 05 Jul 2010, 04:58
- 13
- Contact:
Almost a zillion ports open
God Blessed Me With Forgiveness And I Forgive You With My Revenge...!
-Broken Angel
-Broken Angel
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Almost a zillion ports open
um, you mean open ports on the Windows7 system?
to "close a port" you simply stop the service that is listening on it, of course you can not simply stop them without knowing if they aren't needed for the system.
best use TCPview to see what services belong to which ports/connections (file attached), then we can see what services can be disabled.
the connection states mean:
- established -> a connection is established at the moment
- listening -> a service waiting for connections on that port
- close_wait -> the service has received a FIN packet ("I'm done, bye!") from the client that was connected and is about to close the connection
- time_wait -> the connection is established but not used at the moment, it stays in that state until the time out limit is reached and then is disconnected (if the client is not making use of it in the meantime)
to "close a port" you simply stop the service that is listening on it, of course you can not simply stop them without knowing if they aren't needed for the system.
best use TCPview to see what services belong to which ports/connections (file attached), then we can see what services can be disabled.
the connection states mean:
- established -> a connection is established at the moment
- listening -> a service waiting for connections on that port
- close_wait -> the service has received a FIN packet ("I'm done, bye!") from the client that was connected and is about to close the connection
- time_wait -> the connection is established but not used at the moment, it stays in that state until the time out limit is reached and then is disconnected (if the client is not making use of it in the meantime)
- Attachments
-
- TCPView.zip
- (284.77 KiB) Downloaded 82 times
- CommonStray
- Forum Assassin
- Posts: 1215
- Joined: 20 Aug 2005, 16:00
- 18
Re: Almost a zillion ports open
netstat -o
will list your current connections and their corresponding PID (process identifier) - in Task Manager you may have to goto View->Select Columns to see the PID of your currently running processes.
will list your current connections and their corresponding PID (process identifier) - in Task Manager you may have to goto View->Select Columns to see the PID of your currently running processes.
Re: Almost a zillion ports open
process explorer works as well.
"a zillion open ports" - if you scan yourself, you might see this - but it does not mean that those ports are open to the outside. If you scan under admin priv, you'll be scanning behind your internet firewall.
https://www.grc.com/x/ne.dll?bh0bkyd2" onclick="window.open(this.href);return false;
is a way to get an outside machine to scan what 'outside' can see.
mine -
"GRC Port Authority Report created on UTC: 2011-07-30 at 19:18:55
Results from scan of ports: 0-1055
0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received."
DNR
"a zillion open ports" - if you scan yourself, you might see this - but it does not mean that those ports are open to the outside. If you scan under admin priv, you'll be scanning behind your internet firewall.
https://www.grc.com/x/ne.dll?bh0bkyd2" onclick="window.open(this.href);return false;
is a way to get an outside machine to scan what 'outside' can see.
mine -
"GRC Port Authority Report created on UTC: 2011-07-30 at 19:18:55
Results from scan of ports: 0-1055
0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received."
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
- Broken Angel
- Fame ! Where are the chicks?!
- Posts: 432
- Joined: 05 Jul 2010, 04:58
- 13
- Contact:
Re: Almost a zillion ports open
well what I did was
netstat -ano and I got the list of ports that were open. Now my question is that if port 80 is not open or in STEALTH mode then how come it connects? Isn't port 21 used for FTP so if it's STEALTH how do we use it?
EDIT: And yeah having ports in Stealth makes them what?
netstat -ano and I got the list of ports that were open. Now my question is that if port 80 is not open or in STEALTH mode then how come it connects? Isn't port 21 used for FTP so if it's STEALTH how do we use it?
EDIT: And yeah having ports in Stealth makes them what?
Last edited by Broken Angel on 31 Jul 2011, 13:31, edited 1 time in total.
God Blessed Me With Forgiveness And I Forgive You With My Revenge...!
-Broken Angel
-Broken Angel
Re: Almost a zillion ports open
Stealth is no banner response or no response to unsolicited packets.
DNR
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
- Broken Angel
- Fame ! Where are the chicks?!
- Posts: 432
- Joined: 05 Jul 2010, 04:58
- 13
- Contact:
Re: Almost a zillion ports open
GRC Port Authority Report created on UTC: 2011-07-31 at 19:39:25
Results from scan of ports: 0-1055
0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.
Results from scan of ports: 0-1055
0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.
God Blessed Me With Forgiveness And I Forgive You With My Revenge...!
-Broken Angel
-Broken Angel
Re: Almost a zillion ports open
I would likely disregard the first scan that showed all ports open, that scan was likely run with admin permission and was running inside the firewall.
The sheildsup website, is an external machine scanning your IP/machine - without admin permission and has to now pass the firewall.
there are other websites that you can use besides sheildsup, to confirm your stealth, and even see what your browser leaks -
At the GRC/sheilds up website, they will show your browser request - your computer's fingerprint
"
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
Connection: Keep-Alive
Host: http://www.grc.com" onclick="window.open(this.href);return false;
Referer: http://www.grc.com/x/ne.dll?rh1dkyd2" onclick="window.open(this.href);return false;
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Cookie: ppag=fbhvseswpjng5; pcss=fbhvseswpjng5; tpag=fbhvseswpjng5; tcss=fbhvseswpjng5
Content-Length: 33
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
FirstParty: https://www.grc.com" onclick="window.open(this.href);return false;
ThirdParty: https://www.grctech.com" onclick="window.open(this.href);return false;
Secure: https://www.grc.com" onclick="window.open(this.href);return false;
Nonsecure: http://www.grc.com" onclick="window.open(this.href);return false;
Session: fvzrwsngr50oj "
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
this is like a server banner - here it leaks your machines OS, version, and applications - the browser with add-ons. this along with your MAC is kin to your fingerprint and can be used to match you to wardriving.
Applications like Sam Spade, allowed you to modify your User-agent, that along with a MAC changer helps keep you anonymous when wardriving.
DNR
The sheildsup website, is an external machine scanning your IP/machine - without admin permission and has to now pass the firewall.
there are other websites that you can use besides sheildsup, to confirm your stealth, and even see what your browser leaks -
At the GRC/sheilds up website, they will show your browser request - your computer's fingerprint
"
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
Connection: Keep-Alive
Host: http://www.grc.com" onclick="window.open(this.href);return false;
Referer: http://www.grc.com/x/ne.dll?rh1dkyd2" onclick="window.open(this.href);return false;
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Cookie: ppag=fbhvseswpjng5; pcss=fbhvseswpjng5; tpag=fbhvseswpjng5; tcss=fbhvseswpjng5
Content-Length: 33
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
FirstParty: https://www.grc.com" onclick="window.open(this.href);return false;
ThirdParty: https://www.grctech.com" onclick="window.open(this.href);return false;
Secure: https://www.grc.com" onclick="window.open(this.href);return false;
Nonsecure: http://www.grc.com" onclick="window.open(this.href);return false;
Session: fvzrwsngr50oj "
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
this is like a server banner - here it leaks your machines OS, version, and applications - the browser with add-ons. this along with your MAC is kin to your fingerprint and can be used to match you to wardriving.
Applications like Sam Spade, allowed you to modify your User-agent, that along with a MAC changer helps keep you anonymous when wardriving.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Re: Almost a zillion ports open
Stealth just refers to how your computer deals with packets that it did not ask for. If you open up your browser (presumably on port 80) then you are establishing a connection, and so the response to that establishment is not unsolicited, and your computer will let it in. Same with other types of connections.Broken Angel wrote:Now my question is that if port 80 is not open or in STEALTH mode then how come it connects? Isn't port 21 used for FTP so if it's STEALTH how do we use it?
knuffeltjes voor mijn knuffel
[img]http://i911.photobucket.com/albums/ac320/stuphsack/Sig.jpg[/img]
[img]http://i911.photobucket.com/albums/ac320/stuphsack/Sig.jpg[/img]