General discussion

Locked

Close ports in Windows XP / 2000

By TechieRob ·
Hey all

Just a quirky one, I am running a 2000 advanced server (with ISA and all the goodies) and I have about 20 or so XP clients and 10 or so 2000 clients. What my port scans have shown is a great number of "dodgy" open ports on some of the xp machines and even on the ISA server itself

I have blocked access to theese ports using ISA and have since been bombarded (in the ISA logs) by authorisation failures...

What I would like to know is can you close open ports (within windows xp and 2000) that "dodgy" applications may have opened? Better yet does anyone know of any Active Directory settings that could help in this situation

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by jireland607 In reply to Close ports in Windows XP ...

You must have programs on your system using these ports. Have a search for commonly used ports and their programs. This will allow you to remove or deactivate them.

I recommend download the port scanner from download.com, it is freeware and will show you exacltly what program is using what port.

Follow the link below

http://www.download.com/3000-2085-10062969.html?part=65960&subj=dlpage&tag=button

Hope this helps

Collapse -

by TechieRob In reply to

Poster rated this answer.

I have tried using this software (amongst many others) that have turned up a few odd things but nothing that I can really put my finger on. Oddly enough I had a svchost running on port 80 (remote) which i ended but I dont know what this entails....

Full system spyware / virus scans have returned nothing

Collapse -

by CG IT In reply to Close ports in Windows XP ...

ISA server whether its 2000 or 2004 by default closes all ports, so if you have open ports, theres got to be a packet filter for it [ISA2000] or a rule or published server [ISA 2004]. depending upon where your doing the packet capture determines what is going on. If its on the internal interface, necessary services running will open and close ports as a matter of just having a network.

I would review your ISA server configuration and what services the network requires having external access. DNS, NTP, SMTP, POP3 all come to mind that does require external access. Review your application log and directory services log, DNS log, in event viewer for errors
poping up and what they are.

Collapse -

by TechieRob In reply to

Poster rated this answer.

Collapse -

by sgt_shultz In reply to Close ports in Windows XP ...

i am thinking you don't need another port scanner. i am thinking you need to visit www.microsoft.com and search the knowledgebase for the article 'how to configure the xp firewall' and 'which ports are used by what services' they are all spelled out in docs there.

Collapse -

by TechieRob In reply to

Poster rated this answer.

I'm not running XPSP2 as it broke too many applications when I rolled it out last time.... Im waiting for Micro$oft to officially annouce their "bugs have ben ironed out"

Collapse -

by TechieRob In reply to Close ports in Windows XP ...

I like where the second answer is going but i need to know another thing

Is it possible to simply put in place a "deny all" packet filter and then just configure individual access rules for each port?? Or does the deny rule overide the access rule??

Collapse -

by CG IT In reply to Close ports in Windows XP ...

well there is a deny all rule by default installed when ISA server is installed [both 2000 and 2004]. All traffic through ISA server is blocked until you create a set of rules and packet filters [ISA 2000] or with ISA 2004 create rules and/or publish server(s).

If you have traffic through ISA server to the Internet, then there is a rule or filter allowing it [which is why I suggested you look at the rules and filters]. I suggest you web GFI's monitoring software for ISA server. It will give you by user and by ip address just what is going out to the Internet via ISA server and where that traffic is going.

btw which ISA server version you running? ISA 2004 is way different than 2000 and the GUI is very different.

Collapse -

by CG IT In reply to

actually when I say deny all rule, what I mean is that all traffic [all e.g. both directions] that is to pass through ISA server is blocked until you allow it via rules and packet filters. hopefully all traffic destined to the internet and from the internet passes through ISA server.

Collapse -

by TechieRob In reply to

Poster rated this answer.

Back to Networks Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums