Open local ports

D

dos

Guest
Hi,

i have two local trojan ports open. I found that using LPS program. The

ports are 80 and 110. I have winXP firewall and a router. Can i somehow close

this two ports only by using xp firewall?

Thnx a lot.

 
V

Volodymyr M. Shcherbyna

Guest
At the initial stage use TCPView

http://technet.microsoft.com/en-us/sysinte...s/bb897437.aspx to get the

name of process, which opened the ports. After this you may de-install or

remove applications or put them into black list in XP FireWall

--

V.

This posting is provided "AS IS" with no warranties, and confers no

rights.

"dos" <dos@discussions.microsoft.com> wrote in message

news:D5A66A5A-E2B8-4FAB-83C2-80F46146527E@microsoft.com...<span style="color:blue">

> Hi,

> i have two local trojan ports open. I found that using LPS program. The

> ports are 80 and 110. I have winXP firewall and a router. Can i somehow

> close

> this two ports only by using xp firewall?

>

> Thnx a lot. </span>

 
D

dos

Guest
Thanks for reply.

I have licenced copy of port explorer but there, i don't see any mentioned

open local ports. Only firefox.exe is using remote port 80, for 110 i'm not

sure. Thats strange.

"Volodymyr M. Shcherbyna" wrote:

<span style="color:blue">

> At the initial stage use TCPView

> http://technet.microsoft.com/en-us/sysinte...s/bb897437.aspx to get the

> name of process, which opened the ports. After this you may de-install or

> remove applications or put them into black list in XP FireWall

>

> --

> V.

> This posting is provided "AS IS" with no warranties, and confers no

> rights.

> "dos" <dos@discussions.microsoft.com> wrote in message

> news:D5A66A5A-E2B8-4FAB-83C2-80F46146527E@microsoft.com...<span style="color:green">

> > Hi,

> > i have two local trojan ports open. I found that using LPS program. The

> > ports are 80 and 110. I have winXP firewall and a router. Can i somehow

> > close

> > this two ports only by using xp firewall?

> >

> > Thnx a lot. </span>

>

>

> </span>

 
J

Juergen Nieveler

Guest
dos <dos@discussions.microsoft.com> wrote:

<span style="color:blue">

> i have two local trojan ports open. I found that using LPS program.

> The ports are 80 and 110. I have winXP firewall and a router. Can i

> somehow close this two ports only by using xp firewall? </span>

a) If it's really a trojan, merely installing a firewall will not help

you

style_emoticons/ A trojan won't use 80 and 110, the chance of colliding with real

applications would be too high. I'm willing to bet that those two ports

are opened by your virus scanner which is trying to scan your web

traffic and email downloads...

Juergen Nieveler

--

Take my advice, I don't use it anyway.

 
T

Tom [Pepper] Willett

Guest
Port 110 is for email.

"dos" <dos@discussions.microsoft.com> wrote in message

news:C8499AC2-1F0D-4CB4-B8D2-FE059CF36196@microsoft.com...

: Thanks for reply.

: I have licenced copy of port explorer but there, i don't see any mentioned

: open local ports. Only firefox.exe is using remote port 80, for 110 i'm

not

: sure. Thats strange.

:

: "Volodymyr M. Shcherbyna" wrote:

:

: > At the initial stage use TCPView

: > http://technet.microsoft.com/en-us/sysinte...s/bb897437.aspx to get the

: > name of process, which opened the ports. After this you may de-install

or

: > remove applications or put them into black list in XP FireWall

: >

: > --

: > V.

: > This posting is provided "AS IS" with no warranties, and confers no

: > rights.

: > "dos" <dos@discussions.microsoft.com> wrote in message

: > news:D5A66A5A-E2B8-4FAB-83C2-80F46146527E@microsoft.com...

: > > Hi,

: > > i have two local trojan ports open. I found that using LPS program.

The

: > > ports are 80 and 110. I have winXP firewall and a router. Can i

somehow

: > > close

: > > this two ports only by using xp firewall?

: > >

: > > Thnx a lot.

: >

: >

: >

 
V

Volodymyr M. Shcherbyna

Guest
> style_emoticons/ A trojan won't use 80 and 110, the chance of colliding with real<span style="color:blue">

> applications would be too high. I'm willing to bet that those two ports

> are opened by your virus scanner which is trying to scan your web

> traffic and email downloads...</span>

I don't think so. This is a stupid approach from the point of view of

security software. Antivirus or whatever will try to enumerate all opened

ports, this operation is less costly then binding, and listening on some

port.

Even if the above solution would not be suitable for antivirus, it could

always call bind (...) on a specified port., and if it busy, it will get

WSAEACCES error . So, as you can, see, there is no need to create a fully

functional server to check some port (because listen (...) and accept (...)

are not called in this case)

--

V.

This posting is provided "AS IS" with no warranties, and confers no

rights.

"Juergen Nieveler" <juergen.nieveler.nospam@arcor.de> wrote in message

news:Xns9A7AE0724445juergennieveler@nieveler.org...<span style="color:blue">

> dos <dos@discussions.microsoft.com> wrote:

><span style="color:green">

>> i have two local trojan ports open. I found that using LPS program.

>> The ports are 80 and 110. I have winXP firewall and a router. Can i

>> somehow close this two ports only by using xp firewall?</span>

>

> a) If it's really a trojan, merely installing a firewall will not help

> you

>

> style_emoticons/ A trojan won't use 80 and 110, the chance of colliding with real

> applications would be too high. I'm willing to bet that those two ports

> are opened by your virus scanner which is trying to scan your web

> traffic and email downloads...

>

> Juergen Nieveler

> --

> Take my advice, I don't use it anyway. </span>

 
V

Volodymyr M. Shcherbyna

Guest
BTW, what is the need to open 80 port or 110 to scan the traffic? The

traffic which going to be scanned should go to remote IP + remote port. Not

the local ones.

--

V.

This posting is provided "AS IS" with no warranties, and confers no

rights.

"Volodymyr M. Shcherbyna" <v_scherbina@online.mvps.org> wrote in message

news:eMS3pOhmIHA.3780@TK2MSFTNGP06.phx.gbl...<span style="color:blue"><span style="color:green">

>> style_emoticons/ A trojan won't use 80 and 110, the chance of colliding with real

>> applications would be too high. I'm willing to bet that those two ports

>> are opened by your virus scanner which is trying to scan your web

>> traffic and email downloads...</span>

>

> I don't think so. This is a stupid approach from the point of view of

> security software. Antivirus or whatever will try to enumerate all opened

> ports, this operation is less costly then binding, and listening on some

> port.

>

> Even if the above solution would not be suitable for antivirus, it could

> always call bind (...) on a specified port., and if it busy, it will get

> WSAEACCES error . So, as you can, see, there is no need to create a fully

> functional server to check some port (because listen (...) and accept

> (...) are not called in this case)

>

>

> --

> V.

> This posting is provided "AS IS" with no warranties, and confers no

> rights.

> "Juergen Nieveler" <juergen.nieveler.nospam@arcor.de> wrote in message

> news:Xns9A7AE0724445juergennieveler@nieveler.org...<span style="color:green">

>> dos <dos@discussions.microsoft.com> wrote:

>><span style="color:darkred">

>>> i have two local trojan ports open. I found that using LPS program.

>>> The ports are 80 and 110. I have winXP firewall and a router. Can i

>>> somehow close this two ports only by using xp firewall?</span>

>>

>> a) If it's really a trojan, merely installing a firewall will not help

>> you

>>

>> style_emoticons/ A trojan won't use 80 and 110, the chance of colliding with real

>> applications would be too high. I'm willing to bet that those two ports

>> are opened by your virus scanner which is trying to scan your web

>> traffic and email downloads...

>>

>> Juergen Nieveler

>> --

>> Take my advice, I don't use it anyway.</span>

>

> </span>

 
J

Juergen Nieveler

Guest
"Volodymyr M. Shcherbyna" <v_scherbina@online.mvps.org> wrote:

<span style="color:blue">

> BTW, what is the need to open 80 port or 110 to scan the traffic? The

> traffic which going to be scanned should go to remote IP + remote

> port. Not the local ones.</span>

AV software often contains built-in proxy servers that open for example

localhost:110 and alter the email software settings to route the mail

download through the local proxy.

Juergen Nieveler

--

I'll pass on the dope. The detonation is set for tomorrow which means

screws will destruct.

 
V

Volodymyr M. Shcherbyna

Guest
Yes, this may happen as-well, I agree.

--

V.

This posting is provided "AS IS" with no warranties, and confers no

rights.

"Juergen Nieveler" <juergen.nieveler.nospam@arcor.de> wrote in message

news:Xns9A7B6C3A2D7B8juergennieveler@nieveler.org...<span style="color:blue">

> "Volodymyr M. Shcherbyna" <v_scherbina@online.mvps.org> wrote:

><span style="color:green">

>> BTW, what is the need to open 80 port or 110 to scan the traffic? The

>> traffic which going to be scanned should go to remote IP + remote

>> port. Not the local ones.</span>

>

> AV software often contains built-in proxy servers that open for example

> localhost:110 and alter the email software settings to route the mail

> download through the local proxy.

>

>

> Juergen Nieveler

> --

> I'll pass on the dope. The detonation is set for tomorrow which means

> screws will destruct. </span>

 
You must log in or register to reply here.
Top Bottom