How can I remedy this???

Discussion in 'other firewalls' started by bounty69sx, Sep 13, 2004.

Thread Status:
Not open for further replies.
  1. bounty69sx

    bounty69sx Registered Member

    Joined:
    Jun 5, 2004
    Posts:
    46
    Location:
    Montana, USA
    I was playing around with my ZAP and went to Gibson's site and got this as part of my result. How can I improve this? I welcome all suggestions. Thanks.




    Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.



    Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)



    Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.


    21
    FTP
    OPEN! FTP servers have many known security vulnerabilities and the payoff from exploiting an insecure FTP server can be significant. This system's open FTP port is inviting intruders to examine your system more closely.

    23
    Telnet
    OPEN! Telnet provides a remote command prompt window which allows remote systems to be configured and controlled. Any system that appears to be offering a Telnet connection — like yours is right now — is offering the potential for total command-level access. Since a surprising number of Telnet servers are known to have no password, this open Telnet port will be attracting a LOT of the wrong kind of attention. If your network contains a residential NAT or DSL router, it may be that its "WAN-side" management interface is open and accepting connections. No matter what the cause, you should immediately attend to this open Telnet port.
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Hi bounty69sx,

    Can you tell us what your network setup looks like? I'm mainly wondering if you have a router, or router functionality in your ISP connection device?

    You see, it is odd to have FTP and Telnet open and responding, and be responding to pings if you have ZAP installed and running at High Security in the Firewall panel. Also, for FTP and Telnet to be open and responding "locally on your PC", to requests from the Internet, you would have had to give "server rights" in ZAP's Program Control, to the programs that are doing that. But, if you have a device further out towards the Internet (between your PC and its Internet connection), it may be that which is actually responsible for all this.
     
  3. bounty69sx

    bounty69sx Registered Member

    Joined:
    Jun 5, 2004
    Posts:
    46
    Location:
    Montana, USA
    Thanks for the quick reply LWM. Actually I have a DSL modem and a Dlink Router . I haven't checked the 2 hardwares yet. And I was gonna DL a freeware called Active ports. I read about it on the ZA forum. Any idea on this one. It mainly shows what programs uses the open ports.

    And another thing how can I make all ports stealth or closed if at all possible and still have the functionality of my comp.

    Also I do have ZAP running at High for the net and the settings are defaults from when i set it up. i have broadcast/multi checked for the high and block incoming netbios on the medium setting.

    What should i look at on my two hardwares? Thanks. :D
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi bounty69sx

    If the modem is just a modem it should not impact the scan results.

    The router is what will be seeing and dealing with the inbound scans first. The NAT functionality of the router should block unsolicited inbound packets unless anything has been forwarded through the router. Remote administration options may also open ports on a router if enabled. Check your router's configuration for any port forwarding and remote admin settings.

    As for the ICMP ping reply, most routers will have an option to enable/disable this.

    When you did the scan did anything show up in your ZA logs? In particular the FTP and Telnet ports? Any blocked inbounds in your ZA logs would be an indication of things passing/forwarded through the router.

    Acitive Ports and other port mappers will show what applications are using what ports/services on your PC and are handy utilities to have. As it is the router's WAN interface the scans (and the Internet) see, you will need to check it's configuration.

    You should be able to accomplish this with the right settings in your router.

    Regards,

    CrazyM
     
  5. bounty69sx

    bounty69sx Registered Member

    Joined:
    Jun 5, 2004
    Posts:
    46
    Location:
    Montana, USA
    Actually the modem has a firewall also. I never got around to tinkering with my modem when i bought the Dlink router. So I had no idea that i already have a firewall. I will tinker with it this time. Thanks.
     
Loading...
Thread Status:
Not open for further replies.