stealthed and open ports

Discussion in 'other firewalls' started by Rita, Aug 12, 2004.

Thread Status:
Not open for further replies.
  1. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hi everyone
    i just done a scan at shields up.all my ports are stealthed except one--1056 ports were tested all were stealth but 1.passed ping echo--what failed was solicated tcp packets.unsolicated packets passed.would someone tell me what these results mean?how do i close the one open port?i dont understand much about these results.i assume their bad because of the one open port?
    thanks
    Rita
     
  2. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    You likely have netbios, UPnP, SSDP, or some other services enabled that will contact any site you visit through IE advertising their services.

    Make sure your firewall doesn't allow netbios communications outbound past your network, tcp/udp 137-139, and 445 if your running NT. If your running NT, disable and disable SSDP, and Univeral Plug n Pray after running the 'services.msc' command.

    If you go into the folder options from the control panel there might be an option to look for network printers, and shares automatically. If you see it, make sure you disable it.
     
  3. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    A handy utility for disabling NetBIOS, UPnP and other unneeded services is GKWeb's WWDC.
     
  4. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Thanks for the tip Paranoid2000, 3 ports were still open on my box.

    Excellent tip.

    cheers,
    Martin
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Rita

    Your result for port 1056, was it open or closed?

    When you get a result like this try and determine which application or service may have been using the port in question at the time of the scan. You can do this with a netstat -ano at the command prompt in XP or using a port mapper.

    Once you determine which application or service, you should then check your firewall rules for that app/service and make sure they are not allowing anything in. Failing that you will need to double check your other rules. Unless you are running any servers, your rules should be for outbound connections only.

    Regards,

    CrazyM
     
  6. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    good morning CrazyM
    port 1056 was closed.the only open port was 443
    rita
     
  7. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    When i applied the WWDC, my firewall (Kerio) couldn't attach its driver to TCP, so it says.

    My open ports were DCOM(135), RPC Locator(445), NETBIOS(137,138,139)
    So when i closed them, Kerio came up with this warning and no internet activity was available until i opened them again.

    Any suggestions??

    Thanks,
    Martin
     
  8. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Do you have anything holding that port open?
    Do your fireall rules allow for inbound traffic to that port/service?
    Anything else in play here, router? ISP blocking that you are aware of?

    Regards,

    CrazyM
     
  9. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    You have to be careful when disabling services. It is always best to check what other system components depend on it/them first. Some you just cannot disable without impacting/crippling functionality, particularly in NT systems. That is why having a firewall is so important. A properly configured firewall will protect those listening ports being held open by services that cannot be disabled.

    Regards,

    CrazyM
     
  10. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    If you would have scrolled down the page where you downloaded this program before asking you would have seen that this has already been documented, and there was a link to their FAQ where a fix was already available. Take note of the source :cool:
    FAQ
     
  11. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Thanks BlitzenZeus for the tip, must have had my eyes closed for a few seconds.

    cheers,
    Martin
     
  12. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    And my thanks to CrazyM

    regards,
    Martin
     
  13. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hi CrazyM
    i'm sorry i know absolutely nothing about firewalls or how their set up :oops: i have been reading any and all info on them i can--trying to learn.so i cant answer your question because i dont know about routers etc.i know its got to be nearly impossible to help me because i dont know anything about what your asking,all i know i just got the firewall not long ago and if i receive an alert i dont know what it means.I havent done any thing as far as settings to the firewall--i just downloaded it.thanks so much for your time and effort in trying to help
    rita
     
  14. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Strange, that port is used for https (ssl protocol) access, it's the port used on a secure webserver... You don't run a webserver on your system, do you?
     
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,764
    Location:
    Texas

    Rita,

    You can read here to get a general idea of the terminology used for firewalls.


    http://computer.howstuffworks.com/firewall.htm
     
  16. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hi Meneer
    no i do'nt run a webserver on my system.i looked up port 443 and read its used for https.have a good day
    rita
     
  17. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hi Ron
    i'm going to go read the stuff on your link now and try to learn something :)

    Rita
     
  18. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    An open port ususally means that some software is running and listening foor incoming connections. 443 could mean dat one could surf to your pc with a browser and depending on the running software, anything could happen.

    Get a version of DiamondCS Port Explorer (links are here at Wilders) to check the processes behind open ports on your system.
     
  19. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hi meneer
    ok ill get a v ersion of port explorer and run it and i'll post back and tell you if i find out anything.
    thanks
    rita
     
  20. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    i downloaded a version of port explorer and run it but dont understand the results even though i read the help files--its so frustrating--i just dont understand well enough to make heads or tails of it :oops: if i ever do ill post back
    rita
     
  21. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi ritaann,

    Don't worry, you will understand it sooner or later. :)
    This article helped me alot with the analogy for the basic concepts.
     
  22. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hello devinco
    thanks for the link i went there and read everything there and i think i'm understanding a tad better.i will keep studying and maybe i will come to understand more all the time.i wont give up
    thanks
    rita
     
  23. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    When you have an application or service running on your system that is holding a port open for connections (listening), the port will be listed under local port.

    I have attached an image from PE highlighting syslogd_service.exe acting as a server and listening on UDP local port 514 (also shows it connected to remote IP 10.10.10.1, which is a router).

    In regards to your open port 443 and using Port Explorer:
    Under the local port column do you see 443? If so, what is the Process?

    Regards,

    CrazyM
     

    Attached Files:

  24. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    good morning CrazyM
    here is everything about port 443.process--747007 tcp--local address-0.0.0.0
    status-listening process--aoltpspd.exe
    thanks
    rita
     
  25. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Hello ritaann,

    The "aoltpspd.exe" which is holding your port 443 open for listening belongs to a program called "AOL", which is an "instant messaging" program.

    Do you know that program?
    Are you aware that this program is running in the background??

    If you don't use it you can remove the program.

    Let us know oké.

    regards,
    Martin
     
Loading...
Thread Status:
Not open for further replies.