NORTON INTERNET SECURITY 2004 PORT STEALTHING

Discussion in 'other firewalls' started by waynezo, Aug 18, 2004.

Thread Status:
Not open for further replies.
  1. waynezo

    waynezo Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    4
    I just upgraded from NIS 2003 to NIS 2004. Now when I run GRC shields up it tells me port 1031 or 1032 is closed but not stealthed. How can I get it to stealth this port? all other ports are stealthed.
    Any advice will be greatly appreciated.
     
  2. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    Hello there and welcome to wilder my friend.
    You could try this gem of a programme port explorer from diamond cs and see exactly what processes are running on the closed ports u mentioned and here is some info and the link to download a trial of port explorer.

    port explorer link-http://www.diamondcs.com.au/portexplorer/downloads/pedemosetup.exe

    Port Explorer allows you to see all the open ports on your system and what programs own them (called Port to Process mapping). Along with this ability it also has many tools including a packet sniffer, bandwidth throttling and country detection to name just a few. Port Explorer has an intuitive GUI that allows you to quickly see all the network activity your computer is involved in, and thanks to its ease of use is allowing people everywhere to do advanced network activities.

    Once u have downloaded this programme u can then see exactly what processes are using both these port and we will then take it from there.
    Please post back with some info or if u need help.


    THE MUL
     
  3. waynezo

    waynezo Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    4
    port explorer shows propelac.exe (my dialup acceleration ap) on port 1031
     
  4. waynezo

    waynezo Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    4
    I finally got a true stealth rating by turning on xp home's built in firewall. When I run shields up I don't get any alert that my computer is being probed even though I have NIS 2004 configured to alert me and autoblock turned off. NIS 2003 always gave me alerts when I ran shields up. If I uninstall and reinstal will I have to reactivate NIS 2004.

    This version seems to have taken a step backward.

    Can I run zone alarm freeware also or will it conflict with norton.
     
  5. RadicalEdward

    RadicalEdward Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    64
    That's a big no no. You never want to run two firewalls at once or two real time virus scanners. It will cause your computer to throw up the blue screen of death and then make it crash. I strongly advise not doing it.
     
  6. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well this certanly doesn't apply to ICF (WinXP Firewall).
     
  7. RadicalEdward

    RadicalEdward Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    64
    Oh yeah....forgot about that one. I guess you can get away with running that one with another firewall.
     
  8. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    What rules do you have in place for propelac.exe?
    You can also view what applications are using what ports in NIS via View Statistics -> Network Connections.

    Regards,

    CrazyM
     
  9. waynezo

    waynezo Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    4
    The program rule for propel accelerator is permit all.

    I have uninstalled and reinstalled nis 2004, but I still only get a true stealth rating by running xp's firewall too. I have heard Xp's firewall is the best at stealthing incoming attacks since it is part of OS. I have also heard running both firewalls wastes resources. I would like to hear opinions on this. I used to get true stealth rating running NIS 2003 by itself, now when I run nis 2004 by itself I get a port or two closed not stealthed in the 1024-1055 range usually port 1031. Does anyone know a fix or had this problem ? Also has anyone tried NIS 2004 with SP2?
     
  10. xmp

    xmp Guest

    i would try shutting everything down except the firewall and trying again. some ISPs block certain ports which may result in a closed port instead of filtered. this is because the ISP's firewall, router, or IPS is conforming to RFC standards.
     
  11. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Does propel accelerator require a permit all rule? (this would also allow incoming)

    Regards,

    CrazyM
     
  12. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    This is the result of permit all inbound rules, and the way that the software firewall handles the traffic. It might be only listening on the localhost, but the software firewall sees it listening like a server so that rule that allowed all traffic inbound, even allowed it into the port it sees listening on your localhost, which the operating system replies with a closed repsonse.

    This is merely a firewall configuration issue which is common is most software firewalls, and sometimes not avoided in certain firewalls.

    The XP firewall is more like a router which operate on stateful inspection of outbound traffic to allow their responses inbound, but you can configure for exceptions. Even in the new XP SP2 firewall you can add an application, however the problem still exists, if you allow a program to act like a server through the exceptions, everything the program is listening on is let in.
     
Loading...
Thread Status:
Not open for further replies.