closing ports 23 & 80

[mapleleaf]

I've just upgraded to norton personal firewall 2006 and run a secruty test.
the results say that telnet port 23 is open as is port 80 .

Telnet is disabled as a service on my xp pro laptop.

On my router , I have set it to block port 23 and port 80 & have run teh test again but the results are the same.

does anyone know how to close these ports or put them into stealth mode?

also, I run sophos antivirus . But norton is flagging a security threat because it cant tell Sophos is running. how can I make norton aware that i have an alternate av program?

TIA

 

[masqueraid]

NPF usually stealths any ports that are not in use by your PC
http://tinyurl.com/g4eov
It's possible you still have something configured that is requesting these ports be kept open.

To find out what's keeping them open, go to Start/Run type cmd and hit return. Then type netstat -ano and hit return. This will tell you what process id number has each port open. Type exit and hit return to exit.

To find out what process has that ID number, hold down ctrl+alt+del to bring up the Taskmanager. Choose the Processes tab and click on View. Click on Select columns... and you'll get a box like in my Taskmanager attachment. Make sure that PID is checked and click Ok. The PID column show will display the process name.

If the processes aren't required then you can disable them. Otherwise the best the firewall can do is mark them as closed. This protects your computer but anyone trying to find a PC by port 23 will get your PC ID but a closed message. At that point they usually give up but they will know that your computer exists on the Net.

23 is, as you rightly say a TelNet port, 80 is useed for Web Servers and ICQ messaging (and a lot of Trojans!!)

Also check Steve Gibsons Evil Port Monitoring page which explains in more detail what's happening ...
http://www.grc.com/su-evilportmon.htm

Hope this helps

 

[masqueraid]

You might find this useful to manually switch off the "you haven't got Norton Antivirus so we're going to nag you that you're vulnerable" message:
http://tinyurl.com/zgz5x

 

[WLeg]

You blocked it on the Router, but the does the security test, test from outside your network >?

You could also use good old fashoned TCP/IP filtering on the network adapter.

 

[mapleleaf]

You blocked it on the Router, but the does the security test, test from outside your network >?

You could also use good old fashoned TCP/IP filtering on the network adapter.

I dont know about howthe test works or which side it tests from .
What does tcp/ip filtering do and how do I play around with that?

 

[masqueraid]

The tests look at your internet connection from the outside. It's easier to stealth ports on your computer but depending on the make/model of your router/modem you may be able to do this there. Just because a port is hidden on your PC doesn't mean your router/modem isn't busy going "hello here's steve's pc".

Best checks outside of the Norton ones you have already are shields up on the gibson site above and pcflank.

 

[traser]

Be careful which ports you block. Port 80 is http so if that is blocked you won't get Internet access.

Other ports to note are; 443, which is https which is used for SSL certificates, or the padlock on the browser when or go and buy something from Amazon etc. 20/21 is FTP which you may need at some point. 25/110 is SMTP and POP which are for email.

 

[WLeg]

I dont know about howthe test works or which side it tests from .
What does tcp/ip filtering do and how do I play around with that?

Assuming you are using XP, under the Properties for TCP/IP, select Advanced, then Options.

Under optional Settings, you will have TCP/IP filtering. - select Properties and you can edit the settings.

- Sorry forgot to send you this !!!