Results 1 to 3 of 3

Thread: netstat shows port listening

  1. #1
    mkuske Guest

    Default netstat shows port listening

    I've closed tcp port 5000 incomning and outgoing in both zones but netstat -a still shows port as listening. Shouldn't netstat not show it anymore.

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Pro
    Software Version:6.5

  2. #2
    billc Guest

    Default Re: netstat shows port listening

    Good question. It is ok for netstat -a to still show the port as 'listening'. The thing is, it won't 'hear' anything because ZAP has it protected. An analogy would be like your "listen" for your phone to ring even though the bell is turned off. You can 'listen' all you want, you just won't hear anything. Same applies to your machine...it can 'listen' but it won't 'hear'. Hope this helps.

  3. #3
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: netstat shows port listening

    Hi

    Try netstat -an and see where it goes ( maybe just local host ).

    Even though the Windows OS will show ports used, the Zone Alarm will have closed the port(s).

    To close ports in the Windows OS ( make all open ports become closed ) the Windows has to be hardned.

    To close the port 5000 ( and it's related port 1900), just disable all mention of PnP amd UpnP in the Services of Windows.

    Try these for suggestions..

    BlackViper List

    http://majorgeeks.com/page.php?id=12

    theeldergeek

    http://www.theeldergeek.com/services_guide.htm

    Suggested resources for hardeneing Windows further

    http://www.hsc.fr/ressources/breves/...win.en.html.fr

    http://www.markusjansson.net/exp.html

    http://www.markusjansson.net/eienbid.html

    http://www.microsoft.com/technet/sec.../legsgch3.mspx


    good site to read

    http://www.xnews.ro/

    Windows XP Security Guide

    http://www.microsoft.com/technet/sec.../xpsgch01.mspx

    ----------------------------------------------------------------------------------------------------------------------

    Further and an incomplete list hardening of Windows XP

    It is safe to assume that the PC is not in a Microsoft Network or Office LAN or in a multiple PC home LAN. So do this.
    Open the Network Connections and selct the Properties (do for all NIC) and uninstall the following, one at a time and do the complete reboot after each uninstall.

    File and printing Sharing for Microsoft Networks
    QoS packet Scheduler
    Service Advertising Protocol
    Client for Microsoft Networks


    Disable the Messenger in Services and check to see if you can disable the messenger in DCOM Config in Component Services. Perhaps as well as uninstalling the MS messenger completely in Add/Remove>Add/remove Windows Components. It is just one of the several in DCOM that should be disabled in the Component Services (but that is another reply).

    If any item listed in the Program List, in the ZA firewall, has been assigned server rights, then, of course, ports(s) will appear as open. Quite typical applications are the IM, P2P and such. Usual and safe practise is to unallow their server rights after these type of programs are finished being used.

    Open Control Panel and select the "Add/Remove Programs". Select the "Add/Remove Windows Components" and select the Windows Messenger and uncheck it and proceed with the "Next" and uninstall it. Optional to uninstall are the MSN Explorer and, Internet games and Hearts (both under the Accesories and Utilities). If the Windows Messenger is not presented by Windows, there is a trick to use to make it show and then it can be uninstalled ( repost later for this trick).

    DCOM services may run and these may be the cause of the problems as well. Plus doing this step is another step in "hardening Windows" as well. These steps are optional and if any difficulty is found with added devices then please just reverse the setting.

    Start > Control Panel > Performance and Maintenance > Administrator Tools > Component Services > work the way to the DCOM Config > do the following steps: right click item, left click "Properties" , select "Location" and uncheck both the of "Run Application ... " entries. Click the "Apply" and "OK"


    Netmeeting
    RDSessMgr (optional)
    RDSHOST(optional)
    upnpcont.exe(optional)
    UPnP container(optional)
    upnphost(optional)

    Is possible to find messenger ( do this as well) and in the numbered items there is one or two items, but they have disappeared some time ago from my PC. Not sure if it was the NPPServer or WMIApsrv, but these are to for you to check out later in some future time at your leisure.

    Oldsod
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •