|
|
Something Is Listening...
Subscriber M.Y. Choy wrote to ask:
Hi Terry, TQ for yr excellent Newsletter.
Could U advise me how to close port 515?
My computer has AV & firewall running. I have also use Steve Gibson's Shoot the messenger, UnPlug n" Pray & Socketlock to protect my computer.
However, when I use online Shield Up! to scan my computer,all ports are closed/stealth except the port 515 is permanently opened! Was advised that this is the printer port and Trojan Sightings: lpdw0rm, Ramen. Shield Up only scan service ports, how could it find trojans? Then I ran Trend Micro online scan but found nothing.
I Google around, cannot find helpful info to close this port.
Microsoft info base said printer using LPR protocol uses TCP port 515, which is, by default, blocked by XP SP2 firewall. Since I have never made any exception in the Xp firewall setting, why mine XPSP2 firewall did not block port 515 by default?
I wonder whether other readers have this experience.
Thank you & regards.
MY Choy.
You don't really "close the port," you stop whatever is keeping a port open; that is, some program is listening for activity on that port and you need to either stop the program, recognize the program is ok and let it listen, or reconfigure the program not to listen. The best way to do the last is to use a two-way firewall.
First, I recommend that you immediately install a two-way firewall. Then, turn off the XP SP2 firewall.
Whether you get one of the paid versions (I recommend the Sunbelt Personal Firewall ) or a free one , you need protection from the inside-out as well as from the outside-in.
If you want a free firewall, I recommend Kerio also. Like most firewall programs, there is a free home-use-only license for Kerio without some of the special protection functions of the paid version — which is only $19.95
The Windows XP SP2's firewall just is not good enough. XP SP2's firewall believes that anything running on your computer is legitimate and let's it talk to the Internet (or spam, or serve picture, or attack sites, or whatever - if a bad guy has control!)
You need to realize -- and this is the important issue -- if a program on your computer wants to talk to the Internet, the Windows XP SP2 firewall lets it do that without any control. A two-way firewall asks YOU if you want that program to talk to the Internet.
By the way, Vista will have a two-way firewall, so Microsoft is finally waking up, too.
Sometimes, that communication is ok -- your web browser (IE, Firefox, Opera, etc) needs to talk to computers other than yours. So does your email program. You may or may not want to allow programs like a graphics program to call home to check for updates. Sometimes, it's bad -- if the bad guys have managed to plant something on your computer via a drive-by download (if you use Internet Explorer) or along with some "free" program you wanted.
When a program calls out, it opens a port and it listens for an answer.
Although there are "official" port numbers for certain functions (e.g., TCP port 80 for HTTP webbrowsing), actually any program can use almost any port number -- as long as another program is not already "listening" to it.
Again, I recommend the Sunbelt Personal Firewall.
The Overview/Connections tab shows you which programs are listening on which TCP and UDP ports.
I prefer the paid version. However, the paid version will revert to a lesser-function free version (free for home use) after 30 days, if you don't buy a license.
Read my review of Sunbelt Kerio Personal Firewall.
Link to this page — just add this code to your web page!
<a href="http://www.terryscomputertips.com/computers/listening-port.php">Something Is Listening...</a>
Copyright © 2006 Terry A. Stockdale. All rights reserved.
|
|
