How do I manually open/close a port in Windows 2000?

[TechBoyJK]

How do I manually open/close a port in Windows 2000? Does it depend on the firewall I am using? I just want to be able to do a port scan on my computer and if I see a port I dont think I need, I want to deny that port service. I know I should turn that program off anyway, but just in case, i would like to have the port closed too.

 

[Oaf357]

I asked this question to Microsoft and several other individuals. The answer is you can't.

Whatever program has that port open has to be shut down. Then the port will close.

 

[JackMDS]

Ports are used for other chores done by the computer they can not be closed.
Ports are not really closed or open, it is just a metaphor.

If all ports are closed you can not print, the mouse will not work, the keyboard will be locked etc.

As related to Network, and Internet activities.

Closed ports by software Firewall means that Network traffic goes through the Firewall program, and the program (as designed by the programmer) will not let the info get to the port. I.e. metaphorically the ports are closed.

NAT firewall (Cable/DSL Router) blocks every thing from coming in, the signal does not even reach the computer. It let in only info that was requested by the computer through a certain port. We call it all ports blocked but the ports are NOT blocked they just do not get any info.

More here:

Basic Protection for Broadband Internet Installation.

 

[BML]

Well you can all always got to advanced on tcp/ip then to the options tab and configure tcp/ip filtering. That will allow you to block or permit tcp ports udp ports or protocols. Im not sure if Microsoft will agree or if your printers will work but i think this is what your looking for. LMK

 

[JackMDS]

Originally posted by: BML
Well you can all always got to advanced on tcp/ip then to the options tab and configure tcp/ip filtering. That will allow you to block or permit tcp ports udp ports or protocols. Im not sure if Microsoft will agree or if your printers will work but i think this is what your looking for. LMK

Absolutely RIGHT. G-d forbids that any one should understand any thing beyond the makeup of six-pack.

 

[TechBoyJK]

So if I got this right, you can't really close or open ports, but you can use them and you can block them. TCP/IP filtering will allow me to filter TCP/IP and UDP ports, but for actually being able to say "close port 1200" .... that I can't do. Now if I have a firewall that allows me to do so, I can block ports, but I can't force them closed.

 

[Oaf357]

Originally posted by: TechBoyJK
So if I got this right, you can't really close or open ports, but you can use them and you can block them. TCP/IP filtering will allow me to filter TCP/IP and UDP ports, but for actually being able to say "close port 1200" .... that I can't do. Now if I have a firewall that allows me to do so, I can block ports, but I can't force them closed.

There ya go.

 

[BML]

Your on the right track but its not as easy as it seems. Post back any questions and we will try and help.

 

[TechBoyJK]

how does stateful packet inspection relate to this?

 

[Nothinman]

how does stateful packet inspection relate to this?

Most of the time statefull inspection understands the network protocol (i.e. http, ftp, irc, etc) at the application level and can make assertions as to what's going on and what packets belong to what stream. It's usefull for things like FTP when the PORT command is issued by the client it's telling the server to connect to the client in port X, it can translate the IP in the PORT command to match the firewall's IP and redirect the incoming connection from the FTP server to the client, so it thinks the FTP server has a direct connection to it's port. PASV mode is used when a NAT router can't do this and the client has no choice but to initiate the connection itself. Some are more advanced than others and can understand more protocols.

There are NAT implementations that do statefull inspection on a lesser level, only using the IP information. Keeping state by using a combination of IP, port, ISN, etc and that's fairly reliable but can'd do the 'convenient' things that an application level inspector can do, but then again it uses a lot less resources =)