noel1947
June 6th, 2003, 08:36 PM
Hi
This is my first post and apologize for the length of my query. I should state that I am a novice with regards the complexities regarding rule creation.
Since installing "Look 'n' Stop" I have used the Sygate online security scan and all the results have shown all my ports have been completely stealthed. Great, that is what I assume a firewall's primary function is.
I have just set up a server on my home computer (Pentium 4 2.53 gig WinXp cable modem - no router) using Serv-U program as my FTP server. Everything is tested, runs OK (password protected as only 1 person in Japan will have access). Fine so far.
I followed the Look 'n' Stop Rule example : Authorizing an FTP Server from the FAQ section of the homepage and the rule was created. Looks Ok.
I then retested Sygate online security scan and the following results are now:
FTP DATA 20 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
FTP 21 OPEN File Transfer Protocol is used to transfer files between computers. A misconfigured FTP server can allow an attacker to transfer files, Trojan horses, and virus programs at will.
SSH 22 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
TELNET 23 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
SMTP 25 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
DNS 53 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
DCC 59 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
FINGER 79 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
WEB 80 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
POP3 110 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
IDENT 113 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
NetBIOS 139 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
HTTPS 443 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
Server Message Block 445 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
SOCKS PROXY 1080 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
SOURCE PORT 3022 BLOCKED This is the port you are using to communicate to our Web Server. A firewall that uses Stateful Packet Inspection will show a 'BLOCKED' result for this port.
WEB PROXY 8080 BLOCKED This port has not responded
My server will only be online on a request from the other party basis.
My questions are:
1. With the results above, am I still protected fully from attack while server is running?
2. Have I missed something in the the setup of the rule creation?
3. In the application filtering section of Look 'n' Stop I have authorized the following applications associated with Serv-U (FTP Serv-U Administrator, ServUT~1.exe and ServUDaemon.exe). I assume that these permitted applications are essential to have my server access the internet. Does anyone use Serv-U and have I correctly permitted these applications?
I think that about covers my queries. I had used the search function for my queries but came away confused, thus this post.
Any assistance/advice would be greatly appreciated and my apologies again for such a long post.
Regards
noel1947
This is my first post and apologize for the length of my query. I should state that I am a novice with regards the complexities regarding rule creation.
Since installing "Look 'n' Stop" I have used the Sygate online security scan and all the results have shown all my ports have been completely stealthed. Great, that is what I assume a firewall's primary function is.
I have just set up a server on my home computer (Pentium 4 2.53 gig WinXp cable modem - no router) using Serv-U program as my FTP server. Everything is tested, runs OK (password protected as only 1 person in Japan will have access). Fine so far.
I followed the Look 'n' Stop Rule example : Authorizing an FTP Server from the FAQ section of the homepage and the rule was created. Looks Ok.
I then retested Sygate online security scan and the following results are now:
FTP DATA 20 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
FTP 21 OPEN File Transfer Protocol is used to transfer files between computers. A misconfigured FTP server can allow an attacker to transfer files, Trojan horses, and virus programs at will.
SSH 22 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
TELNET 23 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
SMTP 25 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
DNS 53 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
DCC 59 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
FINGER 79 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
WEB 80 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
POP3 110 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
IDENT 113 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
NetBIOS 139 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
HTTPS 443 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
Server Message Block 445 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
SOCKS PROXY 1080 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
SOURCE PORT 3022 BLOCKED This is the port you are using to communicate to our Web Server. A firewall that uses Stateful Packet Inspection will show a 'BLOCKED' result for this port.
WEB PROXY 8080 BLOCKED This port has not responded
My server will only be online on a request from the other party basis.
My questions are:
1. With the results above, am I still protected fully from attack while server is running?
2. Have I missed something in the the setup of the rule creation?
3. In the application filtering section of Look 'n' Stop I have authorized the following applications associated with Serv-U (FTP Serv-U Administrator, ServUT~1.exe and ServUDaemon.exe). I assume that these permitted applications are essential to have my server access the internet. Does anyone use Serv-U and have I correctly permitted these applications?
I think that about covers my queries. I had used the search function for my queries but came away confused, thus this post.
Any assistance/advice would be greatly appreciated and my apologies again for such a long post.
Regards
noel1947