Results 1 to 6 of 6

Thread: problem with open ports - closed by firewall but still show to be open!

  1. #1
    aristotelis Guest

    Default problem with open ports - closed by firewall but still show to be open!

    Hello
    I performed a scan on localhost with nmap on windows and it shows 4 open ports..
    Here is my scan log:

    nmap -sT -sU -F -v localhost

    Starting Nmap 4.53 ( http://insecure.org ) at 2008-03-05 13:22
    Skipping UDP Scan against localhost (127.0.0.1) because Windows does not support scanning your own machine (localhost) this way.
    Initiating Connect Scan at 13:22
    Scanning localhost (127.0.0.1) [1275 ports]
    Discovered open port 135/tcp on 127.0.0.1
    Discovered open port 445/tcp on 127.0.0.1
    Connect Scan Timing: About 10.67% done; ETC: 13:27 (0:04:17 remaining)
    Discovered open port 12346/tcp on 127.0.0.1
    Discovered open port 1058/tcp on 127.0.0.1
    Completed Connect Scan at 13:27, 259.45s elapsed (1275 total ports)
    Host localhost (127.0.0.1) appears to be up ... good.
    Interesting ports on localhost (127.0.0.1):
    Not shown: 1271 closed ports
    PORT STATE SERVICE
    135/tcp open msrpc
    445/tcp open microsoft-ds
    1058/tcp open nim
    12346/tcp open NetBus

    i want to close all ports because are vulnarable.. But the most vulnarable port is the NetBus 12346 tcp. I read the faq in the forum and it says that although the port is open, a connection cannot be made to it.. right? Anyway, I tried to close the ports by following the user manual page 53-54... After I specified ports for tcp outgoing and incoming to be blockes and clicked ok and scanned localhost with nmap it showed me again the same ports open..
    Am I doing something wrong?
    thanks

    Operating System:Windows XP Home Edition
    Software Version:7.0
    Product Name:ZoneAlarm Pro

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: problem with open ports - closed by firewall but still show to be open!


    <blockquote><hr>aristotelis wrote:
    Hello
    I performed a scan on localhost with nmap on windows and it shows 4 open ports..
    Here is my scan log:

    nmap -sT -sU -F -v localhost

    Starting Nmap 4.53 ( http://insecure.org ) at 2008-03-05 13:22
    Skipping UDP Scan against localhost (127.0.0.1) because Windows does not support scanning your own machine (localhost) this way.
    Initiating Connect Scan at 13:22
    Scanning localhost (127.0.0.1) [1275 ports]
    Discovered open port 135/tcp on 127.0.0.1
    Discovered open port 445/tcp on 127.0.0.1
    Connect Scan Timing: About 10.67% done; ETC: 13:27 (0:04:17 remaining)
    Discovered open port 12346/tcp on 127.0.0.1
    Discovered open port 1058/tcp on 127.0.0.1
    Completed Connect Scan at 13:27, 259.45s elapsed (1275 total ports)
    Host localhost (127.0.0.1) appears to be up ... good.
    Interesting ports on localhost (127.0.0.1):
    Not shown: 1271 closed ports
    PORT STATE SERVICE
    135/tcp open msrpc
    445/tcp open microsoft-ds
    1058/tcp open nim
    12346/tcp open NetBus

    i want to close all ports because are vulnarable.. But the most vulnarable port is the NetBus 12346 tcp. I read the faq in the forum and it says that although the port is open, a connection cannot be made to it.. right? Anyway, I tried to close the ports by following the user manual page 53-54... After I specified ports for tcp outgoing and incoming to be blockes and clicked ok and scanned localhost with nmap it showed me again the same ports open..
    Am I doing something wrong?
    thanks

    Operating System:
    Windows XP Home Edition
    Software Version:
    7.0
    Product Name:
    ZoneAlarm Pro

    <hr></blockquote>


    Very normal to have open ports in the localhost. How else would the system operate if these were blocked? The Localhost does not and never will contact the internet, as the localhost is strictly an internally used address and this never leaves the PC. The localhst cannot be seen externally.

    You could try a port scan from another lan connected PC for you PC or do an online port scan for the external ports.
    But please do not use a NAT enabled modem or hardware firewall router in front of the PC or else the hardware firewall will get scanned instead of the PC's firewall.
    Just make sure the IP shown at the web site's port scanner is the same as the assigned IP (as seen in the ipconfig /all) of the test PC.

    Oldsod.
    Best regards.
    oldsod

  3. #3
    aristotelis Guest

    Default Re: problem with open ports - closed by firewall but still show to be open!

    you are right... But, what about the opened port that is associated with Netbus?

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: problem with open ports - closed by firewall but still show to be open!

    Netbus the troyan would have an open port attempt to the internet, not the localhost. If the port 12346 was attempting to connect tothe internet, then there may be a possible troyan.
    Try netstat -ano and cross reference the PID for the port 12346 to the PID in the taskmanager - this is an easy way to determine the exact application using the port 12346.

    Oldsod
    Best regards.
    oldsod

  5. #5
    aristotelis Guest

    Default Re: problem with open ports - closed by firewall but still show to be open!

    thanks oldsod for the tips... As I found out, the program associated with that port was the CyberLink Power cinema.. When I typed netstat -ano it showed me that the current application was listening on that port... Anyway, I uninstalled it now..
    Thanks again

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: problem with open ports - closed by firewall but still show to be open!

    You are welcome, aristotelis.
    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •