Lyrics & Knowledge Personal Pages Record Shop Auction Links Radio & Media Kids Membership Help
The Mudcat Cafemuddy

Post to this Thread - Sort Descending - Printer Friendly - Home


Tech: Port Query

GUEST,Andrez 10 Mar 12 - 03:07 AM
Andrez 10 Mar 12 - 03:09 AM
Joe Offer 10 Mar 12 - 03:52 AM
treewind 10 Mar 12 - 04:57 AM
JohnInKansas 10 Mar 12 - 07:18 AM
Nick 10 Mar 12 - 08:50 AM
Andrez 10 Mar 12 - 08:58 AM
Stilly River Sage 10 Mar 12 - 09:10 AM
Stilly River Sage 10 Mar 12 - 09:22 AM
Stilly River Sage 10 Mar 12 - 09:43 AM
Share Thread
more
Lyrics & Knowledge Search [Advanced]
DT  Forum
Sort (Forum) by:relevance date
DT Lyrics:





Subject: Tech: Port Query
From: GUEST,Andrez
Date: 10 Mar 12 - 03:07 AM

Hi Just a quick tech question that I cant find a straight forward answer to through Google and am hoping that a tech guru like maybe John in Kansas might be able to help with a clear answer.

I did a brief port scan of my router with the following results:

         Open TCP Port:         21                ftp
         Open TCP Port:         22                ssh
         Open TCP Port:         23                telnet
         Open TCP Port:         80                http

         Open TCP Port:         1863                msnp
         Open TCP Port:         1864                paradym-31port
         Open TCP Port:         4443                pharos
         Open TCP Port:         5190                aol
         Open TCP Port:         5566                udpplus

I have no probems with the first four ports but am curious about the others. I am guessing that port 1863 msnp has something to do with Microsoft msn. Since I run various flavours of Windows in either hardware or emulation mode thats not unreasonable and while I'm not that happy with Microsoft accessing any info re my system I don't think it can be helped given the constant flow of security fixes that need downloading.

I'm guessing that port 5190 has something to do with America Online but I could be seriouly mistaken here. If correct though, I'll close that connection unless for some unfathonable reason it has to stay open..... I'm a big privacy freak when it comes to my personal IT setup!

The real puzzles are ports 1864 paradym-31port and ports 4443 pharos. Can anyone, John or otherwise tell me what services these ports are enabling and the pros and cons of closing them off on my router a Netcomm NB9WMAXXN.

Thanks in advance folks,

Cheers,

Andrez


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Port Query
From: Andrez
Date: 10 Mar 12 - 03:09 AM

Reset cookie, now acting as self and not guest once more.

Cheers,

Andrez


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Port Query
From: Joe Offer
Date: 10 Mar 12 - 03:52 AM

Hi, Andrez-
OK, so you're beyond me already. How does one do a port scan?

-Joe-


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Port Query
From: treewind
Date: 10 Mar 12 - 04:57 AM

If you want to port scan your own network, you have to get someone else to do it for you. I think there are web sites that will do it - basically they try to connect to your computer via your ADSL link on every port number and see if they get a response, then send you back a list of which ones responded.

To get a response, your router has to allow the connection in AND your computer has to have some process listening on that port number.

Port numbers are what identifies an incoming packet so the computer knows which running process to send it to. There are well known standard numbers like 80 for a web server and 21, and 23 for ftp, for example.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Port Query
From: JohnInKansas
Date: 10 Mar 12 - 07:18 AM

You can go to almost any of the AV providers and get a "remote scan" for infections, and the better ones offer a more general "security scan" that will identify any improperly open ports you might have. Since I use Norton, I usually go there, and they have had a scan that well check whether you have a port open that presents a security risk. The ports that they confirm are open for a "normal" purpose generally aren't mentioned in the report that they give you, but the scan will tell you if you have one that shouldn't be open.

(Win2K had one port they didn't like, that couldn't be closed without trashing the machine, but most other recent Win versions should theoretically be capable of being "invisible" to unathorized outside intruders.)

I can't speak to the other providers who offer similar scans, but Norton may take you to a page to show you what they offer to "make everything beautiful" after the scan report is done; but they don't hassle you with any high pressure salesmanship.

I don't have a link handy, but it shouldn't be hard to find with either Norton or Symantec as a search term. Just make sure you go to their "real" site (or a real one for another AV maker of your choice) as "scareware" that tries to look like they'll do things for you (but end up doing things to you) are far too common.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Port Query
From: Nick
Date: 10 Mar 12 - 08:50 AM

There is a discusion from some years back that is errily familiar that suggests it may be a firmware bug with netgear and that you are not alone. Means little to me though!

What are these open ports on my router?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Port Query
From: Andrez
Date: 10 Mar 12 - 08:58 AM

Hi folks, the port scan I ran was internal to my network. I use a mixed Mac & PC environment and all I did was using Mac Software IPNetMonitor X (V 2.6c) details at http://www.sustworks.com/site/prod_ipmx_overview.html and ran the port scan function on the IP addresss of my primary router.

Having said that, I ran the scan again at the basic router IP address and got the following results:

Port         Target             Type         Description
21         IPs deleted        TCP         FTP
22         .................        TCP         ssh
23         .................        TCP         Telnet
80         .................        TCP         HTTP
554         .................        TCP         RTSP
5431 .................        TCP        

A check of the list at IANA gives me a name and an email as to who the assignee of port 5431happens to be but nothing more specific. As I dont know the 'owner'of port 5431, I will look to close access to that port and take note of any consequences or otherwise for my comms and network.

The 'owner" of " Open TCP Port: 4443 pharos" is someone in Germany with whom I also have no known connection, but clearly based on the current scan that port is no longer open. That said I'd still like to know more about 4443 pharos and what it is about.

FYI re my first post, I found that I had thought that the list of ports I first posted were the result of running a script to initiate the IPNetMonitor port scan. This wasnt the case it was simply an older text file that simply read: "Port Scan has started ..." and then had the list details underneath, so it wasnt a current listing of open ports I just assumed it was. My apologies for that error.

That said, I'm still curious about how those specific router ports could have been opened in the first place. This really isnt my forte and I dont have the time at present to do the research. Will have to check my router firewall a little more closely.

Cheers,

Andrez


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Port Query
From: Stilly River Sage
Date: 10 Mar 12 - 09:10 AM

In my library world pharos is the name of the software program that manages the connection between campus computers and the printer system. Don't know if it has anything to do with your ports, however.

I use Shields Up to take a look at the security of my computer. It will run any number of tests you ask it to.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Port Query
From: Stilly River Sage
Date: 10 Mar 12 - 09:22 AM

While I'm at it, I'll throw another consideration into the security pot and stir around. This is on the page I just linked to at Shields Up:

The text below might uniquely
identify you on the Internet
Your Internet connection's IP address is uniquely associated with the following "machine name":

XX-81-182-XX.dhcp.xxxx.tx.charter.com
The string of text above is known as your Internet connection's "reverse DNS." The end of the string is probably a domain name related to your ISP. This will be common to all customers of this ISP. But the beginning of the string uniquely identifies your Internet connection. The question is: Is the beginning of the string an "account ID" that is uniquely and permanently tied to you, or is it merely related to your current public IP address and thus subject to change?

The concern is that any web site can easily retrieve this unique "machine name" (just as we have) whenever you visit. It may be used to uniquely identify you on the Internet. In that way it's like a "supercookie" over which you have no control. You can not disable, delete, or change it. Due to the rapid erosion of online privacy, and the diminishing respect for the sanctity of the user, we wanted to make you aware of this possibility. Note also that reverse DNS may disclose your geographic location.

If the machine name shown above is only a version of the IP address, then there is less cause for concern because the name will change as, when, and if your Internet IP changes. But if the machine name is a fixed account ID assigned by your ISP, as is often the case, then it will follow you and not change when your IP address does change. It can be used to persistently identify you as long as you use this ISP.

There is no standard governing the format of these machine names, so this is not something we can automatically determine for you. If several of the numbers from your current IP address (xx.81.182.xx) appear in the machine name, then it is likely that the name is only related to the IP address and not to you. But you may wish to make a note of the machine name shown above and check back from time to time to see whether the name follows any changes to your IP address, or whether it, instead, follows you.

Just something to keep in mind as you wander the Internet.


Indeed!

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Port Query
From: Stilly River Sage
Date: 10 Mar 12 - 09:43 AM

I just ran the test on "Checking the Most Common and Troublesome Internet Ports"


PASSED

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.


You can also look at all of them - there is a page to "Determine the status of your system's first 1056 ports" and you can see what everything is called.


Why the first 1056 Ports?

Internet ports are numbered from 1 through 65535, but the first 1023 ports are special. By tradition, and some enforcement, ports 1 through 1023 are generally reserved for the acceptance of incoming connections by services running on the receiving system. Internet services "listen" on various standard low-numbered ports so that clients wishing to have access to those services know where they may be found. Web servers traditionally listen on port 80, eMail servers listen on ports 25 and 110, FTP servers listen on port 21 and Telnet servers listen on port 23. And the list goes on. Here's the official Internet Assigned Numbers Authority (IANA) port assignment list.
Although it is possible to have higher-numbered ports listening for incoming connections, our scan of the entire "service port range" will detect all standard services running and listening on the standard service ports.

Due to the insecure behavior of Microsoft's Windows operating systems, we have added an additional 33 ports to these first 1023 ports, bringing the total to 1056. Windows has a tendency to establish globally available listening services on the first few ports in the "client port" range which begins just past 1023. If you are not running a personal firewall, or you are allowing ShieldsUP! probes into your network, you may discover one or more additional open ports at, or just above, 1024.
SRS


Post - Top - Home - Printer Friendly - Translate
  Share Thread:
More...

Reply to Thread
Subject:  Help
From:
Preview   Automatic Linebreaks   Make a link ("blue clicky")


Mudcat time: 23 September 4:34 PM EDT

[ Home ]

All original material is copyright © 1998 by the Mudcat Café Music Foundation, Inc. All photos, music, images, etc. are copyright © by their rightful owners. Every effort is taken to attribute appropriate copyright to images, content, music, etc. We are not a copyright resource.