Issue with Port 0 & Port 1

Discussion in 'Other Ghost Security Software' started by Hermescomputers, Sep 29, 2006.

Thread Status:
Not open for further replies.
  1. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Hi,

    I have found that Ghostwall in Windows X64 is vulnerable to attack acording to GRC. Anyone with some input on this issue.
     

    Attached Files:

  2. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Also I modified the rules with the following and the test still fails...
     

    Attached Files:

  3. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Got the solution. My Rules where not written correctly.
    Correct config is as in Line one of the Rule editor in Ghostwall 1.150
    Perhaps this simple fix should be included in the default rule set in next release of Ghostwall...
     

    Attached Files:

  4. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    This is the Test after the fix is included in the Rule set as above
     

    Attached Files:

  5. turion

    turion Registered Member

    Joined:
    Apr 5, 2006
    Posts:
    58
    I tried the GRC tests too a while ago with the correct settings for blocking port 0 & 1 in Ghostwall but doesn't work. I'm using DSL (NAT) so perhaps the test results can't be trusted. By the way i noticed you passed the ping test but couldn't see you blocking icmp in the setting.
     
  6. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Turion you might try with the settings I put in there ... it works but only if you are probing the Ghostwall and not the DSL Router (Most Dsl modems are actually routers with a built in Firewall). Chances are that is what is being probed in your case. Maybe post the Model # and someone might be able to help configure it for you.

    As for the Ping passing it has to do with the rules, they made sense to me but still failed. The revised Rules blocked and cloaked the ports as well.
     
    Last edited: Sep 29, 2006
  7. turion

    turion Registered Member

    Joined:
    Apr 5, 2006
    Posts:
    58
  8. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    In the router menu under the 'Servicestab you have a firewall control as well as an IPFilter control access panel.
    The one of most Interest would be the one labled "IP Filters

    You should be able to find the required bits within those functions.
    Here is the User guide for Zyxel Prestige P-623-41
    http://www.zyxel.com/web/download_u...1941_20020913_1-3-P623-41_v1-3_UsersGuide.pdf
    The area of Interest begins at chapter 14.
     

    Attached Files:

    Last edited: Sep 29, 2006
  9. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    You need to go to IP Filters and Make changes to the rules
     

    Attached Files:

  10. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Then go to the "IP Filter Rule - ADD"
    and make the appropriate modifications... they should be self evident once you get there.

    I hope this proved helpfull...
     

    Attached Files:

  11. turion

    turion Registered Member

    Joined:
    Apr 5, 2006
    Posts:
    58
    Thanks for the info, you are right it does have a firewall/ip filter but i found out my model is P 623R-T and it doesn't have these two options. Even the configuration menu looks totally different from your screenshots with less options. I managed to find the option to block the icmp protocol.

    Anyway ports 0-1 are blocked on my pc side even though the online tests showed it's open or closed but not stealth.
     
  12. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    I was using the info included in the link you posted about your router. Sorry it turned out to be a different model...

    My guess is the router could be run in bridge mode then and you could use the Windows connect manager for PPOE (DSL) and thus test the Ghostwall directly by bypassing the security in the router. It may also provide you with better performance that way since it would offload many functions off the modem...

    Best of luck!
     
  13. turion

    turion Registered Member

    Joined:
    Apr 5, 2006
    Posts:
    58
    No bridge option as well, i think it's misleading on the site of Zyxel since they do mention the P 623 series have all these options and it turns out that my model from this serie excluded some extra features. Oh well at least i protect my pc with different security software so it doesn't matter. Thanks for the help anyway :)
     
  14. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?

    I bet a dollar to a donut that the design was made to cheap out on foreign market sales... Sorry for your bad luck Turion! :eek:
     
  15. turion

    turion Registered Member

    Joined:
    Apr 5, 2006
    Posts:
    58
    Yeah i guess you are right about that, but i didn't pay a cent for it since it was a special offer and was offered for free if i choose one of the internet connection of my current isp since i wasn't a customer yet back then.
     
  16. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Free.... ah...well then... cant argue with that!:thumb:
     
Thread Status:
Not open for further replies.