The 'universal plug and play' service of Windows XP is a possible vulnerability.  MS came out with an update.

I don't know what exactly the update does (cures a buffer overrun) but I know an open port when I see one, and I know open ports can be a security risk.

Unfortunately, Univ. Plug-n-play allows many of the advanced networking components of Windows XP to run smoothly.  It's actually a component of "Generic Host Process", a Win32 service.

The problem is that uPnP will listen to ports 1900 and 5000.  This means your computer is basically running servers on those ports-not very secure.  The update does not stop this service from listening at those ports.  There are programs out there that "fix" this vulnerability, but if you use them, you may find yourself lacking some nifty features that helped your network run smoothly.

Here's the solution:

Run Zone Alarm Pro.  For $50, it's still cheap insurance, as it stealths ports, uses program privelages, quarantines email attachments, and best of all, divides your security into two zones, and lets you add hosts/subnets, IP's to the less secure "local" zone (even if this host, etc... is on the Internet).  In fact, it will block a user that is registered on your computer from accessing any shares from the internet, unless you tell it to allow that!  Get it a http://www.zonelabs.com

In Zone Alarm Pro, you can open the main panel, click on Security, then Advanced.

Here you will find a tab labelled "Internet Zone Custom Settings".

The last four options there allow you to close ports ONLY TO THE INTERNET.  I have ports 1214 (kazaa server port), 1900, and 5000 not allowing incoming or outgoing UDP or TCP packets.

The beauty of it is that though these ports will not accept connections from the Internet, they still accept them from my local network.  So, I get the nice XP networking capabilities, and still have those ports stealthed to anyone who tries to connect to them from the 'net.  Nifty, eh?

One thing, though, if you want to accept remote assistance requests, you have to enable these.

The component of Win XP that does all this port listening is Generic Host Processes, and it will sometimes run as "Process 870" or "Process 710"  It really doesn't matter, because the ports it wants to listen to are closed.  That one process simply thinks I'm not connected to the Internet.  It still comunicates with other computers on your local network, so all is well in "mshome-land", and in the "mshomeland-security" department.
 
 [ March 26, 2003, 01:20 PM: Message edited by: TWebMan ]

hey, she's really cute heheh    

BTW Norton doesn't check for local servers.  The only firewall I've seen do that is Zone Alarm.
 
 [ March 27, 2003, 05:00 PM: Message edited by: TWebMan ]

Took long enuff      

grc... Mr. Gibson is a good guy..and he'll answer your emails!
But even his plug 'n pray protection applet shut down ALL listening on those ports, disabling the pnp for my network.
 
 [ March 26, 2003, 09:00 PM: Message edited by: TWebMan ]