I am running a Windows Server 2012 R2. At the moment, I want to improve the security of my server, so I am looking for services (and open ports), that are not needed.
I disabled nearly every server role, except IIS (I need the IIS).
The windows firewall is configured so that every inbound/outbound connection without a rule, is automatically blocked.
I have created only some rules for port 80,443 and the remote-desktop-port. All other rules are deactivated (or set to private profile), hence there are no rules for other ports/protocols/services on my public network, and therefore, there shouldn't exist open ports.
But if I scan my server with nmap (tcp connect scan), there are some open ports. For example:
25/tcp open smtp
80/tcp open http
110/tcp open pop3
119/tcp open nntp
143/tcp open imap
465/tcp open smtps
563/tcp open snews
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
3389/tcp open rdp
I do not need pop,imap and the other services (except RDP 3389).
Now I have some questions:
1. How could it be possible that the ports are shown as open, if the firewall should block all ports wihtout rules (the ports above have no rules)?
2. With netstat -anop tcp I looked up which services are listening on this ports. It is the system-service. But why is the system-service listening on this ports and how could I stop the service from doing so?
Best Answer
I see three options here:
You should confirm with that services actually are listening on those ports with a
netstat -aband then narrow the scope of your troubleshooting from there. Is it possible that you have additional Windows Features that you need to uninstall?