First thing to do is get a copy of fport from foundstone(.com look under tools). That will tell you what the program is that has the port open. Then mess with that program (or the OS in some cases) to get the port to close. If you really want to know what kind of data is going through those ports then get your favorite windows based sniffer and go to town.
Dan. > These are ports that are open in one of my w2k [ntfs] professionals > machines. this pc runs 2 firewalls and an ids with a real time > virus guard. I want to make some sense out of this and want to > know how to close these (only the malicious like 445) ports and > how to do further analysis on these. > > Any kind of help will be highly appreciated. > > TCP 0.0.0.0:135 0.0.0.0:0 LISTENING > TCP 0.0.0.0:445 0.0.0.0:0 LISTENING > TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING > TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING > TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING > TCP 0.0.0.0:3372 0.0.0.0:0 LISTENING > TCP 0.0.0.0:8431 0.0.0.0:0 LISTENING > TCP 127.0.0.1:110 0.0.0.0:0 LISTENING > UDP 0.0.0.0:445 *:* > UDP 0.0.0.0:500 *:* > UDP 0.0.0.0:10000 *:* > UDP 127.0.0.1:1029 *:* >
