Conflicting port scans

Discussion in 'other firewalls' started by Johkaz, Apr 1, 2005.

Thread Status:
Not open for further replies.
  1. Johkaz

    Johkaz Registered Member

    Joined:
    Sep 19, 2003
    Posts:
    40
    Hi,

    Firstly, i am a networking newbie, so please go easy on me. :oops:

    Secondly,

    I am wondering if anyone can help me a problem i have regarding my computer and network?
    My setup is as follows:

    Two computers both using XP Home and up to SR2 level.
    Both have all of the latest updates from Windows Update.
    Both using the latest Zonealarm Free as a firewall.
    Connected by straight through cable to a D-Link DI-604 Router.
    Which in turn is connected to my ISP's Cable Modem.

    Both have an address of 192........ via the router.
    And the ISP address is 82....... via the modem.

    I have setup in the router software the 192. address for both computers.
    And i have also run the Windows XP Network Wizard again on both computers.

    But here are the questions....

    1. Neither computer can see the other one in Windows Explorer?

    2. I have run two port scans on both computers and the results are as follows:

    PC Flank - Quick Test (IP Address) - port 139 is visible, and my browser settings can be seen.

    Gibson Corp - Shields Up - File Sharing Test - No port 139 showing open and no access to Netbios.
    Common ports test showing Closed - 113
    Common ports test also showing Open - 1720

    3. Can anyone explain the different results please?
    4. And explain how i setup both computers to show folders?

    Many thanks in advance.
     
  2. Jazzie1

    Jazzie1 Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    174
    Hi

    Seeing you are being a D-link 604 router, did you configure your router, since it has an advanced firewall?? Did you set up home networking and allow Netbios traffic? How is ZA set up to handle network traffic?

    CU
    Jazzie
     
    Last edited: Apr 1, 2005
  3. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Johkaz

    For your ZA setup on the systems behind the router you have a couple of options.
    The simplest is to add your entire LAN to the trusted zone. This would mean adding the subnet ie. 192.168.1.0 255.255.255.0
    The other is to add individual IP's of trusted systems on the LAN to the trusted zone. For this to work properly these systems should have static IP's and not dynamic ones assigned by the DHCP server on the router.

    For your router setup check your configuration options and disable anything that you do not require ie. remote admin, UPnP, ICMP, any forwarding/pass through for services that may be enabled by default. It is the router that deals with unsolicited inbound scans so this is where configuration changes will need to be made in regards to the results you got.

    Regards,

    CrazyM
     
  4. Johkaz

    Johkaz Registered Member

    Joined:
    Sep 19, 2003
    Posts:
    40
    Hi,

    Thanks for the replies.
    I have read the manual, but i am still unsure of what needs to be changed.
    Regarding what i have done with the router so far is:

    I ran the Wizard at the start, and i had to choose Dynamic IP Address.
    I went through the password setting up. (Unsure of how to change this)
    The timezone was setup as Europe.
    I did not Clone an address, as i have no information from my ISP about this.
    And after that i restarted the router.

    (I chose Static IP Address when i ran the Wizard before, and i could not connect to the internet afterwards.
    As i think the router was blocking connections.
    And i also enabled the Firewall on the previous setup, and after restarting, i could not connect to the internet.)

    So this time i have just done as described with the Wizard above.

    I have found in DHCP Server, it is enabled and it has a start and finish address, set for a week?
    At the bottom of the same page, it has the names of mine and my son's computer, but my son's computer has a different IP address.

    Virtual Server - nothing selected and nothing ticked
    Special Application - nothing selected and nothing ticked
    Filters - nothing selected except IP Filters and nothing ticked
    Firewall - nothing selected and nothing ticked
    Dynamic DNS - Disabled
    DMZ - nothing selected
    Remote Management - Disabled

    In Device Information/Status/LAN it says DCHP Server - Enabled (Do i need this set as this?)
    In Device Information/Status/WAN section it says - DHCP Client Disconnected
    The Log settings have nothing selected, and all Log Types are selected

    CrazyM
    I am unsure of where the remote admin, UPnP and any forwarding/pass through for services are located as you have said

    Jazzie1
    Regarding Zonealarm Free, i got the IP address from the Local Area Network Connection in Network Connections.
    I then added it to the entry in Trusted in Zonealarm Free, above the address for my network card.
    All i have done on the computer itself in XP Home, to setup the Network is just run the Networking Wizard.
    And i chose Connection Method - Other, i then chose the top option on the next screen. (Connects directly through a hub)
    I then chose a name for the computer, no to the disk and then finished the Wizard.
    This was also carried out on the other computer as well.
    Regarding Netbios i did not allow that out i think, and i am unsure of how Zonealarm is setup for Network traffic.

    I think that i have helped as much as i can, with my very limited knowledge on this matter.
    And i hope that i have answered all the questions.

    Because over the last 10 days i have had to sort out this problem below, before i could even get to this stage...

    http://forums.practicallynetworked.com/showthread.php?s=&threadid=5353

    So please bear with me if i do not understand, some of the terms or meanings that you describe.
    As this has been an intensive steep learning curve for me.

    Thanks in advance.

    Gary
     
    Last edited: Apr 1, 2005
  5. Jazzie1

    Jazzie1 Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    174
    Like CrazyM stated, traffic is filtered inbound through your router. I would suggest, that you first turn ON the firewall on the router, if you have it ticked off. Second (on both PC's), go to start_settings_control panel_network connections, local area connections_(properties),tcp/ip (properties) & and change the ip from automaticly assigned (DHCP) to use the following ip :

    192.168.1.***
    255.255.255.0
    192.168.1.*

    DNS: 192.168.1.*
    (Same as gateway above)

    you can check the ip range that is given to you through your router. Just go to the DHCP option and see the range to choose an ip for the above for both pc's....

    Next if you have all the correct settings for your network adapter (client for microsoft network & file and printer sharing) checked and enabled (binded) then test your settings by first disabling the fw on ZA (both) Just go to the the FIREWALL_tab in ZA and turn off (slider bar) the firewall (temporarily) and check to see if you see one another through Windows explorer. If so you will have to disable that! After you are able to see each other, go to each firewall (ZA) and slide the bar to medium (Trusted) & High (Internet). Next, go to Advanced tab (bottom right of the Firewall tab) and check that you have 'Block Internet Zone Server' & 'Disable Windows Firewall'. Then go to the Zone_tab and make sure it is set for 'trusted' and not internet. Then you should be able to see each other, seeing that you both use the same gateway. If not, then there is another issue I am aware of. Let us know your findings after you do that. ZAP pro has more setting than the free version. But it should still work, just the same.....

    Thanks
    Jazzie
     
  6. Johkaz

    Johkaz Registered Member

    Joined:
    Sep 19, 2003
    Posts:
    40
    Hi,

    What i have done so far:

    I have written this out after i have done it all, and i am trying to remember what i have done.

    In the Router, i have not set the firewall working at the moment.

    I put into both computers, the Network Connections, Local Area Connections, (Properties),TCP/IP, (Properties), the addresses that i had in DCHP part of the Router screen at the bottom.

    Then i disabled the Firewall by using slider bar in Zonealarm Free, and i could only see the following in Windows Explorer:

    On my computer all i have is MSHOME (with no other folders)

    On my son's computer all i have is Printers and Faxes, Scheduled Tasks

    On both computers i have both mine and my son's IP addreses in the Trusted zone in Zonealarm.

    Both Network Connections on both computers, have the Local Area Connections saying:

    Connected, Firewalled

    I have run the Network Wizard again, and this time chose "This computer connects to the internet therough a residential gateway or through another computer on my network"
    Then i went through each step again, yes to file and printer sharing, assigned the name MSHOME to both, no disk made, finish.
    On my son's computer it said that i had to reboot it, but not on mine.
    So i rebooted mine to see if it will make any difference.

    After doing all of this i lost my connection to the Internet somehow?

    The current state of affairs with what i where:

    On my son's computer i have in Windows Explorer:

    MSHOME, Home (my own computer) , SharedDocs, Printers and Faxes, Scheduled Tasks
    Another SharedDocs folder and when i clicked on this i got a message box with "Shared Docs is not accessabled", Network Path not found

    On my computer i have in Windows Explorer:

    MSHOME, Home (my son's computer), SharedDocs, AOL Downloads, (left over frOm AOL), Printers and Faxes

    I have also because now i cannot access the internet at all somehow.
    Shut everything down, and rebooted with modem first, then router and then the computers.
    To see if that will sort it all out.

    I suspect that something i have done on the router screen is blocking the internet.
    But, i can't get to the screen to change it as i have to be online to do it.

    After rebooting everything,on both computers i got a screen asking about "Working Offline".
    I chose to go online, but nothing came up, no internet connections on both computers.

    On my son's computer i have in Windows Explorer:

    MSHOME, Home (my own computer) , SharedDocs, Printers and Faxes, Scheduled Tasks
    Another SharedDocs folder for my son's computer
    And a SharedDocs folder for my own computer

    On my computer i have in Windows Explorer:

    MSHOME, Home (my son's computer), SharedDocs, AOL Downloads, (left over frOm AOL), Printers and Faxes

    And i still cannot get online to check the Router settings.
    Even if on both computers i change the Zonealarm Free settings to "Internet Zone Security", Medium.
    And the "Trusted Zone Security" to off

    So get online to post this i have had to disconnect the cables from the router, and try that way.
    Still no connection at all.
    I then have had to reconnect the cables, and disable Zonealarm itself.
    Still i have no connection to the internet from any computers. (Work offline message again)

    I have reset the router by the little button on the back. (back to factory settings)
    But still i cannot get online, this will teach me to muck about with things. (Work offline message again)
    And to post the same question on two different forums, because i am now totally confused about what to do next.

    I have reset "Local Area Connections" back to "Auto Address", and still no connection to the internet.
    So i switched off/on the modem and router and still no connection.

    Also i have to let you know that i have had a reply to my post about this on another forum.
    And i think that i may be getting a bit confused about what to do next.
    So please allow me to show you the other post about this matter.

    http://www.broadbandreports.com/forum/remark,13063340

    To get online i found out that the DNS was still selected in "Local Area Connections", Properties i un-selected it and got online directly without the router connected.

    Please do not be insulted about how i asked on the other forum, it was just me being an idiot and cross-posting.

    Sorry

    So at the moment i am back to square one, and the router disconnected, and Zonealarm re-installed.
    And the network on my computer back to the start again.
    As i chose connect directly to the internet.

    Gary
     
    Last edited: Apr 2, 2005
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Gary

    To get things working let's keep it simple.

    If you have reset the router to defaults, leave it that way.

    In the network settings on your PC's leave them set at the default (obtain IP automatically, obtain DNS servers automatically, advanced - NetBios over TCP enabled).

    Make sure all systems behind the router have the same workgroup name and the necessary file/printer sharing enabled.

    In Zone Alarm - Trusted Zone - Add Subnet - 192.168.1.0 255.255.25.0 (this being an example and default for a lot of routers, but yours may be different). If you need help in determining the correct subnet, let me know. Leave the Trusted/Local Zone slider at the default Medium.

    Regards,

    CrazyM
     
  8. Johkaz

    Johkaz Registered Member

    Joined:
    Sep 19, 2003
    Posts:
    40
    Hi,

    Sorry for not posting before.
    But, i have both mine and my son's computer's working properly, without the network.
    I may get back to setting that up at some time, but the priority for me was the security aspect because of the Broadband connection.
    I did a firmware upgrade for the router, and blocked Netmeeting in the router firewall settings.
    And when i checked on the GRC website, it said all of my ports are now stealthed.
    I checked on the Blackcode website to make sure, and that agreed with the GRC result.
    So at the moment i am reluctant to change anything more, in case i end up mucking it up again.
    As the computer's in my house have a problem, that only seems to occur when the owner decides to change something.

    Thanks to everyone for the help.
     
Loading...
Thread Status:
Not open for further replies.