open port

[TwoBills]

I just ran "shields up" and it found port 515 open. Anybody know how to close ports? Windows ME.

 

[n0cmonkey]

Stop the process that has bound to that port.

 

[TwoBills]

I guess that's really the question I was asking: "How do you stop processes that are bound to ports"?

 

[n0cmonkey]

Is that really the question you want to ask, or do you want to know what the process is?

515 seems to be a "spooler" (printer) according to IANA. So if you are running some printer software, you can try to stop it or if you can configure it properly it should be run on the loopback.

You could also try using a firewall, which is almost a necessity these days anyhow.

EDIT: You can also try fport to see the process using that port (never used it, and never used ME so it may not work there ).

There might be a netstat flag to show the process in use too, although this may be only XP's netstat.

 

[TwoBills]

I'm behind a nat router and have a software firewall, and this port shows up thru them. Printer software. That's what I was looking for. I'm gonna go attempt a few tweaks in that area and see if that does it. Thanks.

 

[n0cmonkey]

Make sure you don't have that port forwarded or anything. That sounds kind of wierd...

 

[TwoBills]

Man, I don't know why that port is open. Funny thing is, I've got 2 computers on this router and they're both showing 515 open. Thing is, the 2nd one only has a Knoppix live cd os and nothing else, except an aborted attempt to instl. Gentoo. I'm thinking the port is open at the router level. Is that even possible? I'm gonna pull the router and run the scan w/o it and see what comes up.

 

[n0cmonkey]

If there is a network printer port on the router it wouldn't surprise me. You can try forwarding the port on the router to a non-existant IP. For example, if your IP range goes from 192.168.1.50 to 192.168.1.100, forward port 515 to 192.168.1.200.

 

[Nothinman]

Funny thing is, I've got 2 computers on this router and they're both showing 515 open.

It's not funny, since you're behind the router doing NAT it's the router being scanned and not your PCs. You probably have the print server on the router enabled.

 

[TwoBills]

Yeah, that's what it's going to be. I just did a scan w/o the router, just my software firewall and everything is closed. I'm going to fool around with the forwarding you mentioned.

 

[TwoBills]

Originally posted by: n0cmonkey
If there is a network printer port on the router it wouldn't surprise me. You can try forwarding the port on the router to a non-existant IP. For example, if your IP range goes from 192.168.1.50 to 192.168.1.100, forward port 515 to 192.168.1.200.

Hah, that did the trick. All my ports are stealthed. I hated seeing that one red port.

Thanks for the assist, n0cmonkey.