Backdoors? ports?

Recently I installed a FW for the first time ever on our home machine as security issues seemed to be gettin alot more attention these days.

I was Amazed and rather po'd actually at the number of unsolicited attempts that were made through my ISP connection. I'm old school folks... thats no different than walking straight into my Living Room univited and unanounced... Good way to get yourself hurt... maybe dead.

I didn't realize there were so many "ports ". Guess I really am a dinasour as the last comm ports I remember were Com1 through 4 and Lpt1 and 2. Be nice now!

Anyway. Apparently these ports are always open unless shut down by a FW? Just how many are there? Why on earth would anyone design them this way? Seems to me its like leaving all the barndoors and fence gates open all the time.

Does any of you know where I can learn more on the system ports... which are essential and which can be locked?. And how to lock them? I can find nothing within Win98SE. Imagine that! MS manuals and help systems don't mention a thing!

Thanks

Dave
Hillsboro, OH

 

More

Oh. and I noticed that some programs (i.e McAfee) sit and listen to certain ports.... if it can... so can anything else...

Need to know more.

Thanks again
Dave

 

Hello Dave,

https://grc.com/x/ne.dll?bh0bkyd2 is a port testing site and lots of explanations about ports, their functions and vulnerablities.

Regards - Charles

 

Dave - very brief and very simplified intro to 'Ports'.

- these are not physical ports like Com and LPT would be. They are a piece that can be added on to your IP address and are basically application address information.

- there are over 65,000 of them.

The lower 0-1023 are considered standard or 'well known' addresses and anyone writing certain types of software will set it up to use them. For instance
port 80 = http so is the one your browser normally uses
ports 20/21 are FTP (send and receive)
ports 25/110 are email (send and receive)

Registered Ports 1024-49151 can be assigned by programmers and many are.

Dynamic / Private Ports 49152-65535 are not assigned and should form a pool of available ports.

Any TCP/IP application that needs to establish and maintain a connection will normally do so via a type of connection called a socket and when first beginning a conversation with another machine or another TCP/IP application on the same machine will simply request that the socket be bound to a particular port.

As an example, if your PC has an assigned IP address of 199.123.45.56 and wanted to receive http browser traffic, it would ask the OS to create a socket and bind it to port 80 and would then sit quietly and listen for any incomming connection requests. The socket address would be 199.123.45.56:80.

Your firewall operates on these ports. The simplest sort of firewall can only have a particular port open or closed like a gate in a fence. If open, it will allow any inbound connection requests to be seen and acted on. If closed, the PC never even 'sees' the request. All well and good and great protection except that if you close all your ports, you will have completely isolated your PC from any network traffic of any sort. No mail, no browser, no file transfers, nothing.

Better firewalls can not only open/close ports but also examine packets trying to get in through an open port to make sure they match the type that should be using that port and block them if they are not.

The new XP firewall with SP2 can be set to open a port or ports when you open an application that needs them and then to automatically close them when you shut the application down.

 

Expanding on what Newt mentioned about examining packets.
When you try to get to a webpage, you are sending out a packet. This packet can be looked at as sending an old school letter. You have the destination address [destination IP] and a return address [return IP] in every packet. When the outside computer responds, the IP addresses are reversed.
The firewall remembers your computer sending a packet to a certain address, and will accept an incoming packet from that address.
If you get an packet from an IP, and you did not initiate contact with that computer, you get the unsolicted incoming alerts.
The GRC site has a free tool, named LeakTest, which will test your firewalls ability to stop an unauthorized outgoing attempt. Only 25 kb and free, just deny it access to the internet with your firewall.

 

Thank you all

I'll check out the references. I appreciate the info and your patience with a dinosaur. Now if these forums only had a spellcheck I wouldn't look like a total idiot. Three degrees, but never learned to type proper. Most are typos or dropped letters.

You all have a great day now.

Dave

 

Dave - my spelling isn't great either. I have been using IESpell for a while now and love it. Free, small, adds an icon to your browser bar and a click will check any text you have typed or highlighted.

As to the other - the only reason this forum exists is to help windows users and if everyone was up-to-date and knew all this stuff, we wouldn't have much to do.

 

Thanks again

I'll check out the referenced spell sheck. Oh, and not too worry... the masses will never be able to keep up... for those of you in it its a full time job to do so, let alone do what ever it is your paid for too. But almost all industries are that way now.

Smile... its healthy!
Dave

 

Spell Check for Browser?

Looks like its only for IE. Won't work with netscape will it? Anyone know if there is one for Netscape 7.2?