1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

HELP - 1,530 open ports on server

Discussion in 'Networking (Hardware & Software)' started by CharlieJ, 2004/05/26.

Thread Status:
Not open for further replies.
  1. 2004/05/26
    CharlieJ

    CharlieJ Inactive Thread Starter

    Joined:
    2004/05/18
    Messages:
    69
    Likes Received:
    0
    :confused: Maybe I'm crying wolf out of ignorance (see my tagline), but I'm a bit worried. On doing a full portscan of our main server, we found that we have 12 TCP ports open and 1518 UDP ports open. This server is a DC (but not forward facing on the Net). I've conducted many trojan port scans on the server over the past several months, but never a full port scan.

    I looked at Services and there doesn't seem to be any that would hold 1,530 ports open. I've checked the software running on the server -- none that I can see would cause this situation. Norton AV has been run, with no problems found.

    Question #1 - How did all these ports get opened?

    Question #2 - How do I close them? [I have not 3rd party software for this purpose. We're not using IPSec right now and cannot implement it in a hurry.]

    Server Info:
    Compaq brand server
    Windows 2000 Server OS
    Static IP Addressing
    Roles:
    Active Directory
    Domain Controller
    SQL Server 2000
    DNS Server
    File Server (limited use)
    Norton Antivirus "push server "

    ANY advice would be greatly appreciated!
     
    Last edited: 2004/05/26
    CharlieJ,
    #1
  2. 2004/05/26
    Scott Smith

    Scott Smith Inactive Alumni

    Joined:
    2002/01/12
    Messages:
    1,950
    Likes Received:
    4
    Do you have a hardware Firewall?
     
    Scott Smith,
    #2


  3. to hide this advert.

  4. 2004/05/27
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    1. What exact TCP ports?
    2. What exact UDP ports? (at least the range of them)

    Some services and daemons WILL hold certaing tcp ports in an open state, e.g. Windows Time Service, SQL, HTTP, EMAIL, Active Dir, File Server, Telnet, Remote Access, etc etc.

    The 12 open tcp ports are probably needed, unless you have some services enabled that could be disabled, such as Time, Telnet, etc.

    The udp ports maybe are being held open by some particular service.

    Answer Q re firewall/router?

    Look here re Services that use tcp ports:
    http://www.blackviper.com/WIN2K/servicecfg.htm
     
    TonyT,
    #3
  5. 2004/05/27
    JoeHobart

    JoeHobart Inactive Alumni

    Joined:
    2004/05/19
    Messages:
    919
    Likes Received:
    1
    Go grab the TCPView tool from mark's site http://www.sysinternals.com/ntw2k/source/tcpview.shtml That will allow you to see whos doing what with who for what.


    This server is a Dc as you say, and its very possible this is normal operation. Get us some details about who has what port open to whom and we can give you some more targeted advice to look into it.
     
    JoeHobart,
    #4
  6. 2004/05/27
    Steve R Jones

    Steve R Jones SuperGeek Staff

    Joined:
    2001/12/30
    Messages:
    12,317
    Likes Received:
    252
    Here's another viewer with a bit more info:

    CurrPorts-> allows you to view a list of ports that are currently in use, and the application that is using it. You can close a selected connection and also terminate the process using it, and export all or selected items to a HTML or text report. Additional information includes the local port name, local/remote IP address, highlighted status changes and more.

    File size: 39 kb

    http://www.snapfiles.com/get/cports.html
     
    Steve R Jones,
    #5
  7. 2004/06/01
    CharlieJ

    CharlieJ Inactive Thread Starter

    Joined:
    2004/05/18
    Messages:
    69
    Likes Received:
    0
    We are using a Cisco PIX firewall.
     
    CharlieJ,
    #6
  8. 2004/06/02
    CharlieJ

    CharlieJ Inactive Thread Starter

    Joined:
    2004/05/18
    Messages:
    69
    Likes Received:
    0
    I checked the TCP ports and they are all OK.

    I can send the list, but it is VERY long -- 1,518 ports.

    As it turns out MSGSYS.EXE is holding almost all of the UDP ports open. I can't find anything sinister about it, but wanted to follow-up here to be sure. From what we found, MSGSYS.EXE is a component of Intel's LANManager software.

    If anyone knows of a problems with this, please speak up. :)

    We have a PIX firewall in place.
     
    CharlieJ,
    #7
  9. 2004/06/02
    CharlieJ

    CharlieJ Inactive Thread Starter

    Joined:
    2004/05/18
    Messages:
    69
    Likes Received:
    0
    Joe & Steve,
    THANKS for the port scanners. I d/led and use CurrPorts and TCPView. Both showed me the ports & processes, which helped calm my fears. I appreciate the pointers.

    BTW, I scanned the ports with 2 different trojan detectors and all showed clean.

    Looks like we can lay this thead to rest unless someone else has something to add regarding MSGSYS.EXE or the UDP ports.
     
    CharlieJ,
    #8
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...