|
|
#1
July 23rd, 2012, 02:33 AM
|
|||
|
|||
Swiss Vpn Leaving ports open
Hi i have been using SwissVpn for p2p for about 6 months now. Yesterday i did a grc port scan, first i ran with the vpn off. everything was stealth but port 1 and port 2 were closed.
Then i ran the same test with swissvpn with and with out there firewall and i was astonished to see that it new the name of my pc and my home network name and that accepted an anonymous connection from another machine . It also said unbind" the "File and Printer Sharing but i use a media server. So i run the full scan and port 135 DCOM Service Control Manager and port 139netbios-ssn are open as wells as 554 Real Time Stream Control Protocol. Sorry to bombard you with questions Is this normal to have these ports open when using a vpn ? Do all vpn's do this ? I thought the netbios was the port people use to hack into your computer? Is it possible somebody has already hacked into my computer and added and removed files? Is there a way for me to close these ports via windows firewall or my router without affecting performance of my vpn. Is it possible they can close them? Thank you for reading all this, i'm gonna email them but i want to make sure i know what's what before i do. I look forward to your responses. Last edited by mike70sk : July 23rd, 2012 at 08:06 AM. |
|
#2
July 23rd, 2012, 01:46 PM
|
|||
|
|||
|
Re: Swiss Vpn Leaving ports open
That is very odd! I would stop using that SwissVPN setup immediately!
While you're using a VPN, the ShieldsUP! test at -https://www.grc.com/- should be probing the VPN's exit node, not your computer. VPN exit nodes are typically running Linux or BSD, so NetBIOS intrusion is not an issue. Ideally, all ports are stealthed. VPN exit nodes typically do respond to ping requests, and fail that part of the ShieldsUP! test. If ShieldsUP! is reporting that ports 135, 139 and 554 are open, and that your computer and network names are visible, it seems that SwissVPN is configured to forward all open ports. That's very unusual. Some VPNs allow you to forward ports for torrenting, but not NetBIOS etc ports. If you like, you can post the VPN connection log, with IP addresses etc redacted. |
|
#3
July 23rd, 2012, 03:46 PM
|
|||
|
|||
|
Re: Swiss Vpn Leaving ports open
Hi thanks for responding. Last night i reinstalled windows7. so i would have to much of log
Do you think with ports open i was hacked ? when i run grc it does show the swiss ip but then it knows my computer name sorry for the newbie question but how do i go about posting VPN connection log ?, with IP addresses etc redacted ? |
|
#4
July 23rd, 2012, 08:40 PM
|
||||||
|
||||||
|
Re: Swiss Vpn Leaving ports open
Reading SwissVPN's FAQ -http://www.swissvpn.net/index.php?cot=faq- I see this:
Quote:
Quote:
 Quote:
 If you reinstalled Windows, however, your SwissVPN connection may not be configured the same way. Quote:
Quote:
What connection type do you have: PPTP, OpenVPN, SSTP or L2TP? Quote:
|
|
#5
July 23rd, 2012, 10:49 PM
|
|||
|
|||
|
Re: Swiss Vpn Leaving ports open
Hi, i normally use SSTP but i changed to PPTP to see if it would get the same result and it did. Fire Wall Off and On same result.
I don't use a client its just configured in windows 7. I emailed them and will post there response when i get it. I like using swiss vpn, its cheap, its fast for using p2p. Switzerland has very tough privacy laws. They do log but wont hand it over unless the Swiss department of justice demands it. Switzerland is not in the EU and not subject to there laws. In Switzerland piracy is legal for personal use, after they had a study showing piracy has no effect on the entertainment industry. It would be shame to give that all up, but i cant have open ports like that! |
|
#7
July 24th, 2012, 01:00 AM
|
|||
|
|||
|
Re: Swiss Vpn Leaving ports open
for all thats intrested here is my email coresopende with swissvpn
Hello, > i i have been using SwissVpn for about 6 months now. yesterday i did > an online port scan at http://www.grc.com/x/ne.dll?rh1dkyd2. when > my vpn was off there were no problems. > > But when the vpn was turned on (with and with out the firewall) I was > astonished to see that it new the name of my pc and my home network > name and that accepted an anonymous connection from another machine > . It also said unbind\" the \"File and Printer Sharing. > > So i run the full scan and port 135 DCOM Service Control Manager and > port 139netbios-ssn are open as wells as 554 Real Time Stream > Control Protocol. > > Its my understating that the netbois is what hacker use to get into > your system > > I have a few questions > > Is this normal, do all users of swissvpn have ports 135 139 and 554 > open? Open ports are related to the set up of your PC which means your PC firewall is open and there is a program (listener) active on these ports. Your either close the ports through a firewall or shut down the listening program. > Is it possible somebody has already hacked into my computer and added > and removed files? Can't say from here, but it surely is possible. Only a more detailed check of your PC can tell. > Is there a way for me to close these ports via windows firewall or my > router without affecting performance of my vpn. Yes, should be possible. > Is it possible swissvpn can close them? You can use the Firewall version of SwissVPN which by default is blocking all incoming traffic. However it is normal to have open ports. Without certain ports open your PC would not work properly on network environments so it's not a vulnerability by default but can be if additional things happen. E.g. open Netbios port allow to e.g. share files on a local network which is not a problem as long as your PC uses appropriate login setup.Not using such login setup opens your PC to the world which certainly is not a good idea. So this is a complex issue and you should consider looking for specialized help. Using SwissVPN firewall version at least makes sure that you cannot be contacted from the Internet on network level (but may inhibit proper working of torrent or other communication based programs unless you open certain ports again) -- Kind Regards new email I have the swisvpn firewall on and those ports 135,139 and 554 were open. I never opened them and if swissvpn never opened them maybe my computer has been comprmised. I do have it set to open a port for bittorent speed but it not any of the above ports. Please advise |
|
#8
July 24th, 2012, 02:25 AM
|
|||
|
|||
|
Re: Swiss Vpn Leaving ports open
SwissVPN's answer is consistent with what I've read on their website. But I'm puzzled. I've used several VPNs. Most don't even allow open ports to be forwarded to the exit node. Some do allow that, such as BolehVPN and Mullvad, but you need to set it up. However, my experience is limited to OpenVPN, so what you're seeing may be normal for SSTP and PPTP. Either way, it's not good.
|
|
#9
July 24th, 2012, 12:31 PM
|
|||
|
|||
|
Re: Swiss Vpn Leaving ports open
They emailed me again and said it was cause my firewall was turned off on my account' Its true the firewall is off on my account, that's because i changed it to off to test it both ways, I turned it back on ran the scan and same 3 ports on.
I did not change anything in windows firewall plus i reloaded windows it should have changed it back to normal They claim they shouldn't be open. So does this mean i was hacked if so, what should i do change my banking and other passwords and scrub my drives, or at least scrub the free space? i use program file shredor to erase, but it works so fast i wonder if it actually does anything. does erazor work with sata drives now? should i I i could try the free openvpn with swiss vpn, does this client have an option to close your internet connection if you loose connection with the vpn? also can anyone recommend another vpn and if possible has a test account and or small trial period? ok i closed the ports in windows firewall now it stills shows my name and home network, but the ports are stealth with and with out there firewall. but it does add Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation. is that good enough or should i block the firewall ports as well? thanks again for reading all this Last edited by mike70sk : July 24th, 2012 at 01:31 PM. |
|
#10
July 24th, 2012, 02:31 PM
|
|||||||||
|
|||||||||
|
Re: Swiss Vpn Leaving ports open
Quote:
Quote:
But the point is that these open ports should not be visible through a VPN unless explicitly configured. You shouldn't need to firewall your VPN to prevent port forwarding. At least, that's been my experience with OpenVPN. Quote:
Quote:
Even so, it's probably wise to assume the worst. Use an Ubuntu LiveCD for everything. Change all of your online passwords. Copy all of your data files to clean USB drives, in duplicate. Use dd to fill your drives with zeros. Then reinstall Windows, and copy your data files back. Quote:
Quote:
Quote:
Quote:
Quote:
|
|
#11
July 25th, 2012, 02:23 AM
|
|||
|
|||
|
Re: Swiss Vpn Leaving ports open
Hi again
when you mentioned about my media server it got me thinking that when i reloaded windows i did not set up the media server and it still got the open ports when using vpn (not open when normal) so what it did is i disabled windows firewall totally and ran the shields up everything was fine when normal, but when the vpn was on (with and with out firewal)l (you can disable/enable it in your accuont if you paid for it) the ports were all open again!! so either there system is messed up or there spying on me. Do Not Purchase SwissVpn im not even gonna bother trying there openvpn, i have a couple of weeks left but im never using swissvpn again. The scan said that it could connect and get my computer name but it said it could not find any active shares. Would you say the chance i got hacked its pretty slight.? I have me internal hard drive and 2 external ones, and im full up with media and do not have anywhere else to move around files. Can i just scrub the free space can you recommends program to do that? Is there program for me to search for files, ones deleted but also ones on the hard drive in case i was hacked and some file is on there. I am looking into your recommendations for vpn. I see that some have servers in Canada and the USA, does that mean it would be faster to connect to those servers for torreting and if i use the overseas ones it will be slower? Im a little Leary about servers in Canada and the States, i know most claim not to log but there has been cases where vpns claimed not to log but did and kept them and gave them away, either to get money for entertainment parasites or to lesson any charges they face swissvpn promises a safe surf, but as it turns out it has been anything but! once again my thanks ok im trying the Mullvad the only port open is 22 SSH Remote Login Protocol am i correct to assume it just a conection for the vpn and is safe? its much faster then svpn, one thing i dont understand is it says What is Exclude Swedish traffic? Traffic to Swedish destinations is routed outside the tunnel to better deal with the Swedish FRA surveillance system from inside Sweden. Don't use it unless you know you need to. Its left unticked by defaut. am i spossed to tick it to exclude it or leave it alone, based on what i read i think im sopped to tick it to exclude I did notice that the cpu went up from 25 percent and 50 percent making the fan go crazy and the computer is in the bedroom got a week trial of bollehVpn, also very fast, port test 100 percent steath Last edited by mike70sk : July 25th, 2012 at 07:59 AM. |
|
#12
July 25th, 2012, 10:34 AM
|
|||||||||||||||||
|
|||||||||||||||||
|
Re: Swiss Vpn Leaving ports open
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
|
|
#13
July 27th, 2012, 07:09 AM
|
|||
|
|||
|
Re: Swiss Vpn Leaving ports open
hi i been trying out bollehVpn, the first day was great i was maxing out my connections get 1200kbs on big bittorent files, i also like the us server cus i could listen to pandora,
The next day my speed has gone down to less then dial up, they said my configuration was messed up and want me to email them my password and login and to give them remote access to my computer. Is this advisable  ?there post: Looks like a misconfiguration of some sort. Maybe we can arrange a Teamviewer session? You can obtain Teamviewer here: http://www.teamviewer.com/en/download/index.aspx I would really like to keep them if the service can back to the day one, but unsure what to do, |
|
#16
July 27th, 2012, 04:46 PM
|
|||
|
|||
|
Re: Swiss Vpn Leaving ports open
yeah thanks, you guys confirmed what i thought, that it was not a good idea, if they cant get it working through email/chat/messages board i will have to find another provider.
I like the fact i can listen to Pandora on it. Maybe all go back to Mullvad for tornenting, but i cant have a usa proxy. Are there any inexpensive proxy out there like 3 bucks a month or something. All i can find is free ones that don't work or ones where they want more then what vpn costs. Last edited by mike70sk : July 27th, 2012 at 04:53 PM. |
|
#17
August 3rd, 2012, 05:14 AM
|
|||
|
|||
|
Re: Swiss Vpn Leaving ports open
I just want to update that i was able to resolve the issue with BolehVPN with out the need of remote assistance. so far i'm liking it fast downloading for torrents, and us and uk servers to watch streaming media.
I guess SwissVpn's screw up was a good thing after getting the recommendation on the board for BolehVPN . I noticed that on most servers port 22 SSH Remote Login Protocol was wide open, think its something between the sever and my computer and its safe? Also some servers i get the following messages No return dns Many Internet connection IP addresses are associated with a DNS machine name. (But yours is not.) The presence of "Reverse DNS", which allows the machine name to be retrieved from the IP address, can represent a privacy and possible security concern for Internet consumers since it may uniquely and persistently identify your Internet account — and therefore you — and may disclose other information, such as your geographic location. im not sure what that means, i know you can use the dns from BolehVPN, should i do that? |
|
#18
August 3rd, 2012, 11:14 PM
|
||||
|
||||
|
Re: Swiss Vpn Leaving ports open
Quote:
Quote:
Quote:
Quote:
|
|
#19
August 4th, 2012, 12:58 AM
|
|||
|
|||
|
Re: Swiss Vpn Leaving ports open
thanks for the quick rely, yes that was from the grc, so i assume its ok to keep the same dns? or would there be other advantages to using there dns if your not seeing port 22 maybe i should close it in my router, hopefully that wouldn't affect the us of the vpn.
|
|
#21
August 4th, 2012, 03:39 AM
|
|||
|
|||
|
Re: Swiss Vpn Leaving ports open
ok so i ran the test 3 servers found 1928 Queries received, Anti-Spoofing Safety: Excellent on all 3 servers.
One server was called b.root.lu and the other 2 servers were my isp,s |
|
#22
August 4th, 2012, 04:05 AM
|
|||
|
|||
|
Re: Swiss Vpn Leaving ports open
That's not good. VPNs should be set up to use their own DNS servers, or others that aren't associated with you (Comodo, OpenDNS or whatever). What OS do you use? Are you using BolehVPN's client? Or OpenVPN? Or?
|
|
#23
August 4th, 2012, 04:17 AM
|
|||
|
|||
|
Re: Swiss Vpn Leaving ports open
Im using there client, there was some mention that you could use there dns so i think i could just input there dns number? using windows 7 ultimate. or is googles dns an option or open dns ? I just remembered i downloaded this rss feeder called miro and itunes as well, then i uninstalled them, i think miro may have opened port 22 and not closed it after the unistall. Ok i removed the rules for the programs in windows firewall and even restored windows firewall to defaults and im still getting the 22 open when i scan with the vpn, when i scan with no vpn its steath
Last edited by mike70sk : August 4th, 2012 at 05:49 AM. |
|
#24
August 4th, 2012, 02:51 PM
|
|||
|
|||
|
Re: Swiss Vpn Leaving ports open
I don't have an active BolehVPN account, so I can't check. And I didn't use their client, in any case. Maybe another BolehVPN user can check for open ports.
I recommend using either BolehVPN's DNS server, or OpenDNS. |
|
#25
August 4th, 2012, 06:43 PM
|
|||
|
|||
|
Re: Swiss Vpn Leaving ports open
does the result of the dns test mean that, when im downloading with utorent, my real ip could be reveled to other users, like the ones that log it for the entertainment industry
?I have 4 days left on my account, I wonder if BolehVPN puts more concern with fast downloads and less security. Is there any other vpns any one one the board can recommend, that would have safe fast uttorent in a server not in Canada and the USA , and USA media streaming option? |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
