Results 1 to 6 of 6

Thread: How to I block port 25, 80, 443 and 1025?

  1. #1
    ngaisteve1 Guest

    Default How to I block port 25, 80, 443 and 1025?

    Hi, I have checked my computer using
    an online
    security tool and realize that I got 4 port open.
    How to I block port 25, 80, 443 and 1025 using
    my zonealarm?
    Thanks.
    From,Steve

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm (Free)

  2. #2
    Join Date
    Dec 2005
    Posts
    8,995

    Default Re: How to I block port 25, 80, 443 and 1025?

    <blockquote><hr>ngaisteve1 wrote:
    Hi, I have checked my computer using
    an online
    security tool and realize that I got 4 port open.
    How to I block port 25, 80, 443 and 1025 using
    my zonealarm?
    Thanks.
    From,Steve

    Operating System:
    Windows XP Pro
    Software Version:
    7.0
    Product Name:
    ZoneAlarm (Free)

    <hr></blockquote>


    If the port scan was performed with an online scan from an internet web site, then consider these points:
    <pr><pr>[*]First and fore-most always ascertain if it the PC/software firewall getting tested or if it the hardware firewall in front of the PC getting tested.
    Always first look at the IP being tested as shown by the web site's page about to perform the port scan. Then cross reference this about to be tested IP with the true IP of the PC. The true IP of the PC can be found easily in the ipconfig /all command.
    If the two IP's match, then yes it is the PC with it's software firewall about to be tested.
    <pr><pr>[*]If the two IP's do not match, then it is either the router or gateway in front of the PC that will be tested. The results will be the test of the hardware in front of the PC and not the PC/software firewall itself. The PC must be directly connected to the internet without any router or a NAT enabled modem in front of the PC. Only this way will the true status of the PC/software firewall be determined.
    <pr><pr>[*]Any port scanning performed at any public web sites or public wireless cafes, hotels, restaurants, etc will always show certain open ports including the ports you have listed and often others.
    <pr><pr>[*]The only time the ZA will ever show any open port(s) is if there are applications listed with server for the internet. Or if specific ports have been opened either in the Expert of the Firewall and the Expert of the Programs. Or if specific ports have been opened in Custom of the Firewall.
    The Zone Alarm has all ports closed and fully stealthed in it's default settings.</pr>

    Best regrads.
    Oldsod.

    Message Edited by Oldsod on 04-23-2008 01:05 PM
    Best regards.
    oldsod

  3. #3
    ngaisteve1 Guest

    Default Re: How to I block port 25, 80, 443 and 1025?

    Hi, thanks for the reply. It tried what you suggested and both IP matches. How come if zonealarm has closed all the port by default, that online tools managed to identified these four open port. When I went to Start &gt; Programs &gt; Administrative Tools &gt; Services and look for SMTP and stop it and check that online tool again, it told me that I have three open ports. This means that online tool works.
    So, is that way I can check if zonealarm has closed these three ports? so that if it didn't, I can close it manually.
    Thanks.

  4. #4
    Join Date
    Dec 2005
    Posts
    8,995

    Default Re: How to I block port 25, 80, 443 and 1025?

    First you must have some applications running with internet server rights allowed. REMOVE these and make sure there are no internet server allowed for anything in the ZA program list!

    Windows XP Pro does have extra provisions for networking/internet connecting/file sharing/access and that are not seen in the Windows XP home versions.

    see and follow the advice from blackviper.com:

    http://www.blackviper.com/WinXP/servicecfg.htm

    and do this:

    Open the Properties of the network Connections.
    Uncheck the Internet Protocol TCP/IP version 6.
    Uncheck the File and Printer Sharing for Microsoft Networks.
    Uncheck the Client for Microsoft Networks.
    Click the Internet Protocol TCP/IP (this is version 4) and click the Properties. Open the Advanced button of the General (first popup)and then open WINS tab of Advanced TCP/IP. In the WINS tab uncheck the Enable LMSHost lookups and uncheck the Enable NetBIOS over TCP/IP. Check the Disable NetBIOS over TCP/IP. OK everything and close the window.

    SMTP = port 25.
    You had the SMTP service running diabling it means it is shut off thus the port is now closed and stealthed. BUT the open port is still allowed in the ZA!

    HTTP= port 80.
    Again you must have some browser or updater with internet server rightd or the IIS is enabled on the windows pro. Shut off the IIS and remove any internet server in the ZA.

    HTTPS = port 443 . Same thing as the the HTTP and possiblely something extra is going on with either the services, application or allowed internet server.

    Blackjack = port 1025. Related to the DCOM server for networking and does not need be enabled for the home user with an XP Pro version with no server or specialized networking functions or services.



    To close the un-nneded vulnerabilities and ports do this:

    Open the Run and type in regedit and ok.


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
    ----> EnableDCOM (REG_SZ)
    -----> Set to: N
    ---> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc
    ----> Value: DCOM Protocols
    -----> Remove ncacn_ip_tcp
    ---> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Dnscache\Parameters\
    ----> Value: MaxCachedSockets (REG_DWORD)
    -----> Set to: 0
    ---> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetBT\Parameters
    ----> SmbDeviceEnabled (REG_DWORD)
    -----> Set to: 0
    ---> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\LanmanServer\Parameters\
    ----> REG_DWORD
    -----> AutoShareServer
    ------> Set to: 0
    -----> AutoShareWks
    ------> Set to: 0
    ---> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\LanManServer\Parameters\NullSession Pipes\
    ----> NullSessionPipes
    -----> (Delete all value data INSIDE this key)
    ----> NullSessionShares
    -----> (Delete all value data INSIDE this key)
    ---> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurePipeServers\winreg\AllowedPaths\
    ----> Machine
    -----> (Delete all value data INSIDE this key)


    Now REBOOT!

    <hr>Now open the command and type in netstat -anb and then hit the Enter key. [Click the upper left icon of the command in the edit select the Select All and then the Copy and then paste the results in the next post.]


    Open the command and type in Tasklist /SVC Copy
    And paste into the next post.
    Open the command and type in Tasklist /FI "PID eq processID" (with the quotation marks) and then Enter key. Copy and paste into the next post.

    Oldsod

    Message Edited by Oldsod on 04-25-2008 01:56 PM
    Best regards.
    oldsod

  5. #5
    ngaisteve1 Guest

    Default Re: How to I block port 25, 80, 443 and 1025?

    &quot;remove any internet server in the ZA.&quot;
    Hi, after I follow your instruction above, all the port is Stealth now. Thank you so much. Appreciate it. :-)


  6. #6
    Join Date
    Dec 2005
    Posts
    8,995

    Default Re: How to I block port 25, 80, 443 and 1025?

    You are welcome.
    I suppose the last entry of my first reply is starting to make some sense.

    Best regards.
    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •