Re: PORTs

Secure Home | Search | About

Lost Password?

Microsoft Applications Security

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

Re: PORTs

Steven L Umbach

06-27-2005

Re: PORTs

Lanwench [MVP -...

06-27-2005

Posted by Steven L Umbach on June 27, 2005, 12:14 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Hi again. More information would be helpful. In general the average home
user would have no need to have ANY ports open for INBOUND access. Almost
all available firewalls today whether they are personal firewalls [including
XP Windows firewall] or hardware firewalls [including common internet
"router" devices] are stateful in nature and will block all unsolicited
inbound traffic but allow inbound traffic to your computer/network that is
traffic you initiated such as to a website or using Instant Messenger.

If you want to manage "outbound" access for traffic initiated by your
computer you can do such with more advanced hardware devices or with third
party host firewalls such as the free for personal use ones from the likes
of Zone Alarm and Sygate. These firewalls can also manage outbound traffic
by applications and they usually have a learning mode that will prompt you
when outbound traffic is detected, though for the novice [and sometimes even
advanced] user these prompts can at times be confusing as to whether they
are legitimate or not. In my opinion if you follow safe computer practices
such as using a quality antivirus that scans all emails/downloads and is
kept current with definitions, keeping current with critical security
updates at Windows Updates, use a strong password for your user accounts,
scan for adware/spyware on a regular basis [weekly at least], and do not use
weak security settings for Internet Explorer then the need for managing
"outbound" traffic with your firewall is of limited value.

If you do want to manage outbound traffic most home users will generally
need to allow outbound ports 80/443 TCP for http/https websites, port 53 UDP
for dns name resolution, ports 25/110/119 TCP for mail and newsgroups, and
ports 20/21 TCP for ftp if you use ftp for file transfers and some downloads
will use. If you use Instant Messaging type programs more ports will need to
be allowed and that will vary based on the application. You can use the
command netstat -an to see the ports that your computer is using for network
connections [see my example below that shows connection to port 80 TCP to
websites]. Look for established and foreign address that will display IP
address and port used for network connection. The port will show after the
IP address as in xxx.xxx.xxx.xxx:80. Note it is possible for malware to show
an established session if such exists on your computer. TCPView is a free
graphical interface utility that will show port use on your computer for
both established and idle [listening] sessions.

Many firewalls, including the Windows Firewall, can log traffic through the
firewall and often those logs can help you determine if legitimate traffic
is being blocked if you can not access the internet as desired. There are
free self scan websites that can check your internet connection for basic
vulnerability to unsolicited inbound traffic such as
http://scan.sygatetech.com/ . The links below may help. --- Steve

http://www.sysinternals.com/Utilities/TcpView.html --- TCPView
http://www.microsoft.com/technet/security/topics/networksecurity/firewall.mspx
--- FW reference guide and see common port numbers.
http://mvps.org/winhelp2002/unwanted.htm --- see tips on securing Internet
Explorer

D:\Documents and Settings\Steve>netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1051 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5180 0.0.0.0:0 LISTENING
TCP 192.168.1.53:139 0.0.0.0:0 LISTENING
TCP 192.168.1.53:3814 64.86.101.38:80 ESTABLISHED
TCP 192.168.1.53:3815 64.86.101.38:80 ESTABLISHED
TCP 192.168.1.53:3817 64.86.101.41:80 ESTABLISHED
TCP 192.168.1.53:3823 64.86.101.54:80 ESTABLISHED
TCP 192.168.1.53:3825 64.86.101.54:80 ESTABLISHED

> Hi

> What port shoul be open and which port should be blocked? Some thing for

> Protocols.

> Thank you.

Posted by Lanwench [MVP - Exchange] on June 27, 2005, 1:10 pm

If you were Registered and logged in, you could reply and use other advanced thread options

> read this post and tryed to run netstat, it opened and started to

> show a list but then it closed, i cant see what is on the list, i

> tryed a couple more times, and it kept closing before i could see

> anything, any ideas why that would happen?

Go to start, run, type
cmd
Press Enter

Run netstat, etc, from the command line.

> "Steven L Umbach" wrote:

>> Hi again. More information would be helpful. In general the average

>> home user would have no need to have ANY ports open for INBOUND

>> access. Almost all available firewalls today whether they are

>> personal firewalls [including XP Windows firewall] or hardware

>> firewalls [including common internet "router" devices] are stateful

>> in nature and will block all unsolicited inbound traffic but allow

>> inbound traffic to your computer/network that is traffic you

>> initiated such as to a website or using Instant Messenger.

>> If you want to manage "outbound" access for traffic initiated by your

>> computer you can do such with more advanced hardware devices or with

>> third party host firewalls such as the free for personal use ones

>> from the likes of Zone Alarm and Sygate. These firewalls can also

>> manage outbound traffic by applications and they usually have a

>> learning mode that will prompt you when outbound traffic is

>> detected, though for the novice [and sometimes even advanced] user

>> these prompts can at times be confusing as to whether they are

>> legitimate or not. In my opinion if you follow safe computer

>> practices such as using a quality antivirus that scans all

>> emails/downloads and is kept current with definitions, keeping

>> current with critical security updates at Windows Updates, use a

>> strong password for your user accounts, scan for adware/spyware on a

>> regular basis [weekly at least], and do not use weak security

>> settings for Internet Explorer then the need for managing "outbound"

>> traffic with your firewall is of limited value.

>> If you do want to manage outbound traffic most home users will

>> generally need to allow outbound ports 80/443 TCP for http/https

>> websites, port 53 UDP for dns name resolution, ports 25/110/119 TCP

>> for mail and newsgroups, and ports 20/21 TCP for ftp if you use ftp

>> for file transfers and some downloads will use. If you use Instant

>> Messaging type programs more ports will need to be allowed and that

>> will vary based on the application. You can use the command netstat

>> -an to see the ports that your computer is using for network

>> connections [see my example below that shows connection to port 80

>> TCP to websites]. Look for established and foreign address that will

>> display IP address and port used for network connection. The port

>> will show after the IP address as in xxx.xxx.xxx.xxx:80. Note it is

>> possible for malware to show an established session if such exists

>> on your computer. TCPView is a free graphical interface utility that

>> will show port use on your computer for both established and idle

>> [listening] sessions.

>> Many firewalls, including the Windows Firewall, can log traffic

>> through the firewall and often those logs can help you determine if

>> legitimate traffic is being blocked if you can not access the

>> internet as desired. There are free self scan websites that can

>> check your internet connection for basic vulnerability to

>> unsolicited inbound traffic such as http://scan.sygatetech.com/ .

>> The links below may help. --- Steve

>> http://www.sysinternals.com/Utilities/TcpView.html --- TCPView

>> http://www.microsoft.com/technet/security/topics/networksecurity/firewall.mspx

>> --- FW reference guide and see common port numbers.

>> http://mvps.org/winhelp2002/unwanted.htm --- see tips on securing

>> Internet Explorer

>> D:\Documents and Settings\Steve>netstat -an

>> Active Connections

>> Proto Local Address Foreign Address State

>> TCP 0.0.0.0:135 0.0.0.0:0 LISTENING

>> TCP 0.0.0.0:445 0.0.0.0:0 LISTENING

>> TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING

>> TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING

>> TCP 127.0.0.1:1051 0.0.0.0:0 LISTENING

>> TCP 127.0.0.1:5180 0.0.0.0:0 LISTENING

>> TCP 192.168.1.53:139 0.0.0.0:0 LISTENING

>> TCP 192.168.1.53:3814 64.86.101.38:80 ESTABLISHED

>> TCP 192.168.1.53:3815 64.86.101.38:80 ESTABLISHED

>> TCP 192.168.1.53:3817 64.86.101.41:80 ESTABLISHED

>> TCP 192.168.1.53:3823 64.86.101.54:80 ESTABLISHED

>> TCP 192.168.1.53:3825 64.86.101.54:80 ESTABLISHED

>>> Hi

>>> What port shoul be open and which port should be blocked? Some

>>> thing for Protocols.

>>> Thank you.

Similar Threads	Posted
Re: PORTs	June 27, 2005, 12:12 pm
Windows Ports when used on DMZ	June 27, 2005, 12:08 pm
Closing ports	June 27, 2005, 12:56 pm
WSUS ports	November 30, 2005, 9:35 am
RE: How do you close ports?	January 15, 2006, 4:21 pm
Ports usage	March 29, 2006, 1:58 pm
ipsec ports	November 13, 2006, 9:31 am
Opening ports	June 30, 2008, 11:28 am
Ports 6346 and 1434 TCP and UDP	July 31, 2005, 12:47 pm
ports for shutdown -s -m machine_name?	April 3, 2007, 7:38 am

The site map in XML format XML site map