Sorry if this is OT, but how do I block port 135? It is associated with
a malicious script that I may have had until recently.
I'm on Win XP Pro SP1 (I think it's SP1).
Jeffrey said:See Microsoft Knowledge Base Article - 283673 "HOW TO: Enable or Disable
Internet Connection Firewall in Windows XP"
<http://support.microsoft.com/default.aspx?scid=kb;en-us;283673>
HTH.
Thanks. I already have the XP software firewall enabled. How do I
block the port manually?
I'm having trouble making myself understood. I am new to this whole
game and have no idea how to view the open port listings and blocked
port listings on my computer. Is there a way to do that in XP Pro SP1?
The free port scan you recommended had trouble with my router.
It
identified my OS accurately as XP, but claimed I was running Netscape
5.0 when I'm actually running 7.1, and was unable to find my computer's
name.
At the next step it froze.
Jeffrey said:You can open a command prompt and type netstat -an that'll give you a
list of listening ports. If you post the results here and we'll be able
tell you if there is anything unusual listed.
These are my established listings:
3375 localhost 3376
3376 localhost 3375
3470 205.188.11.240:5190
3535 nr-ott02.bellnexia.net:nntp
3577 imap-d24a.mx.aol.com:5002
3582 nr-ott02.bellnexia.net:nntp
There are a few closed listings relating to an online game I played -
when my browser itself intercepted some popups.
The bellnexia listings are my ISP, Sympatico. The only one I'm worried
about is the 3577 AOL listing. Has someone hacked me?
Jeffrey said:That's your Netscape/AOL instant messenger. You may wan't to consider
Using Mozilla <http://www.mozilla.org>... It's basically Netscape
without the AOL crap.
Thanks for the suggestion. Now that I think of it, I can't figure out
what the 205.188.11.240 is either. Typing it in my browser location bar
brings no results, so it's not a valid URL. It's also not my Netgear's
fake-URL configuration thing. Anyone have any ideas?
Thanks for the suggestion. Now that I think of it, I can't figure out
what the 205.188.11.240 is either. Typing it in my browser location bar
brings no results, so it's not a valid URL. It's also not my Netgear's
fake-URL configuration thing. Anyone have any ideas?
Some general suggestions:
1. Use something like Sam Spade to look up IP address assignments. The
one you mention is part of a AOL assigned block. That doesn't tell us
much though without more detective work.
2. One simple way to find which apps or services are connecting is to
use a running application killer. I suggest APPSWAT available at my
web site. You can often swat (kill) suspect running apps one by one
until the netstat reading disappers. But don't kill core Windows
apps. This does require knowing what _not_ to try to kill on your
particular OS. Of course, core apps may be impossible to kill anyway.
Another way is to download and use a free personal firewall since they
will pop up and ask your permission for apps to access the internet.
Thus, you should easily be able to find the name of a .EXE file and
you can temporarily rename it (if it's not locked) or in some cases
you might want to permanently delete it. There are one or two even
simpler freeware apps available which are useful for IDing apps but I
normally keep Sygate personal firewall around for such purposes since
I like its traffic logging. You should be able to rename or delete
locked files in Safe mode.
3. For communicating netstat info to a newsgroup, I suggest forcing it
to create a text file. For example, open a DOS window and type:
netstat -an >net.txt
should produce a text file named net.txt
BTW, with Win XP the netstat command often used includes an extra
command as: netstat -ano Try this and check the difference.
Also, for maximum clarity, run netstat after restarting Windows and
just after going on line. Then there is no recent history to get in
the way and clutter things up.
In this case neither was necessary the OP provided exactly the
information I asked for and in an acceptable manner for the discussion.
the OP provided exactly the
information I asked for and in an acceptable manner for the discussion.
I just ran a free plugin that allegedly disables Netscape/AOL Instant
Messenger in Mozilla products, including Netscape 7.1, which I use.
Following your instructions above, this is what netstat reports:
I rebooted my computer but not my router or DSL modem before doing this.
So what does that look like to you? Thanks much.
I just ran a free plugin that allegedly disables Netscape/AOL Instant
Messenger in Mozilla products, including Netscape 7.1, which I use.
Following your instructions above, this is what netstat reports:
I rebooted my computer but not my router or DSL modem before doing this.
So what does that look like to you? Thanks much.
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1029 127.0.0.1:1028 TIME_WAIT
TCP 127.0.0.1:3001 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3002 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3003 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3009 0.0.0.0:0 LISTENING
TCP 192.168.0.2:139 0.0.0.0:0 LISTENING
TCP 192.168.0.2:3010 152.163.208.57:80 TIME_WAIT
TCP 192.168.0.2:12256 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1026 *:*
UDP 0.0.0.0:3011 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1900 *:*
UDP 192.168.0.2:123 *:*
UDP 192.168.0.2:137 *:*
UDP 192.168.0.2:138 *:*
UDP 192.168.0.2:1900 *:*
UDP 192.168.0.2:14460 *:*
UDP 192.168.0.2:14556 *:*
This is what happens in my netstat immediately after I close Netscape
and restart Windows:
Any comments?
For the fellow who wanted to know: My original question was how to
manually shut down Port 135 to avoid vulnerability.
I then asked a
question about how to manually view my ports. I still need help with
what these listings mean.
Thanks guys.