Guard your ports!
by Chris Taylor
Recent issues of the Ottawa PC News have
included reviews of software designed to protect your
computer from the bad guys on the Internet. I have
written about how, if someone wants to connect to your
machine (for any purpose, good or bad), your computer
must be running some software that opens a port.
The trouble is, it is not easy to tell if
you have open ports on your machine. There are some nasty
trojan programs out there, such as Back Orifice, that
will open a particular port. There are people on the
Internet scanning for that open port. If they discover
you are running Back Orifice, they can gain complete
control of your machine.
The absence of a trojan does not mean you
have no open ports. For example, if you enable file and
print sharing on your computer, you may be offering full
access to your files to everyone on the Internet whenever
you are on-line. This is because enabling file and print
sharing opens port 139. There are programs that will
search for computers with an open port 139 and enumerate
the shares on those machines. Then, with a simple NET USE
command, someone could map a drive letter to your open
shares and access your files.
I wrote about a couple of Internet Web
sites that will run port scans on your computer, looking
for open ports. Probably the most famous of these is the
Shields Up site run by Steve Gibson at http://www.grc.com.
Unfortunately, Gibson's site only scans for a few of the
most common ports.
However, there is software available that
you can run on your own computer to check for open ports.
If you are not running any sort of firewall, you can use
this type of software against your own machine and get a
pretty good picture of what a hacker might see if they
were to run a port scan on you. If you are running a
firewall, you might get a friend to run a port scan on
your machine while you are both connected to the Internet.
Now to finally get around to the title of
this article! SuperScan v2.06 is a free port scanner you
can download from PUB II's file area 35 - Internet, as
sscan206.zip. There is no installation routine. Simply
unzip the files into a directory and run scanner.exe.
There are lots of options, but to do a
simple scan looking for any open port on your machine,
you can just enter localhost in the "Hostname Lookup"
box and click the "Lookup" button. Then, in the
"Scan Type" section, select the last option,
"All ports from" and enter 1 to 65535 in the
boxes next to it. Then click the "Start" button.
The results box will show any open ports. You can click
the "Expand all" button to see additional
If you are behind a firewall or want to
be certain about what is seen from the hackers'
perspective, you can team up with a friend and port scan
each other's machines. All you have to do is have both
machines connect to the Internet. Then determine what
your IP address is by running winipcfg.exe (on Win9x
machines) or ipconfig (from a cmd prompt under WinNT).
You can e-mail your IP addresses to each other so you can
stay on-line and maintain the same address. Finally, each
of you can fire up SuperScan and enter the other person's
IP address in the "Hostname Lookup" box and
follow all the other instructions above.
So, what do you do if you find open
ports? The first thing to do is find out what is opening
the port. A good resource for common port usage is RFC
1700. You can download it from PUB II in file area 35 -
Internet as rfc1700.zip. Many applications use non-standard
ports, but at least it is a good starting point.
If you have file and print sharing
enabled, you should find that port 139 is open. Visit
Gibson's site at http://www.grc.com/su-bondage.htm.
for a good explanation of how to close this open port.
Gibson has some other good information available on other
pages as well, so browse around.
Some of the other ports you might find
open may be harder to close. There is no magic bullet to
eliminate the problem. You can try a clean boot and see
if the port is closed. You can open programs one at a
time and see if you can identify the one opening a port.
You can run a good virus scanner that might pick up on a
trojan program that is doing it.
You may find that the best solution is
simply to install a personal firewall that will block
anyone who attempts to connect to your machine. Many of
the available firewalls will also block outbound traffic
unless you specifically allow it. Since Trojan programs
can attempt to do nasty things like send password
information to some hacker on the Internet, this can be
of great help.
Some programs are free for personal use,
such as ZoneAlarm, Sybergen Secure Desktop, and PortICE.
All are available on PUB II in file area 35 - Internet (zonalm21.exe,
ssd21464.zip, and portice2.zip).
There are also a number of commercial
products, such as Symantec's Norton Internet Security,
ZoneLab's ZoneAlarm Pro, Tiny Software's Tiny Personal
Firewall, Network Associates' McAfee.com Personal
Firewall, and Network Ice's BlackICE Defender.
Once you install a personal firewall, you
can use a port scanner to verify it is doing its job
properly. To do this, you will have to have help from
someone outside of your firewall to run the port scan.
Running it on your own machine will not tell you what you
need to know.
A word of caution on using a port scanner:
NEVER use a port scanner on anyone but yourself or
someone who has asked you to do so. Running a port scan
is generally considered to be an attack. If the person on
the other end detects a scan, they may report you to your
Internet Service Provider. Such a complaint could get
your account with your ISP terminated.
SuperScan v2.06 (Freeware)
Originally published: October, 2000
top of page