Hello, I have a laptop I plan to use in public locations, and I know that some of the networks I will be using don't have client isolation. I'm really only concerned with inbound connections, so I was wondering if the built in vista firewall is good enough, if I use the block all inbound connections (which ignores rules and supposedly blocks everything). I am asking because I set it up this way, and did a port scan on it from another computer on my home network. The laptop does not respond to ping, however some ports did show as open. I did a port scan for 1-1024, and about 5 ports showed up, 21, 25, etc. When I tried to telnet to these, it would eventually error out, as opposed to getting a could not connect message if the destination really didn't exist. So I guess that means the connection is somewhat established, but Vista firewall then drops it? I am wondering if all firewalls will react in the same manner (giving a connection error that confirms a machine/port is really there), and just how secure Vista firewall is at blocking inbound connections since it does allow this quasi connection instead of dropping it as if the machine were not there at all. Sorry for the length, I was trying to be concise, but I'm not very good at that. Thanks in advance for any advice, Scott
There are many kinds of port scans, so you need to give detailed info. Exactly which packets did you use for scanning?
I didn't know the type of packet mattered. I used angry ip scanner, so whatever that would default with, I guess?
I have checked this Angry IP scanner, and it does various kinds of scans on TCP, UDP and ICMP. IT performs a TCP SYN scan among others, this is what showed ports as opened. Check firewall for any inbound rules. Telnet will use TCP protocol on port 23, so if that one didn't show as open, that's the reason for connection failure. A connection cannot be "somewhat" established. If port 23 is closed, initial (SYN) packet is immediately dropped by Windows Firewall. Telnet just waits for connection timeout before it errors.
Well, after typing a big long thing with all sorts of questions, because none of this was making sense, I decided to use angry IP scanner on a network address that isn't there, and it still showed those ports open, so yea... Not too sure what this thing is doing, do you have another port scanner you would suggest to try out on Vista firewall to see if it is safe for public networks? Also, angry IP scanner did show the correct hostname for the vista machine, does that mean vista is letting something in, or is your hostname something you broadcast on the network, regardless of your firewall rules? Thanks for your help, Seer. Scott
