|
How Do I Close Port 1024?
Hoping some one can help me here.
I keep my system pretty secure - XP Home fully updated, Zone Alarm Plus, Trend Micro's PC Cillin 2003 under corporate license, fully updated, regular sccans with Pest Patrol, Adaware and Spybot S&D. Paranoid, you might say, but so far I have not been infected with any virus and MSBlaster didn't get me :O Also, as part of my routine I regularly go to www.grc.com and use his Shields Up port scan facility to make sure all is in order re the firewall. On my last visit but one all my service ports were stealthed and I was smugly satisfied that evildoers would have some difficulty getting into my system. However in the last couple of days a Shields Up check reveals that Port 1024 is open. I don't know enough about this to be able to talk in depth, but as far as I can figure out from the info on the GRC pages, 1024 being open while I'm on broadband is a security risk. Port 135, which I believe controls access to port 1024, remains stealthed. MSBlaster uses port 135 and I am concerned that an unsuccessful attempt by MSBlaster may have done this and I want to correct it. I have searched for components of MSBlaster on my PC and I don't have them. My ISP told me that the trojans/adware progs Netspy, Latinus and Jade all use port 1024, but as far as I can tell I don't have those (Spybot and Pest Patrol scans come up clean.) Questions: Given that port 135 remains stealthed, should I be concerned? Is there a prog or utility that I can run that will tell me which running program or process opens port 1024 on my PC? How can I close the port? I followed the instructions for doing that in Zonealarm, but it made no difference. (Ie, Firewall | Main | Internet Zone Security | Custom then scroll down to the list of ports to block where there is a facility to add your own, which I did.) Smugness gone, now a little uneasy AA |
Ausatco,
Here is the patch from Microsoft to close port 1024: Microsoft Security Bulletin MS01-059 Take Care, Richard |
Thanks, Richard. Unfortunately, when I ran the patch it quit when it discovered that I had SP1, saying that it was only for XP not upgraded to SP1. I presume from that that SP1 includes the fix. (Sorry, I should have said at the start that I had SP1.)
I read the article. It was mostly above my head, but I did note that it mentioned UPnP and associated ports 1900 and 5000. GRC has a few downloadable utilities. One of them switches on and off UPnP. I've used that in the past to disable UPnP on Gibson's recommendation for security reasons. When I toggled it just now to enable UPnP it opened 5000, as you'd expect, and then closed it again when I asked it to. I cannot see what's happening to 1900, but 1024 remains open all the time. Here's what Gibson's port scanner says about 1024 when it found it open on my PC:- One or more unspecified Distributed COM (DCOM) services are opened by Windows. The exact port(s) opened can change, since queries to port 135 are used to determine which services are operating where. As is the rule for all exposed Internet services, you should arrange to close this port to external access so that potential current and future security or privacy exploits can not succeed against your system. Edited to add:- You may not be able to go directly to that page using the above link for security reasons. If necessary navigate from Gibson's Shields Up page at https://grc.com/x/ne.dll?bh0bkyd2. Use the ports links in the Shields Up Services table halfway down the page. End of edit Of the first 1056 Internet ports, the only one I have open is 1024. It used to be "stealthed" - ie invisible to the outside world. Its changed status to "open" worries me. Cheers AA |
you could use TCP/IP filtering
start > settings > network connections right click your internet connection double click TCP/IP click advanced then the options tab click select tcp/ip filtering and select properties enter the relevant settings here |
You can enable/disable ports directly in the properties of your network card even before they get to the firewall. Be careful you don't disable ports you might need. TCP/IP filtering.
|
Ausatco,
If you are worried, you could get a Router (Hardware Firewall) or go with: McAfee Firewall (Software Firewall) Take Care, Richard |
SysInternals produce a great many useful tools. TCPView displays all the ports your system is listening on, and the processes that are responsible:
http://www.sysinternals.com/ntw2k/source/tcpview.shtml |
If you've got an old doorstop 386/486 hanging around there are several free microdistributions of UNIX/Linux that run off a stiffy (unpack themselves into 8MB RAM) and replace expensive dedicated routers/firewalls.
I'm playing with FREESCO ( http://www.freesco.org/ ) right now on an old 486 box, it looks really neat and easy to configure. Watch this space..... |
If you've got an old doorstop 386/486 hanging around there are several free microdistributions of UNIX/Linux that run off a stiffy (unpack themselves into 8MB RAM) and replace expensive dedicated routers/firewalls. I'm playing with FREESCO ( http://www.freesco.org/ ) right now on an old 486 box, it looks really neat and easy to configure. Watch this space... |
Ausatco you say you are running Xp home and Zonealarm do you have the windows firewall switched on too?
If so you can sleep easy at night I have tested firewalls quite extensively and although the XP ver is very basic, in that you can't see who is pinging/probing you there is very little chance that you will be affected. GRC does provide some good tools but SG has a major problem with Microsoft in general and some of his tools return false and frankly untrue data, or perhaps it could be explained to me that when I sit behind two software firewalls and a hardware firewall these tests still report that they could 'get' me. In these cases IP addresses often prove to of my hardware f/w so I sleep real good at night. What the blaster worm has done has opened up peoples eyes to what can happen to someone who makes no use of the free windowsupdate site which can rid you of all these problems before they visit you in the first place. Now if only some of my customers overpriced AV software could keep out sobig.abcdefg??? viruses then maybe I could go to bed... |
YeeeHaaa!! Success!:O
EGLD, ORAC, I couldn't find TCP/IP filtering in XP Home. ORAC, your MS link mentioned that you could do it in XP Pro, but did not mention Home. I fiddled around a bit but could not find a route into TCP/IP filtering - closest I got was TCP/IP properties or advanced, neither of which took me to filtering, which seems to confirm that some goodies needed by fiddlers like me aren't in Home. But thanks, 'cos I've learned a bit in the process. Richard, you suggested McAfee software firewall, but as I have a paid-for, licensed copy of Zone Alarm I didn't want to double up in the software firewall area. But thanks for following my travails, and those of many other prooners. I like to follow your links and suggestions in this forum and note what I find out. Trouble is, my FIFO stack is full and I really struggle to retain it all, but thanks anyway. :) Mac, RTFM, I've just given away an old PII box :* The new owner has had a few probs, but I can't yet tell if it the H or the M in the HMI (Human-Machine-Interface) that's the problem. If I get it back I may well go that route. F_S_D No, I don't have the XP firewall on as well, only ZA. From what I've read, one should only use one software firewall, and ZA is more comprehensive than XP built in one, or so I'm led to believe. Concur, I think SG is pushing a bit of a barrow with MS, but I love his site - lots of info that I can (mostly) understand. Peg, You get the cigar. :O How would you like that, sir? Hand rolled on the tanned thigh of a dusky Cuban maiden, perhaps? ;) TCPView was just the tool I was after - it told me that Windows Explorer (explorer.exe) was holding port 1024 open. I removed Windows Explorer from the allowed list in Zone Alarm and re-booted. When I next opened Windows Explorer after the re-boot, ZA asked if I wanted to allow explorer to be a server. I answered "No" (I had previously answered "Yes" on the basis of info contained in the FAQ on the ZoneAlarm site.) Lo! Port 1024 was stealthed :O I guess I will find out eventually (when something doesn't work) but in the meantime can anyone tell me why Windows Explorer wants to be a server, and what is the effect of allowing/disallowing that? Muchas Gratias to all AA |
|
Ausatco,
RTFQ - I completely missed that you are running Zone Alarm. :ooh: The reason I mentioned Mcafee's version of their Firewall is because it is one of the best I have seen in action. I was watching in real time as my brother-in-law's comp was under full attack on port 135. The Firewall worked flawlessly and gave the owner a lot of power for dealing with attacks. Zone Alarm is an excellent program too. If you have it running and properly configured, you are safe. Take Care, Richard |
No worries, Richard. I'm very happy and impressed with ZA. I recently watched, with some apprehension, my own computer being attacked and ZA deflecting the shots.
ZA has helped me answer my own question about why Windows Explorer wants to be a server. When the ZA warning window popped up because explorer.exe asked for server rights I clicked the "More Info" button. If anyone's interested here's what came up. Click the Technical Info, Details and Hacker ID tabs for more complete info. AA |
Hey Orac,
Back on 20 Aug you wrote You can enable/disable ports directly in the properties of your network card even before they get to the firewall. Be careful you don't disable ports you might need. TCP/IP filtering. My solution was to have Zone Alarm not permit Windows Explorer to act as a server - explorer was keeping port 1024 open. So far there have been no known repercussions. Thanks for trying to help an illiterate :O AA |
| All times are GMT. The time now is 13:56. |
Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.