What are these ports???

Discussion in 'Windows Desktop Systems' started by contender, May 19, 2003.

  1. contender

    contender Guest

    I've tried a few different IP scanners that I have downloaded from the net and come back with the same results.

    I run Kerio Personal Firewal v3 Beta 6 and Linksys Router.

    I have the following ports open out of 65535 ports and was wondering what they might be and how can I close them?

    25 - smtp
    80 - www/http
    110 - pop3
    2468 - qip - msgd
    5678 - rrac

    At the time of this scan I was running Yahoo and MSN instant messengers, Mozilla browser.

    When the scan began my firewall asked if I wanted to allow or deny communication on ports 25 and 110 and for the purpose of the scan I click deny but it still showed them.
  2. Un4gIvEn1

    Un4gIvEn1 Moderator

    25 - SMTP That's for outgoing e-mail
    80 - HTTP If you close that you won't be able to view wepages
    110 - POP3 That's for incoming e-mail
    2468 - Not really sure what this one is...
    5678 - Or this one
    6688 - Or this one either... (Yahoo?)
  3. Enyo

    Enyo Moderator

    Your router is a linksys NAT based router right? With NAT enabled your system is fine! With linksys routers you will sometimes see 80, 25, 5678 and 110 appearing open on the router itself. But its not really offering a service.

    If your worried checkout your clients:

    Download FPort and see what applications are holding the ports open:


    If those ports are not internet exposed (forwarded or in DMZ) no problem. If they are offering the service locally you can still disable them if you want.

    In regards to the ports themselves:

    The last three can be anything they are dynamic ports.

    What Un4gIvEn1 says about port 80 is wrong, you dont need 80 open to view webpages.

    A HTTP server uses 80 for incoming traffic, a client uses a free port over over 1024 to fetch the page.

    I suspect They are not really open, ive talked about this before in other posts.

    What are you scanning with? Local or remote scanners? Firewall running or not?

    Steves new test is good http://nanoprobe.grc.com he has made it quite accurate.

    With Block WAN request or simular enabled on the router you have nothing to worry about!

    With netstat and Fport you will see who is really doing what and with Kerio you will see whos trying to go where.

    You have the based as good as covered! The key is no service no problem.
  4. Geffy

    Geffy Moderator Folding Team

    United Kingdom
    not quite right,
    25 is the SMTP port for a server

    all ports between 1 and 1024 are reserved for server activities, all ports above 1024 are for normal connections. ie your PC will connect to a port 25 on a mailserver, but the port you send from will not necessarily come from any defined port, but it will be between 1025 and 65535
  5. dreamworks

    dreamworks --== babyface ==--

    What about port 445? I always get someone scanning that port?
  6. Kr0m

    Kr0m Moderator

    Turtle Island
  7. Enyo

    Enyo Moderator

    Also note that its mainly worms that produce activity on this port its not a directed threat and sounds af if your firewall has it covered :)

    Just if you thinking about closing it as the article instructs:

    1) If you use windows file sharing leave it enabled. If not go ahead and follow the instructions on how to close it up.

    I will note also a easier way to close this port exists if you want to do that:

    2) http://www.uksecurityonline.com/husdg/windowsxp/close445.htm (Also takes care of NetBT)

    You dont really require to do so however.
  8. dreamworks

    dreamworks --== babyface ==--

    Thanks : )
  9. aerox

    aerox Guest

    contender what ip scanner you used?