open ports?... what the heck?

I've been doing various security scans of my PC and a few online TCP/UDP
Port-Scanners have unveiled that some of my ports are open...
They are as follows..

Telnet --------- port 23
DNS ------------ port 53
HTTP ----------- port 80
HTTP Proxy ---- port 8080
* these results via ===> http://www.securitymetrics.com/portscan.adp

I understand that a few (very few) need to be open for "internet communication" to work but I've been reading around the forums a
lot and I understand that open ports can mean bad news to my
computing happyness.

Telnet is the worst offender of the bunch for leaving my PC open to probes/attacks. I've been into the Services Applet and Telnet is stopped/disabled. I need to find out these three things...
#1.......why is it listed in a port-scan?
#2.......what/who turned it on?
#3.......how the heck do i turn it off (if I am supposed to)

DNS (Domain Name Service)... I understand the reason behind this running
but previous port-scan's did not reveal this as a vulnerability. (usually stealthed according to Symantec Security Check)
#1......what could have made it show up in a port-scan? (all of a sudden)
#2......is this service really needed?
#3......I turn it off in the Services Applet, right? (duh!)

HTTP and HTTP Proxy...
I'm not to sure what these two are really for...
* courtesy securitymetrics.com port-scan
// HTTP===>World Wide Web services allow you to publish web pages to the
// Internet. There are hundreds of severe security vulnerabilities associated
// with this service. Keep your WWW server software updated.
// HTTP Proxy===>HTTP Proxy provides a way for a hacker to pretend to be
// your computer. Others who may have been hacked may see your computer
// address and want you to justify why you hacked them.
#1......I don't run a server or have a web-page so HTTP based web
publishing is pointless on this PC.
#2......Hackers using my PC as a gateway to jump around the internet
doesn't appeal to me so I'd like to get rid of that vulnerability.

I've run all the spyware apps I can think of and that doesn't seem to
be the culprit. I have all Windows Auto-Update features turned off
(I prefer to go there) , have all 3rd party applications auto-updating
features turned of or set to manual, occasionaly I run a Peer2Peer
program (AresLite 1.8.1), I keep all my virus/firewall/spyware defenition's
up to date.

I know its a lot of comments and questions to consider but any input/response will be greatly appreciated.

Thanks in advance...

==========================================================
CPU Type Intel P4 Northwood/HT@2633 Mhz
Motherboard MSI 865PE Neo2-S
Motherboard Chipset Intel Springdale i865PE
Memory Module(s) 1x 512Mb PC3200 DDR SDRAM
BIOS Type American Megatrends Inc. V2.1 (02/19/04)
Video Adapter ATI Radeon 9600 (256Mb)
Video Driver Ver. 6.14.10.6458 (6/10/2004)
Monitor AOC Spectrum 7F (17" CRT@1152,864,75)
Audio Adapter SoundMax Integrated (C-Media 9739A)
Speakers Labtec LCS-1070 (12 Watts)
Network Intel PRO/100 VE Integrated Network Connection
Linksys EtherFast Cable/Dsl Router (BEFSR41ver3)
Terayon cable modem
Disk Drive(s) Maxtor 40 GB (7200 RPM, Ultra-ATA/133)
C: (NTFS) Partition1-38154 MB
Maxtor 80 GB (7200 RPM, Ultra-ATA/133)
D: (NTFS) Partition1-39079 MB
E: (NTFS) Partition2-39079 MB
Optical Drive(s) HL-DT-ST CD-RW GCE-8525B (52x32x52x CDRW)
HL-DT-ST DVD-ROM GDR8161B (16x48x DVD)
Power Aspire 520Watt Blue Aluminum
Cooling Zalman CNPS7000 cpu fan
MSI Northbridge fan
80mm intake (back of case)
80mm circulatory (near HD's)
Operating System Windows XP Pro (SP1)
Internet Explorer 6.0.2800.1106 (IE 6.0 SP1)
DirectX 4.09.00.0902 (DirectX 9.0c)
==========================================================

 

Telnet --------- port 23

Telnet you probably do not need turned on, but I have used it when troubleshooting systems. But if you're not a business, you can filter it out.

DNS ------------ port 53

It is needed.

HTTP ----------- port 80

You would not be able to connect to the internet without this port.

HTTP Proxy ---- port 8080

You should keep this open as well.

To filter a port, right click on 'My Network Places' and choose properites, right click on 'Local Area Connection' and choose properties, choose 'Internet TCP/IP Protocol' and choose properties, choose advanced at the bottom, than click on the 'Options' tab, choose TCP/IP filtering and select 'Properties'. See what you can do.

However, a simple Firewall would be adequate if you are having problems. There are some good software Firewalls out there and some faily cheap hardware Firewalls.

Good luck.

 

thanks for the quick response... I kindda figured that DNS & HTTP (Proxy) were required... I'll try the telnet-filter thing and get back to everyone after some vigilante testing.