4. Scan Your System for Open Ports
Each
open network port on your computer is a potential security
vulnerability, and Vista's tendency to leave more ports open than it
needs is a common cause for concern. Fortunately, there's a way to scan
your computer for open ports so you know which holes to patch.
Start by opening a Command Prompt window (cmd.exe). Then, run the Active Connections utility by typing:
netstat /a /o
The /a option tells netstat to show all open ports; without it, only ports participating in active connections would appear. And the /o
option shows the owning process of each port (explained shortly). The
report will be displayed in the Command Prompt window, and will look
something like this:
Active ConnectionsProto Local Address Foreign Address State PID
TCP annoy:pop3 localhost:4219 TIME_WAIT 0
TCP annoy:3613 javascript-of-unknown:0 LISTENING 1100
TCP annoy:3613 localhost:3614 ESTABLISHED 1100
TCP annoy:3614 localhost:3613 ESTABLISHED 1100
UDP annoy:1035 *:* 1588
UDP annoy:1036 *:* 1588
UDP annoy:1037 *:* 1588
UDP annoy:1038 *:* 1588
UDP annoy:1039 *:* 1588
The
width of the Command Prompt window is typically limited to 80
characters, causing some pretty ugly word-wrapping. To send the report
to a text file (say, report.txt) for easier viewing, type netstat /a /o > report.txt at the prompt. |
|
The Active Connections utility displays its information in these five columns:
Proto
This will either be TCP or UDP, representing the protocol being used .
Local Address
This column has two
components, separated by a colon. The first part is the computer name,
which will typically be the name of your computer. The second part will
either be a port number or the name of a service. S
Foreign Address
For active connections,
this will be the name or IP address of the remote machine, followed by a
colon, and then the port number being used. For inactive connections
(showing only the open ports), you'll typically see only *:*.
State
This shows the state of the connection (TCP ports only). For example, for server processes, you'll usually see LISTENING here, signifying that the process has opened the port and is waiting for an incoming connection.
For
connections originating from your computer, such as a web browser
downloading a page or an active Telnet session, you'll see ESTABLISHED here.
PID
This is the Process Identifier of the application or service that is responsible for opening the port.
To find out more about a particular PID, open Task Manager (launch taskmgr.exe or right-click an empty area of your taskbar and select Task Manager), and choose the Processes tab. If you don't see a column labeled PID, go to View → Select Columns, turn on the PID (Process Identifier) option, and click OK. Finally, turn on the Show processes from all users option at the bottom of the Windows Task Manager window. You can then sort the listing by PID by clicking the PID column header. The corresponding program filename is shown in the Image Name column.
If
you have the Business or Ultimate edition of Vista, you have the added
luxury of being able to use the Reliability and Performance Monitor tool
(perfmon.exe, shown in Figure 7)
to view a live list of applications using your network connection,
complete with the aforementioned PID, bytes sent and received, and even
the foreign address to which they're connected. You can even sort by
network usage and find the processes most responsible for hogging your
connection.
This
means that you can use the Active Connections Utility in conjunction
with the Windows Task Manager, as described here, to look up the program
responsible for opening any network port on your computer.
Don't
be alarmed if you see a lot of open ports. Just make sure you track
down each one, making sure it doesn't pose a security threat. |
|
You may see svchost.exe
listed in the Windows Task Manager, and reported by the Active
Connections utility as being responsible for one or more open ports.
This program is merely used to start the services listed in the Services
window (services.msc).
4.1. Use an external port scanner
If
you're using a firewall, such as the Windows Firewall feature built in
to Windows, it should block communication to most of the currently open
ports, even though they're listed by the Active Connections utility.
For
this reason, you may prefer to use an external port scanner, a program
that can connect to your computer through an Internet connection to
check for all open ports, and do it more aggressively than the Active
Connections utility. Here are some example utilities that you can run
from your own computer:
Or, using one of these web sites will allow you to perform port scans right from your web browser:
Among
other things, you can use these services to test the effectiveness of
your firewall. If a port scanner cannot detect any open ports, cannot
determine your computer name, and cannot detect any running services,
then you're in good shape!
