Personal computing discussed
Moderators: renee, Steel, notfred
Terra_Nocuus wrote:Just doing some reading on firewalls, and I grew curious about the sheer number of ports that can be open, and the average user not know. So, i used nmapwin to find my own open ports, and I noticed an interesting one: "445/tcp microsoft-ds" was the tag... is that for windows update? also, which ports should be kept open (ie, internet, intra-network file sharing) and which of the 1700 available should be kept closed?
Thanks!
Terra_Nocuus wrote:Just doing some reading on firewalls, and I grew curious about the sheer number of ports that can be open, and the average user not know. So, i used nmapwin to find my own open ports, and I noticed an interesting one: "445/tcp microsoft-ds" was the tag... is that for windows update? also, which ports should be kept open (ie, internet, intra-network file sharing) and which of the 1700 available should be kept closed?
Thanks!
Canuckle wrote:The unregistered ports are difficult to screen - these are the ports that clients use to establish connections. For example, starting IE will bind it to an unregistered port - you are connecting to the server on the servers' port 80, NOT yours. Same when using FTP - your client is using a port above 1023 and connecting to an FTP server on the server's port 20/21.
just brew it! wrote:This is the issue that a "stateful firewall" is designed to address. It actually monitors the outgoing connections, and only allows incoming traffic that has specifically been requested by something behind the firewall.
Active Connections
Proto Local Address Foreign Address State
TCP myhostname:1058 myhostname.domain:1059 ESTABLISHED
TCP myhostname:1059 myhostname.domain:1058 ESTABLISHED
TCP myhostname:1110 ip-like-number.deploy.akamaitechnologies.com:https ESTABLISHED
thegleek wrote:
thegleek wrote:stuff happens A LOT behind the scenes when you use many programs
and surf many websites... mostly ads..
BigMadDrongo wrote:Hmmm... just ran netstat and I noticed some... interesting connections.Code: Select allActive Connections
Proto Local Address Foreign Address State
TCP myhostname:1058 myhostname.domain:1059 ESTABLISHED
TCP myhostname:1059 myhostname.domain:1058 ESTABLISHED
TCP myhostname:1110 ip-like-number.deploy.akamaitechnologies.com:https ESTABLISHED
(I've snipped the ones I've been able to identify.)
Anyone know what the last one might be? And why my computer is connecting to itself like that (the first two)? (I don't really think it's dangerous, but I was wondering if it's possible to spoof that field, in which case it could be something suspect masquerading as my computer.)
thegleek wrote:also, i wouldnt be so anal in looking at yer netstat -an all the time...
thegleek wrote:stuff happens A LOT behind the scenes when you use many programs
and surf many websites... mostly ads..
Canuckle wrote:To your second, something looks be resolving myhostname.domain to localhost - something that requires a domain name. Don't happen to remember anything that you would have installed that would require this? It's resolving back to your computer so I wouldn't worry about it though.
dolemitecomputers wrote:Can I ask what you do Canuckle? You seem to know your stuff.
BigMadDrongo wrote:Thanks for the help (yeah, I should have thought of google too ). myhostname.domain is an edit - I didn't post the actual one since that would have all but given away my one remaining spam-free (so far!) email address on a public forum. Not that I think anyone on the TR forums would spam, but I'm just protective of this address I have the domain name set up for my uni network.
BigMadDrongo wrote:No idea what that self-connection is, but since I'm guessing something eating its own tail can't really harm me I may as well just live in blissful ignorance