With dangerous worms and Trojans out on the Internet, computer users should know the ways they are vulnerable to attacks. One of the simplest but most vital tests you can do to determine potential vulnerabilities is to find out which “ports” your PC has open to the outside world.
~~~~~~~~~~~~~~~~~~~~~~~~
Ports 101….
Computers “speak” across networks and the Internet via communication channels called “ports”. Many ports are pre-assigned to specific network services, such as HTTP (port 80) and FTP (port 21); these are called well-known ports. There are two kinds of ports: TCP (Transmission Control Protocol) ports and UDP (User Datagram Protocol) ports. Bad things Trojans, worms, viruses run on other, lesser know ports – and some ports are know to hackers to be vulnerable for accessing.
So what’s the big deal?
If a program on your computer has asked to field requests that come in via a particular port, it is said to be “listening” on the port. A program that does this is called a daemon in Unix or a service in Windows-speak. Any program that listens on a port represents a potential liability. If the program isn’t equipped to recognize when too many requests come in at once—and reject at least some of them—it may tie up the entire machine trying to service them all. This is one form of denial-of-service (DoS) attack. And if the program has a bug that allows an intruder to overwrite memory (a buffer overflow), it may allow the system to be taken over completely. Also, Trojan horse programs frequently reveal themselves because they listen on specific ports.
In general, the fewer the ports on which your computer is listening, the less susceptible it is to certain types of attacks. So be sure to shut down as many unused services as possible—especially those involved with Windows file sharing, instant-messaging services, and so forth.
~~~~~~~~~~~~~~~~~~~~~~~~
There is a great – free online scanning tool called “Shields Up” from GRC which can scan your machine in real-time to check for open port related security issues:
http://www.grc.com
The best way to see your ports In Windows is to open a command window (Start>Run> Type:”cmd” and “Enter”) and type “netstat -an”. In the resulting listing, the ports you care about are the ones on which your computer is listening.
Common ports:
# 21 FTP
# 22 SSH
# 23 TELNET
# 25 SMTP
# 53 DNS
# 80 HTTP
# 110 POP3
# 115 SFTP
# 135 RPC
# 139 NetBIOS
# 143 IMAP
# 194 IRC
# 443 SSL
# 445 SMB
# 1433 MSSQL
# 3306 MySQL
# 3389 Remote Desktop
# 5631 – 5632 PCAnywhere
# 5900 VNC
See E Street’s Ports List for their numbers and uses: http://kb.estreet.com/artImages/PortsList.html (also http://www.iana.org/assignments/port-numbers ). If you know that your computer is providing the services that normally use those ports, fine. But if not, or if other ports are open, be suspicious. Be suspicious of any open ports associated with malware or Trojans.
