blocked port

ciscoholic · June 2005

i would like to know how would an intruder bypass a blocked port.
or what would he do if all ports are blocked except port 80(http). i am new to network security i managed to do that but i still get trojan and tracking cookies on my lil network. can anyone explain?

RussS · June 2005

Quite often you will find that you have more than port 80 open. There are many that set up firewalls and allow certain programmes run from inside the network to speak to the outside world. What happens there is that if a trojan is send to a node inside the network it can then talk back to home base.
Mostly I find that the firewall is badly configured and has all sorts of ports open - quite often backdoors left by the programmer to allow remote configuration.
You will also usually find more than port 80 open - things like 22 for SSH - 23 for Telnet - 25/110/143 for email .. SMTP/POP/IMAP - 3389 for RDP.

If it is a network I am administering I check with their ISP and then run some serious port scans to see what is open and what is happening.
After that I fix it. My rule when I build a firewall is - all closed except port 80 until someone screams. Then I ask what port they need open and why. Then if I am in a mind to I will open it, but usually I will sort out a little port mapping if it is only one user.

Chivalry1 · June 2005

I agree. Do a external port scan on your network to find out what ports are open. Often Firewalls indicate that all ports are close when actually it keeps some ports running. You can virtually get a port scanner from anywhere over the internet. Run that scan to determine what ports are open, and then begin blocking those services.

qsub · June 2005

Tracking cookies usually come from people on the internal network going to pretty much "malacious" websites. Not saying they're going to **** or anything. But in general some places do have tracking cookies, even if it's a good website.

For an example, a community website similar to Xanga that I goto has tracking cookies.

I wish a law or something was put in place about this.

If you want to stop tracking cookies, you gotta disable them from the nodes that have access to the internet. But you will find half the internet not working if you do that.

I just run spybot search and destroy every night at 5:00AM.

Hope this helps.

ciscoholic · June 2005

thanx for all your reply, very helpfull

johnnynodough · June 2005

^^
Oh the irony

spfdz, your signature has that hyperlink to musikcube.com, which leaves a tracking cookie on systems everytime someone looks at your posts.

johnnynodough · June 2005

A great defense against getting tracking cookies is to use Firefox/Opera/Netscape, and configure it to ask you before setting/modifying a cookie, and configure trusted domains to always allow cookies so its not constantly battering you with requests when you are going to frequently accessed trusted sites. Latest version of IE claims to have it, but it doesnt really work to well. Just like when you tell windows to delete your temporary internet files, and it doesnt. There still there, you just cant see them.

qsub · June 2005

johnnynodough wrote:

^^
Oh the irony

spfdz, your signature has that hyperlink to musikcube.com, which leaves a tracking cookie on systems everytime someone looks at your posts.

Oh wow, I never realized that. I set my Spybot S&D to auto-delete everything. So I usualy don't get to see what comes up unless I do a manual scan.

Either way, tracking cookies aren't very harmful. I know of some websites that do have them but I still want to use the website so, I'm kinda stuck there.

blocked port

Comments