Troubleshoot Port Monitoring/Scanning

[malhunter332]

TCPView and Currports are tools to analyze port scanning but how to know that which port should not be on established stage there are tons of ports.
Can you name some common ports that should not be on established stage on a healthy windows OS.

 

[Wave]

Just read a book and study networking and then you won't have to ask these questions... Even some Googling on Stack Overflow can probably get you better answers to this question than asking it here.

I don't even know the answer myself since I don't work in networking, so I am not just saying this... But seriously, try these:
https://www.amazon.co.uk/Computer-N...TF8&qid=1483467474&sr=8-5&keywords=networking
https://www.amazon.co.uk/Hacking-Be...1483467490&sr=8-2&keywords=networking+hacking
https://www.amazon.co.uk/d/Books/Ha...1483467490&sr=8-3&keywords=networking+hacking

Never read em myself but they'll probably be sufficient enough. Good luck

 

[509322]

TCPView and Currports are tools to analyze port scanning but how to know that which port should not be on established stage there are tons of ports.
Can you name some common ports that should not be on established stage on a healthy windows OS.

It is debatable whether or not configuring port rules increases system security. Restricting programs to specific IP ranges, protocols, etc likewise adds not much, if anything, to overall security.

Some security softs will monitor\block known ports that have been abused by malware in the past - but I have seen none that monitor all ports known to be abused.

There are lists of abused ports to be found on the net. You could make a list of all the abused ports and make rules for them, but it makes no sense to put yourself through such a thing.