Open ports - how to fix it?

Panteratorr · 05-13-2005, 02:49 PM

Hi,
I'm a newbie and don't know how to deal with open ports. I've run ShieldsUP scan at http://www.grc.com. Result: ports 80, 135 and 443 are open.

I know that ports 80 and 443 are stealth if any program server rights in Zone alarm program control are denied. But then I have to allow it manually everytime my program wants to act as a server.

I don't understand the principle. Let me ask:
If server rights for some programs (for example Skype, Direct connect client or some game which needs to act as a server) are allowed, will be port 80 open for whole internet too?
Or is my PC save if server rights are allowed only for my known programs?

So what should I do?
A. Deny all server rights in ZA program control and allow it everytime my programs would like act as a server,
or
B. Just allow server rights for my known programs and ZA will block other traffic via ports 80 and 443 automaticaly,
or
C. I need to set some expert rules. (if so please post some link how to make it, because I don't know how)

And last question: what should I do with port 135? Is it very critical to let it open?

I'm sorry about my poor skills and english.

Thank you for your help in advance!!

Panteratorr · 05-14-2005, 11:25 AM

I've changed program control settings in ZA and disabled DCOM. I've run ShieldsUP again and I've passed all scans. All my ports are stealth now (or seems to be). Because I only didn't pass TruStealth analysis - "Solicited TCP Packets: RECEIVED (FAILED) .....one or more of your system's ports actively responded to our deliberate attempts to establish a connection."

Does anybody know what's the problem? How can I find out which port is still responding, despite it seems to be stealth?

Thank you again

05-13-2005, 02:49 PM	#1 (permalink)
Panteratorr Registered User Join Date: May 2005 Location: Slovakia Posts: 31 OS: WinXP Home SP2 My System	Open ports - how to fix it? Hi, I'm a newbie and don't know how to deal with open ports. I've run ShieldsUP scan at http://www.grc.com. Result: ports 80, 135 and 443 are open. I know that ports 80 and 443 are stealth if any program server rights in Zone alarm program control are denied. But then I have to allow it manually everytime my program wants to act as a server. I don't understand the principle. Let me ask: If server rights for some programs (for example Skype, Direct connect client or some game which needs to act as a server) are allowed, will be port 80 open for whole internet too? Or is my PC save if server rights are allowed only for my known programs? So what should I do? A. Deny all server rights in ZA program control and allow it everytime my programs would like act as a server, or B. Just allow server rights for my known programs and ZA will block other traffic via ports 80 and 443 automaticaly, or C. I need to set some expert rules. (if so please post some link how to make it, because I don't know how) And last question: what should I do with port 135? Is it very critical to let it open? I'm sorry about my poor skills and english. Thank you for your help in advance!!

05-14-2005, 11:25 AM	#2 (permalink)
Panteratorr Registered User Join Date: May 2005 Location: Slovakia Posts: 31 OS: WinXP Home SP2 My System	I've changed program control settings in ZA and disabled DCOM. I've run ShieldsUP again and I've passed all scans. All my ports are stealth now (or seems to be). Because I only didn't pass TruStealth analysis - "Solicited TCP Packets: RECEIVED (FAILED) .....one or more of your system's ports actively responded to our deliberate attempts to establish a connection." Does anybody know what's the problem? How can I find out which port is still responding, despite it seems to be stealth? Thank you again