Welcome to ISAserver.org

Ports 80 & 443 Open... Can not figure out why

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 Firewall] >> General >> Ports 80 & 443 Open... Can not figure out why

Page: [1]

Message

<< Older Topic Newer Topic >>

Ports 80 & 443 Open... Can not figure out why - 30.Sep.2003 5:14:00 PM

khale

Posts: 42
Joined: 8.Feb.2002
From: Greensboro, NC
Status: offline

I am setting up a new Small Business Server 2000 with Exchange 2000 and ISA 2000 Server turned on.

For some reason when I have an external Port scan at my ip (Using grc.com shields up) it is showing that ports 80 and 443 are open.

I can not figure out what has them open, thie is the first time that I have seen them open on any of my ISA servers that are in the field.

Any ideas?

Also, how can I turn off port 1723?

Finally, if I allow POP3 as a protocal, is it suposed to show up as a open port?

Thanks again.

Post #: 1

Featured Links*

RE: Ports 80 & 443 Open... Can not figure out why - 2.Oct.2003 9:55:00 PM

khale

Posts: 42
Joined: 8.Feb.2002
From: Greensboro, NC
Status: offline

Also, is there an easy way to determine what service is opening the ports.

Thanks.

(in reply to khale)

Post #: 2

RE: Ports 80 & 443 Open... Can not figure out why - 2.Oct.2003 10:16:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Kelly,

if ISA server is properly configured, no TCP/UDP ports should be open in listening mode unless you have deliberate *published* a service. A handy tool to check out which TCP/UDP ports are owned by which processes is Active Ports .

Also, TCP port 1723 is used by the H.323 application filter. I you don't need H.323, just disable this application filter.

HTH,
Stefaan

(in reply to khale)

Post #: 3

RE: Ports 80 & 443 Open... Can not figure out why - 4.Oct.2003 10:34:00 PM

kb�s

Posts: 178
Joined: 1.Feb.2002
From: Silkeborg, Denmark
Status: offline

Today i have installed a new SBS 2000 and i have the same issue.
Port 80 and 443 are reported open when i portscan the server.
In the ISA Manager there are no rules wich allow these two ports to be open.
I had to make two rules wich closed them before the portscan didnt report them as open.

It is a default installed SBS 2000 with ISA server and i have not published any services.

(in reply to khale)

Post #: 4

RE: Ports 80 & 443 Open... Can not figure out why - 6.Oct.2003 5:40:00 PM

khale

Posts: 42
Joined: 8.Feb.2002
From: Greensboro, NC
Status: offline

It must be something that the latest version of SBS server 2000 does. I installed it late last year and that one did not open these ports. They have updated SBS 2000 since then.

Any idea's as to what had the ports open in the first place?

Thanks

(in reply to khale)

Post #: 5

RE: Ports 80 & 443 Open... Can not figure out why - 6.Oct.2003 9:23:00 PM

kb�s

Posts: 178
Joined: 1.Feb.2002
From: Silkeborg, Denmark
Status: offline

Today i did a new install of a SBS 2000 and again the ports are open.

I used the Internet Connection Wizard and i only choosed to use SMTP as e-mail.
Again the port 80, 443 and 110 are open.

i have never seened it before on any of the SBS 2000 i have installed.

(in reply to khale)

Post #: 6

RE: Ports 80 & 443 Open... Can not figure out why - 6.Oct.2003 9:56:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hey guys,

which processes own those open TCP ports? You can use the free tool 'Active Ports' mentioned before to determine it! [Big Grin]

HTH,
Stefaan

(in reply to khale)

Post #: 7

RE: Ports 80 & 443 Open... Can not figure out why - 7.Oct.2003 12:36:00 PM

kb�s

Posts: 178
Joined: 1.Feb.2002
From: Silkeborg, Denmark
Status: offline

It is a fine tool, but it doesnt solve the problem with the default open ports.

In the ISA Manager there are no rules wich allow access inbound or outbound of the ports, but still they are reported open.

(in reply to khale)

Post #: 8

RE: Ports 80 & 443 Open... Can not figure out why - 7.Oct.2003 7:44:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi KB,

can you be more specific?

Does Active Port report those TCP ports and which processes are bound to them?

From an external host can you telnet to the ISA external interface on those TCP ports? You can also use Jim's excellent tool http://www.isatools.org/winsocktool.msi instead of telnet.

HTH,
Stefaan

(in reply to khale)

Post #: 9

RE: Ports 80 & 443 Open... Can not figure out why - 7.Oct.2003 8:43:00 PM

kb�s

Posts: 178
Joined: 1.Feb.2002
From: Silkeborg, Denmark
Status: offline

I can connect with wintool:

Winsock: Connection completed
Winsock: Connected to 10.10.10.5:443

Winsock: Connection completed
Winsock: Connected to 10.10.10.5:80

The result with superscan it also shows my Exchange server on port 25:

+ 10.10.10.5
|___ 25 Simple Mail Transfer
|___ 220 ntserver.[removed]Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Tue, 7 Oct 2003 20:41:32 +0200 ..
|___ 80 World Wide Web HTTP
|___ HTTP/1.1 500 Internal Server Error ( The system cannot find the file specified. )..Pragma: no-cache..Cache-Control: no-cache..
|___ 443 https MCom

(in reply to khale)

Post #: 10

RE: Ports 80 & 443 Open... Can not figure out why - 7.Oct.2003 9:00:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi KB,

OK, but what does Active Port reports?

Have you already checked out that IP packet filtering is enabled on ISA?

HTH,
Stefaan

(in reply to khale)

Post #: 11

RE: Ports 80 & 443 Open... Can not figure out why - 7.Oct.2003 9:11:00 PM

kb�s

Posts: 178
Joined: 1.Feb.2002
From: Silkeborg, Denmark
Status: offline

Active ports shows nothing and IP packet filtering are enablet.

I also used the different netstat options and they didnt give a clue either

It is possible to telnet to the ports allthough it gives a error 500 on the port 80

I have made some IP Packet filtering rules to close the ports, and now they shows as closed (not responding)

(in reply to khale)

Post #: 12

RE: Ports 80 & 443 Open... Can not figure out why - 7.Oct.2003 9:34:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi KB,

hmm... never installed an SBS and will surely never install one! [Big Grin]

Try to catch Tom Shinder's attention to this issue because it is rather weird. Tom can be reached at mailto:tshinder@isaserver.org .

Thanks,
Stefaan

(in reply to khale)

Post #: 13

RE: Ports 80 & 443 Open... Can not figure out why - 8.Oct.2003 4:34:00 PM

tshinder

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: online

Hey guys,

HTTP and HTTPS ports will be open if there is an Incoming Web Requests listener enabled.

All other ports will not be avaiable unless:

1. You created a packet filter (or someone or something did) to allow inbound access to that port

or

2. You created a Server Publishing Rule to allow access

There is NO OTHER WAY for those ports to be open. The only other situation would be if packet filtering was disabled, in which case, your box is already owned [Smile]

HTH,
Tom

(in reply to khale)

Post #: 14

RE: Ports 80 & 443 Open... Can not figure out why - 8.Oct.2003 9:42:00 PM

kb�s

Posts: 178
Joined: 1.Feb.2002
From: Silkeborg, Denmark
Status: offline

Thanks for your reply [Smile]

I think i got it now.
If i remove the rules wich deny access to port 80 and port 443 they are open, also with IP Packet filtering enablet.
And that is because of the Incoming web listener ?

(in reply to khale)

Post #: 15

RE: Ports 80 & 443 Open... Can not figure out why - 8.Oct.2003 9:49:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi KB,

I wrote:

quote:
Hi Kelly,

if ISA server is properly configured, no TCP/UDP ports should be open in listening mode unless you have deliberate *published* a service. A handy tool to check out which TCP/UDP ports are owned by which processes is Active Ports .

Also, TCP port 1723 is used by the H.323 application filter. I you don't need H.323, just disable this application filter.

HTH,
Stefaan

So, I assumed you already checked that! [Frown]

HTH,
Stefaan

(in reply to khale)

Post #: 16

RE: Ports 80 & 443 Open... Can not figure out why - 8.Oct.2003 10:09:00 PM

kb�s

Posts: 178
Joined: 1.Feb.2002
From: Silkeborg, Denmark
Status: offline

Sorry if i misunderstood you, but i have not deliberate *published* a service and the portscan result where from a default installation where no additional rules where created.

I thought the ISA where closed by default and had to be manually opened to allow access.

(in reply to khale)

Post #: 17

RE: Ports 80 & 443 Open... Can not figure out why - 8.Oct.2003 10:24:00 PM

spouseele

Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi KB,

so are you saying that in your experience the *new* SBS distribution enables the Incoming Web Requests listener by default?

HTH,
Stefaan

(in reply to khale)

Post #: 18

RE: Ports 80 & 443 Open... Can not figure out why - 9.Oct.2003 7:21:00 AM

kb�s

Posts: 178
Joined: 1.Feb.2002
From: Silkeborg, Denmark
Status: offline

I installed two SBS and i used the Internet Connection Wizard and i only choosed to use SMTP as e-mail.
No publishing of IIS or OWA.

Maybe the issue about the Incoming Web Listener are related to the Internet Connection Wizard, i will set up a test installation and find out where the ports gets open.
But as i wrote before with IP Packet filtering enablet and no allow rules the ports are open on the two installations i did this time.

(in reply to khale)

Post #: 19

RE: Ports 80 & 443 Open... Can not figure out why - 9.Oct.2003 8:05:00 PM