Windows Firewall Exploitable?

[Guest]

I had an interesting question in a TechNet Briefing I delivered yesterday. A
customer was wondering what would happen to ports that are open on behalf of
an exception defined by application (an .exe listening for unsolicited
ports), and that application did not close gracefully.

The assumption is that if the .exe is not running, the ports aren't open.
But is there any difference if the application crashed suddenly? Would the
ports remain open?

Thanks!

 

[David Beder [MSFT]]

The ports might remain open for a few seconds after the app crashed, but
will eventually get cleaned up/closed.

 

[Guest]

David or Kevin, I currently have Windows XP SP2 and both the
forewall/antivirus is ON. I performed a "shieldsUP!" test in www.grc.com and
the 23,80 and 443 ports are wide open. Linksys has verified my router and
appears to be in good condition (properly secure). What can I do to
close/stealth those 3 ports ? Please advise.

The ports might remain open for a few seconds after the app crashed, but
will eventually get cleaned up/closed.

 

[David Beder [MSFT]]

do a "netsh firewall show state verbose=enable" and look through the list of
open ports (eg Ports currently open on all network interfaces). If you find
these in the list, you'll see what app has probably configured the firewall
to let it listen. These ports are for telnet and web serving, which it
sounds like you aren't expecting to have the machine do.

--
David
Microsoft Windows Networking
This posting is provided "AS IS" with no warranties, and confers no rights.

David or Kevin, I currently have Windows XP SP2 and both the
forewall/antivirus is ON. I performed a "shieldsUP!" test in www.grc.com
and
the 23,80 and 443 ports are wide open. Linksys has verified my router and
appears to be in good condition (properly secure). What can I do to
close/stealth those 3 ports ? Please advise.