Well, any service that listens for external access requires certain ports to be open. Basic web traffic is listened for on port 80 for example. If you get a personal (software) firewall application (ZoneAlarm for example), then you can block access to these ports. I'm not sure how well the XP firewall software works, but I'm assuming that if it's just bundled with MS then it's not "great" but "functional".
Also realize that IIS is a big security hole to begin with (as well as most Windows-default servers. Make sure your OS is fully patched & updated and also remember to disable any servers that you're not using. If you're extremely paranoid, you can always get a hardware firewall to put between your machine and the rest of the network - though a software firewall should suit your needs. I hope this answers your questions, though you've already taken the first major step by having some sort of firewall in place. -M -----Original Message----- From: Stephen Craton [mailto:[EMAIL PROTECTED] Sent: Saturday, September 27, 2003 4:31 PM To: PHP List Subject: [PHP] IIS Ports This is kind of off topic but kind of not, it's your call. My brother came home this weekend from college this weekend acting all cool since he has been learning to hack. He was telling us (the family) how he did random port penetration on the home network and he said my computer was the most vulnerable with around 25 ports open. I didn't really care until about an hour later he hacked into my computer and then reset it causing me to loose all my important information. I told my dad and my brother promptly lied about anything of the sort. What I want to know.since I know the majority of my ports open are from IIS.is how I can close these. I only need my local server accessible by just my computer but the entire network too.just not the network. I thought the ports would just be open on my computer and not the hardware firewall and everything. I went ahead and turned on the Windows XP firewall but I've heard it really sucks. So is there any way of closing the IIS ports so my brother, and any other hacker, can't get in here and cause havoc? Thanks, Stephen Craton http://www.melchior.us -- http://www.melchior.us/portfolio -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
