Finding Open Ports on Your Computer

Discussion in 'other security issues & news' started by djuggernaut, Oct 12, 2005.

Thread Status:
Not open for further replies.
  1. djuggernaut

    djuggernaut Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    10
    Hi,

    I'm new here and I hope this is the right place to post this. I'm running kerio personal firewall 2.1.5 and I wanted to test it and see how good my network security was. I went to a few sites on the internet (sheilds up and audit my pc) and tested for open ports. These sites showed open ports only when my firewall was turned off. However I wanted to find freeware that i could run to check more easilly (after changing firewall settings or whatever) if i had open ports. So i downloaded a number of free port scanners and scanned myself 127.0.0.1. Almost all of these showed open ports (for example 110,138,445). Are these wrong or what is going on. I configured my firewall to let the port scanner make outgoing connections. I don't know a whole lot about networking... is there something wrong with scanning yourself? could someone please explain what is happening. thanks.
     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    Hi djuggernaut,

    Aside from those two sites, try http://scan.sygate.com to determine if your ports are stealthed, i.e. blocked, as opposed to closed or open. A blocked or stealthed port will cause the firewall to drop unsolicited port scans to that port with no response, whereas a closed port will respond with a closed response that informs the person doing the port scanning that there is a computer behind the IP address just scanned. An open port that can be detected by an external port scan is, of course, not very desireable from a security point of view.

    You can also download and run the http://www.firewallleaktester.com tests - be careful, as your AV may quarantine some of them when scanned after you download them if they can be downloaded in some cases depending on how strong your network virus/worm scanner of incoming traffic is. Read the website before you attempt this.

    -- Tom
     
  3. AvianFlux

    AvianFlux Registered Member

    Joined:
    Dec 7, 2004
    Posts:
    237
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    The simplest way to test your software firewall is at the online sites. Scanning yourself from your own system is done locally, 127.0.0.1 which is the localhost address. This is not testing your Internet facing IP or your firewall rules for usnolicited inbound traffic from the Internet.

    If you are interested in seeing what ports/services are open/listening on your system you could use netstat at the command prompt. Kerio will also show these in it's interface. There are also port mappers you could use for this:
    TCPView
    Active Ports
    Vision
    Port Explorer

    Keep in mind your system will always have some services/ports open/listening and that is why firewalls are needed to protect these services.

    Regards,

    CrazyM
     
  5. Arup

    Arup Guest

    Are you behind a router? Also is the IP shown on the scan sites your actual IP? If you can answer me these questions, maybe I can find out why your ports are showing open.
     
  6. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    If I understand correctly, you are scanning internally using the software you downloaded? If so, that is likely why ports 110, 138, 445 are showing open. Those are stealthed by your ISP and evidently not by Kerio. No need either to set Kerio to stealth those ports if your ISP is doing so. So, if you aren't going through your ISP for the tests then they are not going to show stealthed. What about 113? If it is showing closed, but not stealthed do you have a router and which brand?
     
  7. djuggernaut

    djuggernaut Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    10
    hey,

    I do not have a router personally but am connected through my college internet.
    Thanks a lot CrazyM and Mele20 that answers my question about why online scans show stealthed but internal port scans show open.
    One more question... i downloaded windows worms and doors cleaner and i was wondering what things will stop working on my comp if i disable the first three items (DCOM RPC, RPC Locator, and NetBIOS).

    thanks a lot for all your help guys
     
  8. AvianFlux

    AvianFlux Registered Member

    Joined:
    Dec 7, 2004
    Posts:
    237
    I've disabled all WWDC items on my XP machine with no adverse effects. Localhost port scans now show all of those ports closed.

    Disable all WWDC items to discover any issues that may arise. You can always undo/enable them if there's a problem.
     
  9. Why wouldn't kerio "stealthed" those ports?

    Seems to me whether these ports are filtered by your ISP or your firewall the result should be the same. Scanning internally , won't take into account either of these two layer??
     
  10. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Kerio should stealth those ports but I assume there is something wrong with its setup. I don't use Kerio and never have so I can't advise on what is wrong with the rules. I was just saying that the ISP is stealthing those ports so it doesn't matter in a practical sense that Kerio is misconfigured.

    Here's an excellent Kerio support forum to ask in:

    http://www.dslreports.com/forum/kerio
     
  11. djuggernaut

    djuggernaut Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    10
    Are you saying that the internal scan gets filtered by kerio, but the online scans get filtered by both kerio and my ISP? And so kerio is misconfigured to leave these ports open but in reality it doesnt matter because the ISP is eventually doing the job? Would this affect my security on a LAN or no... would the ISP filter things through the LAN?
     
Loading...
Thread Status:
Not open for further replies.