cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1099
Views
0
Helpful
3
Replies

Network Ports

sfaisalnaseem
Level 1
Level 1

I have opened one port e.g. (50000) inbound rule in windows firewall in my PC. when I try with  (netstat -a) in command line that port is not showing. Even I restarted the PC but still the same thing. I tried with (nmap) but that port is not there. In nmap only 6/7 ports are showing which is open. but in netstat so many ports are showing with status LISTENING, ESTABLISHED.

 

1) my question is do I need to associate some service in that port? how to do that.

2) suppose I opened one port and no service is running. Do a hacker can enter through that port?

 

Regards,

 

Syed Faisal Naseem

1 Accepted Solution

Accepted Solutions

Joel
Level 1
Level 1

Hi,

Yes you need a service bound to that port. If I was to run on a windows host netstat -aon I will see my host listening on port 3389 for instance  (RDP). The port is 3389, the 1404 is the PID, which under task manager is  TermService. 

 

 TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING       1404

 

The option -a = All connections and listening ports o= Displays the owning process ID associated with each connection and -n displays addresses and port numbers in numerical form.

 

In terms of hacking, why would you open a port if nothing is bound to it? If you nmap the machine, I believe it would be classed as an closed port. This could give you at least OS detection, which could lead to a more specific and targeted attack. I suggest closing ports that are not required.  NMAP guide https://nmap.org/book/man-port-scanning-basics.html

 

joel

 

View solution in original post

3 Replies 3

Joel
Level 1
Level 1

Hi,

Yes you need a service bound to that port. If I was to run on a windows host netstat -aon I will see my host listening on port 3389 for instance  (RDP). The port is 3389, the 1404 is the PID, which under task manager is  TermService. 

 

 TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING       1404

 

The option -a = All connections and listening ports o= Displays the owning process ID associated with each connection and -n displays addresses and port numbers in numerical form.

 

In terms of hacking, why would you open a port if nothing is bound to it? If you nmap the machine, I believe it would be classed as an closed port. This could give you at least OS detection, which could lead to a more specific and targeted attack. I suggest closing ports that are not required.  NMAP guide https://nmap.org/book/man-port-scanning-basics.html

 

joel

 

Thanks for your reply.

 

 

How to associate any service with the specified port?

 

And as you have mentioned that close the unwanted port. so in that case 80, 139, 21 etc.. when I nmap my local pc 4/5 ports are open. So do I need to close these ports for security reasons.?

To modify a service to operate/bind on a particular port will vary per service. If a website hosted say on IIS you modify within IIS. RDP, I believe you do via a registry change.

 

In terms of whether a port should be open or closed, depends on the OS and what it is running. You might have a Linux host, you need SSH to be open but only from certain networks. You would modify IPTABLES for instances to permit SSH for certain networks. If a web server that needs connectivity from anywhere in the world, port 80/443 are likely required.

 

To summarize, it will vary per case but in general shutdown any service and ports that are not required.

 

Joel

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco