• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

What are these ports???

C

contender

Guest
#1
I've tried a few different IP scanners that I have downloaded from the net and come back with the same results.

I run Kerio Personal Firewal v3 Beta 6 and Linksys Router.

I have the following ports open out of 65535 ports and was wondering what they might be and how can I close them?

25 - smtp
80 - www/http
110 - pop3
2468 - qip - msgd
5678 - rrac
6688

At the time of this scan I was running Yahoo and MSN instant messengers, Mozilla browser.

When the scan began my firewall asked if I wanted to allow or deny communication on ports 25 and 110 and for the purpose of the scan I click deny but it still showed them.
 
#2
25 - SMTP That's for outgoing e-mail
80 - HTTP If you close that you won't be able to view wepages
110 - POP3 That's for incoming e-mail
2468 - Not really sure what this one is...
5678 - Or this one
6688 - Or this one either... (Yahoo?)
 
#3
Your router is a linksys NAT based router right? With NAT enabled your system is fine! With linksys routers you will sometimes see 80, 25, 5678 and 110 appearing open on the router itself. But its not really offering a service.

If your worried checkout your clients:

Download FPort and see what applications are holding the ports open:

http://www.foundstone.com/index.htm....htm&subcontent=/resources/proddesc/fport.htm

If those ports are not internet exposed (forwarded or in DMZ) no problem. If they are offering the service locally you can still disable them if you want.

In regards to the ports themselves:

The last three can be anything they are dynamic ports.

What Un4gIvEn1 says about port 80 is wrong, you dont need 80 open to view webpages.

A HTTP server uses 80 for incoming traffic, a client uses a free port over over 1024 to fetch the page.

I suspect They are not really open, ive talked about this before in other posts.

What are you scanning with? Local or remote scanners? Firewall running or not?

Steves new test is good http://nanoprobe.grc.com he has made it quite accurate.

With Block WAN request or simular enabled on the router you have nothing to worry about!

With netstat and Fport you will see who is really doing what and with Kerio you will see whos trying to go where.

You have the based as good as covered! The key is no service no problem.
 
#4
Originally posted by Un4gIvEn1
25 - SMTP That's for outgoing e-mail
80 - HTTP If you close that you won't be able to view wepages
110 - POP3 That's for incoming e-mail
2468 - Not really sure what this one is...
5678 - Or this one
6688 - Or this one either... (Yahoo?)
not quite right,
25 is the SMTP port for a server

all ports between 1 and 1024 are reserved for server activities, all ports above 1024 are for normal connections. ie your PC will connect to a port 25 on a mailserver, but the port you send from will not necessarily come from any defined port, but it will be between 1025 and 65535
 
#7
Also note that its mainly worms that produce activity on this port its not a directed threat and sounds af if your firewall has it covered :)

Just if you thinking about closing it as the article instructs:

1) If you use windows file sharing leave it enabled. If not go ahead and follow the instructions on how to close it up.

I will note also a easier way to close this port exists if you want to do that:

2) http://www.uksecurityonline.com/husdg/windowsxp/close445.htm (Also takes care of NetBT)

You dont really require to do so however.
 

Members online

No members online now.

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,961
Messages
673,239
Members
89,014
Latest member
sanoravies