Security → Re: can anyone tell me what these ports are

ok thanks>>well I am running win98se with trojan hunter,zap 3.0,nortons av 2002& anti keylogger and in my firewall i have the settings currently set to block lexpps,and ask for permission on rpcss,the weird thing is,i did not get asked nor did i give permission to either of these programs,and they are both listening one on tcp1100 and the other on tcp 1085 so i am a bit confused since i was not informed of a port scan or any type of security risk by any of my programs and yes i do have a lexmark printer but i did not use it. well thanks in advance

Again, what makes you think they are listening and what are they listening to? Is it because you did a netstat? Open up DOS (command Prompt) and type Netstat -an and then you can copy and paste the result here. You may want to xxx out the last digits of your IP. It's best to do the netstat after a reboot and before opening your browser. It would be cleaner and easier to look through the result but you can do it any time.

ok so i have come to the conclusion upon doing the netstat (which is cool never knew about that) that these were just false alarms,since the only listeners were my computer and i am sorry for any inconvience this may have caused and once again thanks for the help and the new trick (netstat -an) and sorry for goin off on ya time out

well I'm back and I have the post of my netstat (the part I was questioning was the foreign adress and the question is am i in any danger with this set-up? please help or is this just a normal adress number? sorry for the ignorance.
Active Connections

Proto Local Address Foreign Address State
TCP 0.x.x.x:1025 0.0.0.0:0 LISTENING
TCP 0.x.x.x:1064 0.0.0.0:0 LISTENING
TCP 127.x.x.x:1027 0.0.0.0:0 LISTENING
TCP 127.x.x.x:1028 0.0.0.0:0 LISTENING
TCP 151.201.xxx.xx:1057 24.153.xxx.xx:80 TIME_WAIT
TCP 151.201.xxx.xx:1064 209.123.xxx.xxx:80 ESTABLISHED
TCP 151.201.xxx.xx:137 0.0.0.0:0 LISTENING
TCP 151.201.xxx.xx:138 0.0.0.0:0 LISTENING
TCP 151.201.xxx.xx:139 0.0.0.0:0 LISTENING
TCP 169.254.x.xxx:137 0.0.0.0:0 LISTENING
TCP 169.254.x.xxx:138 0.0.0.0:0 LISTENING
TCP 169.254.x.xxx:139 0.0.0.0:0 LISTENING
UDP 127.x.x.x:1028 *:*
UDP 151.201.xxx.xx:137 *:*
UDP 151.201.xxx.xx:138 *:*
UDP 169.254.x.xxx:137 *:*
UDP 169.254.x.xxx:138 *:*
[text was edited by author 2002-04-25 00:43:27]

Foreign address just means out your PC as oppose to inside it.

those 1035,1027 1028 are the ports your system is listening on...most likely for your email or other things associated with your ISP..the 1057 aqnd 1064 is the actual connnection you are on at port 50 to get here... and all those 137.138,139 are your Netbios listening...that has to do with file and print sharing also.

those should not be listening and you should unbind them for that is the way trojans are placed on your system.

If you would install netmon you would get a better picture of what is really happening..but netst is ok...just does not tell you that much.

Configuring NetBIOS for Maximum Security
»www.symantec.com/securit ··· ios.html

Cable Modem/DSL Tuning GuideTM
»cable-dsl.home.att.net/i ··· tm#CaseB
Unbind Windows 2000 from the Internet
»www.gpick.com/sbr/securi ··· dw2k.htm

open ports 137 & 138

»open ports 137 & 138

ok I'll have to go get that netmon program,as for the net bios how do i go about closing those? thanks by the way:)

I hate when that happens my slow fingers:)

for the net bios how do i go about closing those? thanks by the way

You read the links and follow the step I already post above before you even asked the question.(Smile)

Just click on those links and read what they have to say..some even have walk through screen shot to give you the step by step proceedure to do it.

Good luck...looks like you are making progess and learning.

thanks again for all your help and I downloaded the net mon which is a great program very easy to use and very convienent as far as the ports go I'm working on it.

Consider also downloading that "whats happening" it is also so small and easy. It will give you an icon that is a "?" on your desk top. click on it any time and you can see every single program and .exe that is running on your pc and it will tell you in a "tree" every single .dll that is used for each. crtl+alt+del will only show you some of the thing running for it only has the stuff loaded at start up...but whats happening will show you everything that is currently running..even trojan and other worms that can sneek into your system...so that is your backup for a quick check...you will get used to seeing the normal thing...but when something strange show up you will know exactly what it is and then you can asked people here about something that is weird..not just calling it a trojan..etc...but rather call it by name like openme.exe and others...if you can do that..you are so much more ahead of the game and then with netmon you can see what is getting in and out with just on click..together..they will be invaluable to pin down problems...

There are more sophisticated proggies you can get that do the same or more...but these two are easy and fast.

also with netmon you can close ports that get STICKY and other features.

Both of these are real time monitoring tools. They will not and can not screw up you system or change anything..they are just fancy GUI's for the Windows enviornment so you do not have to hunt around your OS to find this data.

And they are great training tool to start out understanding what go on in the back ground when you surf the Net.

There's nothing wrong with your Netstat. Most of them are listening locally and they are not visible from outside. As for Netbios, a firewall will take care of it and your shares won't be visible from outside. If you are paranoid and you want to have a second layer of protection simply follow the instructions here or here and you'll be fine.

Ok I am out of here...the WCB just posted the same link I gave you about net bois and he is telling your to forget about it and just get yourself a firewall.

I think you should follow his advice.

Good luck