Port 623 0pen

I just did the Shields Up test on my new computer using LNS 2.06 P3 and everything shows Stealth except Port 623 which shows Open using any ruleset... I get the same results at PC Flank.

It is associated with ASF Remote Management and Control Protocol.

Remote access service is disabled on this computer,

Port Explorer shows no connection to Port 623, so the question I have is how do I close this port?

I am running Windows XP with SP3 installed.

 

Do you have a router for your internet connection ?
If you have a router, then this port is probably open by it, and you need to check its configuration to disable a remote control feature.

Regards,

Frederic

 

Nope, no router, just using the motherboard's ethernet connection. Didn't have this problem with my old computer.

 

It is strange one specific port is affected.
Is the IP address displayed in the welcome page of Look 'n' Stop the same as the one displayed by GRC just before starting the test ?
Are you using the Enhanced Ruleset ?

Thanks,

Frederic

 

Yes, IP addresses are the same. It doesn't seem to matter which ruleset I use, I currently am using the latest Phantom ruleset V 8.004, but I get the same effect with any of the others as well.

My motherboard uses the Intel 82567V-2 Gigabit Network Adapter. Is there a rule I can create to close Port 623, for both TCP/UDP and if so, where should it be placed?

 

Different ISPs gives out modems with integrated router functionality, if you can access the modem configurations, you might have to call the ISP.

If you Windows Firewall is enabled, you should try disabling and re-booting and re-running the test.

... Using TCP Viewer, does your system listen on that port?



Regards,
Phant0m``

 

If you want to test anyway a specific rule blocking this port, you can import the rule described here:
http://www.looknstop.com/En/rules/rules.htm#TCPserver
and just replace the 55555 by 623. You can let the rule at the top of the list (for any ruleset). This is the better position to be sure it is applied.

But probably it won't solve the issue. If it does finally, there is another rule in the ruleset which opens the port, and it would be interesting to know which one.

Frederic

 

Frederic... adding the TCP server or TCP Client rules to the ruleset have no effect.

Phantom... I've never used TCP Viewer, how do you use it to see if my internet connection is listening on Port 623?: )

 

Do you still have the old computer, to make the same test ? I would like to know if the problem is really happening only with your new computer.

Either there is really a (new ?) way to bypass the NDIS usual stack to handle this port and Look 'n' Stop is not able to detect it,
or the scan on port 623 is answered by an intermediate machine between your PC and the GRC server,
or maybe it is linked to a special feature (like AMT) of the ethernet chip of your new computer.

Frederic

 

No, my old computer had the PS and MoBo burn up, so they are gone beyond recovery.

The only real difference other than hardware is that the vendor installed SP3 in a clean install of Windows XP.

If I send you my IP address by e-mail can you test my computer and LNS from your end?

 

I did some tests with your IP address, and to my surprise, it appears your PC is really answering to this port.
I measured the number of hops with tracert, and then verified with nmap and the --ttl option the port was open only with this number of hops.

So, it is very strange, I've no explanation so far
Waiting for a new test with another hardware.

Frederic

 

Well, I got it fixed... finally.

I disabled the Wake on LAN function in the motherboard BIOS, but that killed the internet connection so I put in a PCI LinkSys 10/100/1000 Gigabit Network Adapter and that fixed the problem... all ports now Stealthed.

In case anyone is interested my new computer has the Intel DG43NB motherboard and this board's ethernet connection is the Intel 82567V-2 Gigabit Network Connection and Port 623 has to be held Open for the Wake on LAN function and apparently there is no way to close it... sucks doesn't it, I guess if you get a computer with this Motherboard and don't want Wake on LAN you'll have to put in a PCI network card as well if you want a secure internet connection.