Almost a zillion ports open

[Broken Angel]

I checked the open ports on the system and there are like a zillion ports that are open. What is the solution to automatically close then down. Doing it manually gives me no result. For this I was using Windows 7.

What is Close_wait, time_wait, established and listening?
Can a single port be used for two purposes at the same time?

[bad_brain]

um, you mean open ports on the Windows7 system?

to "close a port" you simply stop the service that is listening on it, of course you can not simply stop them without knowing if they aren't needed for the system.

best use TCPview to see what services belong to which ports/connections (file attached), then we can see what services can be disabled.

the connection states mean:
- established -> a connection is established at the moment
- listening -> a service waiting for connections on that port
- close_wait -> the service has received a FIN packet ("I'm done, bye!") from the client that was connected and is about to close the connection
- time_wait -> the connection is established but not used at the moment, it stays in that state until the time out limit is reached and then is disconnected (if the client is not making use of it in the meantime)

[CommonStray]

netstat -o

will list your current connections and their corresponding PID (process identifier) - in Task Manager you may have to goto View->Select Columns to see the PID of your currently running processes.

[DNR]

process explorer works as well.

"a zillion open ports" - if you scan yourself, you might see this - but it does not mean that those ports are open to the outside. If you scan under admin priv, you'll be scanning behind your internet firewall.

https://www.grc.com/x/ne.dll?bh0bkyd2" onclick="window.open(this.href);return false;

is a way to get an outside machine to scan what 'outside' can see.

mine -
"GRC Port Authority Report created on UTC: 2011-07-30 at 19:18:55

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received."

DNR

[Broken Angel]

well what I did was
netstat -ano and I got the list of ports that were open. Now my question is that if port 80 is not open or in STEALTH mode then how come it connects? Isn't port 21 used for FTP so if it's STEALTH how do we use it?


EDIT: And yeah having ports in Stealth makes them what?

[DNR]

Stealth is no banner response or no response to unsolicited packets.

DNR

[Broken Angel]

GRC Port Authority Report created on UTC: 2011-07-31 at 19:39:25

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

[DNR]

I would likely disregard the first scan that showed all ports open, that scan was likely run with admin permission and was running inside the firewall.
The sheildsup website, is an external machine scanning your IP/machine - without admin permission and has to now pass the firewall.

there are other websites that you can use besides sheildsup, to confirm your stealth, and even see what your browser leaks -

At the GRC/sheilds up website, they will show your browser request - your computer's fingerprint
"




Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
Connection: Keep-Alive
Host: http://www.grc.com" onclick="window.open(this.href);return false;
Referer: http://www.grc.com/x/ne.dll?rh1dkyd2" onclick="window.open(this.href);return false;
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Cookie: ppag=fbhvseswpjng5; pcss=fbhvseswpjng5; tpag=fbhvseswpjng5; tcss=fbhvseswpjng5
Content-Length: 33
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
FirstParty: https://www.grc.com" onclick="window.open(this.href);return false;
ThirdParty: https://www.grctech.com" onclick="window.open(this.href);return false;
Secure: https://www.grc.com" onclick="window.open(this.href);return false;
Nonsecure: http://www.grc.com" onclick="window.open(this.href);return false;
Session: fvzrwsngr50oj "



User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
this is like a server banner - here it leaks your machines OS, version, and applications - the browser with add-ons. this along with your MAC is kin to your fingerprint and can be used to match you to wardriving.

Applications like Sam Spade, allowed you to modify your User-agent, that along with a MAC changer helps keep you anonymous when wardriving.

DNR

[lilrofl]

Now my question is that if port 80 is not open or in STEALTH mode then how come it connects? Isn't port 21 used for FTP so if it's STEALTH how do we use it?

Stealth just refers to how your computer deals with packets that it did not ask for. If you open up your browser (presumably on port 80) then you are establishing a connection, and so the response to that establishment is not unsolicited, and your computer will let it in. Same with other types of connections.