Closing networking ports?

B

Bristinwolf

n00b
Joined
Oct 13, 2004
Messages
10
So I have just enough knowledge to get a network running in the house for games. Mostly online games at that. ( Aye i'm an EQ junky :D )

I have 4 computers that are all linked through a gigabit router-> a NAT-> cable modem.

I pretty much just plugged everything together, There was no real software for the NAT that I know of it just "seems" to work...
So my question is this. Do I have ports open that people can exploit. :confused:
If so how can I close them or how can I test to see if they are open?
Is there a way I could goto a friends house for instance and see my computers on the net if the ports are open?
Thanks in advance :)
 
If you go to your friend's computer, install NMap, and scan your computer (you'll probably want to scan all ports: 1-65535), you should see what ports, if any, are open.

That'd be one of the easiest ways to do it. However, if you haven't set up any NAT rules, the router shouldn't be forwarding any - and it shouldn't be listening to connections from the outside world. Still, it's worth checking. :)
 
To fully answer your questions:
1. Maybe. The only exploitable ports on your network are going to come from the router. These include "Remote Administration" features, forwarded ports, or machines in the DMZ.
2. Turn these features off at the router.
OPTIONAL:If you need to turn them off at the PC, disable the service that listens to them. Windows users run from the command line : netstat -ao (The letter-o switch is used in conjunction with the task manager set to display PID's for identification of listening services.) Easy way of disabling them on a per-host basis: Turn off file sharing, turn off p2p software, turn off MS Messenger service (google it, its not the MSN messenger program). If you see something, google the process name and check for recomendations.

3. Yes, You will use a port scanner, Nmap is an open source and very useful one. Note: Running port scans against computers that are not yours are interpreted as a prelude to an attack. Use of port scanners is not nice against machines that arent your own and if you do, your ISP may have some stern words about yanking your service right then and there.

Run Nmap from another machine. If you run it from your machine, chances are you will be looking at the ports from the private side of the network which will give too many false positives for you to worry about.

Visit http://scan.sygate.com/ for an online check of the public interface of your firewall.

Before you start:
Turn off any "Remote adminstration" to your firewall.
Turn off any port forwarding.
Remove any machines in the DMZ

Run the test. Nmap works well, but you gotta have a buddy with a different public IP address to check you, or somewhere other than your LAN, basically.

Firewalls only protect against exploitable services, (http, netbios, rpc, smtp, etc) they WILL NOT stop grandma from opening that Netsky email.

Also, most soho router/firewalls DONT block outgoing stuff. So if you do get infected, you will still spread stuff around. Unless you go (and FULLY CONFIGURE) for a more high-end router or linux firewall box or whatever, you still need to be careful. A soho router is just a simple lock on your front door thats one way.

Best of luck. :D
 
You must log in or register to reply here.
Back
Top