"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.aty ahoo.com> wrote in message
news:%23wzugvO%23FHA.1248@TK2MSFTNGP14.phx.gbl...
>
>
> In news:OesaGw59FHA.3760@TK2MSFTNGP14.phx.gbl,
> networm <networm8848@yahoo.com> typed:
>> "Jack" <JackMDS@verizon.net> wrote in message
>> news:%23iZzMOv9FHA.2676@TK2MSFTNGP15.phx.gbl...
>>> Ports by defaults are not open or closed they just sit there being
>>> ready to
>>> be used by an application that needs them.
>>>
>>> One of the roll of a Firewall is to keep ports closed for traffic
>>> unless one
>>> of the application that you are using requesting a port for its own
>>> use, therefore it is a very good idea to use Firewall.
>>>
>>> The email that you received is a little odd, unless a Trojan is
>>> capable to transmit your email address it is unlikely that he can
>>> infer you email address from an IP number. In otherworld, it might
>>> be a "prank?email. Basic Protection for Broadband Internet connection
>>> should consist of.
>>>
>>> 1. Router's NAT Firewall (even if you have only one computer).
>>>
>>> 2. Software Firewall (Why? See here,
>>> http://www.ezlan.net/firewall.html ). 3. Antivirus Program.
>>>
>>> 4. AntiSpy Program.
>>>
>>> A good security suit can be assembled by using very good Free
>>> programs, http://www.ezlan.net/security.html
>>>
>>> Microsoft is currently Beta testing a comprehensive One Care program
>>> that might be a good substitute to the software that is mentioned
>>> above. http://beta.windowsonecare.com/Betaentry.aspx
>>>
>>> If you are already infected this might help,
>>>
>>> Internet Infestation: http://www.ezlan.net/infestation.html
>>>
>>> Basic Steps in cleaning Internet "Junk" -
>>> http://www.ezlan.net/clean.html Jack (MVP-Networking).
>>>
>>>
>>>
>>
>>
>> The email was forwarded by our security office. The sender found out
>> our organization and sent it to our security office...
>>
>> Anyway, I am using Windows Fire Wall... How can i shut down these
>> ports?
>> Using those sophiscated techniques to find which processes are using
>> the ports is too much for me...
>>
>> I just want to close the ports...
>>
>> Thanks a lot!
>
> Without knowing anything about your setup/network it's hard to tell you
> much here. The windows firewall cannot block outbound traffic. You'd need
> something else - either hardware (firewall appliance) or software. This is
> not as simple a task as you clearly wish it to be, unfortunately - and I
> also question whether it's actually necessary as you haven't provided
> enough info for us to know whether your PC is actually compromised. You'd
> need to have the recipient of the offending message copy/paste the
> Internet mail headers and send this to you, so you could investigate it.
>
> If you're on a company network, someone should be managing your network
> security and you ought to ask them for help. If this is a home computer,
> you need to provide a lot more info in order to get help.
>

Yes, I am an organization network.

But our administrator only knows about asking me to reinstall the OS system
everytime they suspect some compromise happens. They know no better than
using Norton Antivirus to check security.

I don't want to complain more. I don't want to reinstall OS either.

So tell me how to shutdown those 3 ports.

My computer is not a server so it should not use ports such as 80, etc.

"Lionel Fourquaux" <use-reply-to@no-spam.invalid> wrote in message
news:ui0dmAA%23FHA.3804@TK2MSFTNGP14.phx.gbl...
> "networm" <networm8848@yahoo.com> a écrit dans le message de news:
> ukAn0w59FHA.2324@TK2MSFTNGP11.phx.gbl...
>> I am using Windows Fire Wall... How can i shut down these ports?
>
> Control panel -> Windows firewall, Exceptions, uncheck the exceptions you
> do not want.
>
>> I just want to close the ports...
>
> Closing everything blindly is bound to cause problems sooner or later.
>

But our administrator only knows about asking me to reinstall the OS system
everytime they suspect some compromise happens. They know no better than
using Norton Antivirus to check security.

I don't want to complain more. I don't want to reinstall OS either.

So tell me how to shutdown those 3 ports.

My computer is not a server so it should not use ports such as 80, etc.

I have checked, they are not in the exceptions tab in Windows Firewall.

"networm" <networm8848@yahoo.com> a écrit dans le message de news:
egyK%230P%23FHA.2708@TK2MSFTNGP12.phx.gbl...
> But our administrator only knows about asking me to reinstall the OS
> system everytime they suspect some compromise happens.

If your OS has been compromised, that's usually the safest solution.

> I have checked, they are not in the exceptions tab in Windows Firewall.

Can you post the output of these commands?

tasklist /svc
netstat -a -n -o
netsh firewall show config

In news:uLhOk0P%23FHA.4012@TK2MSFTNGP10.phx.gbl,
networm <networm8848@yahoo.com> typed:
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmail.aty ahoo.com> wrote in
> message news:%23wzugvO%23FHA.1248@TK2MSFTNGP14.phx.gbl...
>>
>>
>> In news:OesaGw59FHA.3760@TK2MSFTNGP14.phx.gbl,
>> networm <networm8848@yahoo.com> typed:
>>> "Jack" <JackMDS@verizon.net> wrote in message
>>> news:%23iZzMOv9FHA.2676@TK2MSFTNGP15.phx.gbl...
>>>> Ports by defaults are not open or closed they just sit there being
>>>> ready to
>>>> be used by an application that needs them.
>>>>
>>>> One of the roll of a Firewall is to keep ports closed for traffic
>>>> unless one
>>>> of the application that you are using requesting a port for its own
>>>> use, therefore it is a very good idea to use Firewall.
>>>>
>>>> The email that you received is a little odd, unless a Trojan is
>>>> capable to transmit your email address it is unlikely that he can
>>>> infer you email address from an IP number. In otherworld, it might
>>>> be a "prank?email. Basic Protection for Broadband Internet
>>>> connection should consist of.
>>>>
>>>> 1. Router's NAT Firewall (even if you have only one computer).
>>>>
>>>> 2. Software Firewall (Why? See here,
>>>> http://www.ezlan.net/firewall.html ). 3. Antivirus Program.
>>>>
>>>> 4. AntiSpy Program.
>>>>
>>>> A good security suit can be assembled by using very good Free
>>>> programs, http://www.ezlan.net/security.html
>>>>
>>>> Microsoft is currently Beta testing a comprehensive One Care
>>>> program that might be a good substitute to the software that is
>>>> mentioned above. http://beta.windowsonecare.com/Betaentry.aspx
>>>>
>>>> If you are already infected this might help,
>>>>
>>>> Internet Infestation: http://www.ezlan.net/infestation.html
>>>>
>>>> Basic Steps in cleaning Internet "Junk" -
>>>> http://www.ezlan.net/clean.html Jack (MVP-Networking).
>>>>
>>>>
>>>>
>>>
>>>
>>> The email was forwarded by our security office. The sender found out
>>> our organization and sent it to our security office...
>>>
>>> Anyway, I am using Windows Fire Wall... How can i shut down these
>>> ports?
>>> Using those sophiscated techniques to find which processes are using
>>> the ports is too much for me...
>>>
>>> I just want to close the ports...
>>>
>>> Thanks a lot!
>>
>> Without knowing anything about your setup/network it's hard to tell
>> you much here. The windows firewall cannot block outbound traffic.
>> You'd need something else - either hardware (firewall appliance) or
>> software. This is not as simple a task as you clearly wish it to be,
>> unfortunately - and I also question whether it's actually necessary
>> as you haven't provided enough info for us to know whether your PC
>> is actually compromised. You'd need to have the recipient of the
>> offending message copy/paste the Internet mail headers and send this
>> to you, so you could investigate it. If you're on a company network,
>> someone should be managing your
>> network security and you ought to ask them for help. If this is a
>> home computer, you need to provide a lot more info in order to get
>> help.
>
> Yes, I am an organization network.
>
> But our administrator only knows about asking me to reinstall the OS
> system everytime they suspect some compromise happens. They know no
> better than using Norton Antivirus to check security.

Talk to management, then. That isn't IT support.
>
> I don't want to complain more.

Well, you should.

> I don't want to reinstall OS either.

Nor would I.
>
> So tell me how to shutdown those 3 ports.

As I wrote, and as nearly everyone has written, you can't do this with the
Windows firewall, and it is not as simple an issue as you wish it to be.
>
> My computer is not a server so it should not use ports such as 80,
> etc.

And it probably doesn't have an internal web server on it unless you
installed one, but that isn't the issue anyway.

Bottom line:
You need to have whomever sent you the message that your computer is doing
something bad, give you more evidence that it's doing so. And it's your IT
staff's responsibility to ensure that a) bad stuff isn't likely to happen
and b) fix bad stuff when it's proven it *did* happen.

"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.aty ahoo.com> a écrit dans le
message de news: eIO7xFR%23FHA.1032@TK2MSFTNGP11.phx.gbl...
>
>> So tell me how to shutdown those 3 ports.
>
> As I wrote, and as nearly everyone has written, you can't do this with the
> Windows firewall, and it is not as simple an issue as you wish it to be.

I may have missed something in this thread, but it looks to me like the OP
want to block incoming connections, and I think the Windows firewall can do
this.

> Bottom line:
> You need to have whomever sent you the message that your computer is doing
> something bad, give you more evidence that it's doing so. And it's your IT
> staff's responsibility to ensure that a) bad stuff isn't likely to happen
> and b) fix bad stuff when it's proven it *did* happen.

Quite true.

In news:e9%23uHLR%23FHA.3340@TK2MSFTNGP12.phx.gbl,
Lionel Fourquaux <use-reply-to@no-spam.invalid> typed:
> "Lanwench [MVP - Exchange]"
> <lanwench@heybuddy.donotsendme.unsolicitedmail.aty ahoo.com> a écrit
> dans le message de news: eIO7xFR%23FHA.1032@TK2MSFTNGP11.phx.gbl...
>>
>>> So tell me how to shutdown those 3 ports.
>>
>> As I wrote, and as nearly everyone has written, you can't do this
>> with the Windows firewall, and it is not as simple an issue as you
>> wish it to be.
>
> I may have missed something in this thread, but it looks to me like
> the OP want to block incoming connections, and I think the Windows
> firewall can do this.

Yes, it can (and does block *all* inbound traffic by default), but since
he's saying he has been accused of *sending* something unauthorized, that's
not the direction I was going in.

"Somebody remotely in another part of the world sent me email complaining I
have a "backdoor-g-1" trojan connecting to his computer"

I question the accuracy of that report anyway, but we're going around in
circles here and I don't think the OP fully understands that what he's
asking, with the information he's provided, is impossible to help with.

>
>> Bottom line:
>> You need to have whomever sent you the message that your computer is
>> doing something bad, give you more evidence that it's doing so. And
>> it's your IT staff's responsibility to ensure that a) bad stuff
>> isn't likely to happen and b) fix bad stuff when it's proven it
>> *did* happen.
>
> Quite true.