AVG Firewall and GRC

Discussion in 'other firewalls' started by Firecat, Apr 25, 2007.

Thread Status:
Not open for further replies.
  1. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Hello,

    I was testing the AVG Internet Security Firewall on GRC. On scanning all service ports, I see that every port is stealthed except port 1035, which is open. Why is this? Is someone here familiar enough with AVG's firewall to tell me how I can get stealth on this port?

    I am on a dial up connection with a modem based on an HSP56 MicroModem chipset (PCTEL/Conexant PCT1789), if this info is helpful to anyone.
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    You can stealth any "closed" port by forwarding it to a non-existent local IP, like 192.168.32.222.

    Could you do a little test? Disconnect from the net. Reconnect. Redo the test. See if it's the same port that remains closed or another one.

    Mrk
     
  3. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Port 1035 is reported as Open, not closed. GRC and PC Flank say that its open, while speedguide.net and AuditMyPC say that its stealthed. This happens regardless of how many times I reconnect.

    As for forwarding ports to a non-existent IP, I can only see options for application and protocol level configuration in the AVG Firewall, not individual port level. I think I'll ask Grisoft about this.
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    If you are connected directly (no router) to the internet, then you would need to check what is listening on that port, so you can check the firewall rules to block/filter that application.
    One such program that you can use to check what is listening on what port is Openports
     
  5. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    It seems that a file named javaw.exe is listening on port 1034 at the moment. Every time a port is reported as not stealthed, this application (javaw.exe) has something to do with it. I used sysinternals' TCPView application to see the below info:

    Where the first column is the process, second column is the protocol, third column is the local address, fourth column is the remote address, and fifth column is the state of the connection. Now, I myself allowed this application to access the Internet because it is part of the Java Virtual Machine component. I'm not sure what would happen if I blocked it. :doubt:
     
    Last edited: Apr 25, 2007
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I know very little of "Java Virtual Machine". But will go as far as saying,... many such programs do require access in/out to the localhost for various reasons, and blocking this can cause problems, even make an application fail. But listening on port from the internet, well, this should/needs to be checked. I peronally would change the settings in the firewall to block unsolicited inbound to this application.

    Edit,
    Just to add, to alleviate your concern on blocking internet inbound to this/any application. No application on your PC requires unsolicited inbound connections to function on the PC. Unsolicited inbound is only needed/or may be required for server software, such as P2P/torrent clients. Some AV`s may have an option, such as (example)defence-net, where alerts are given out and that AV may listen for such alerts, but blocking/disabling such in an AV does not stop its main function. So a need to check on settings/options within an application is needed.
     
    Last edited: Apr 25, 2007
  7. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Thanks for the info, I got all ports to stealth by creating an advanced application rule for javaw.exe which allowed certain services and blocked all others. I am, however, still wondering if I have allowed too much services, but I will ask this question to Grisoft.
     
Loading...
Thread Status:
Not open for further replies.