port security
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
port security
I recently ran Gibson Research "Shields up" program to check the status of my ports and was surprised to see that two ports were no longer in Stealth mode but were Closed but responding to requests to open. Prior to this all ports were "Stealth" but now ports 20 & 21 are responding.
Port 20 shows it is FTP-Data file transfer protocol-Default data channel.
Port 21 shows it is FTP file transfer protocol-Control channel.
Also it shows that my location is responding to ping requests.
All of this is new and did not show up in the last tests which were some weeks ago, I think.
My questions are:
How to close these ports and how to identify what opened them in the first place?
I am running Malwarebytes as we "speak."
Port 20 shows it is FTP-Data file transfer protocol-Default data channel.
Port 21 shows it is FTP file transfer protocol-Control channel.
Also it shows that my location is responding to ping requests.
All of this is new and did not show up in the last tests which were some weeks ago, I think.
My questions are:
How to close these ports and how to identify what opened them in the first place?
I am running Malwarebytes as we "speak."
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- SilverLounger
- Posts: 2079
- Joined: 25 Jan 2010, 02:12
Re: port security
What firewall are you running?
Have you allowed anything new through the firewall recently?
You can use Sysinternal's TCPview or Nirsoft's CurrPorts to monitor port usage. Both are free.
Joe
Have you allowed anything new through the firewall recently?
You can use Sysinternal's TCPview or Nirsoft's CurrPorts to monitor port usage. Both are free.
Joe
Joe
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: port security
Joe,
Running the Win 7 firewall with default settings.
Not about anything NEW, that I can recall? ( but who knows? )
Still running Malwarebytes but it said I was running an "outdated" version of vbalsgrid6.ocx which I just OKd and it started to run????
Will check out those progs as soon as I can.
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- SilverLounger
- Posts: 2079
- Joined: 25 Jan 2010, 02:12
Re: port security
With default settings the Windows firewall does not block outbound traffic. So, if you have installed some drive-by bad guy that is phoning home that is OK by default.
Are you running through a router? You should be able to close the ports at the router.
Joe
Are you running through a router? You should be able to close the ports at the router.
Joe
Joe
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: port security
Will have to check how to block outbound traffic.JoeP wrote:With default settings the Windows firewall does not block outbound traffic. So, if you have installed some drive-by bad guy that is phoning home that is OK by default.
Are you running through a router? You should be able to close the ports at the router.
Joe
Only running a Verizon DSL router with built in NAT router.
Malwarebytes ran OK, no hits. That .ocx thing seems to have disappeared? Now running AV.
DL those two progs you suggested but yet to run them.
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- SilverLounger
- Posts: 2079
- Joined: 25 Jan 2010, 02:12
Re: port security
The builtin interface to control outbound traffic with the Windows firewall is less than user friendly. Check out another free tool - Windows Firewall Control.
Joe
Joe
Joe
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: port security
You can say that again, Joe.JoeP wrote:The builtin interface to control outbound traffic with the Windows firewall is less than user friendly. Check out another free tool - Windows Firewall Control.
Joe
Thanks for the other link. Will DL and try to get at this later on today.
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: port security
I tried all three of those tools. None seemed to identify Ports 20 and 21 as being used by any program.
I was able to go into the Windows Firewall advanced settings and use the wizard to block the two ports both incoming and outgoing. At least i was able to see and accomplish the individual port settings easily enough.
However, Gibson still shows those two as responding and also my system was responding to Ping requests.
The setting shown for incoming are the same as for outgoing and are from the Windows Firewall configuration settings.
I was able to go into the Windows Firewall advanced settings and use the wizard to block the two ports both incoming and outgoing. At least i was able to see and accomplish the individual port settings easily enough.
However, Gibson still shows those two as responding and also my system was responding to Ping requests.
The setting shown for incoming are the same as for outgoing and are from the Windows Firewall configuration settings.
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- Administrator
- Posts: 12650
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: port security
If there is a router between your PC and the Internet then it is very likely that it is the router that is responding to these requests. No changes you make to firewall configurations on your PC will affect this.
StuartR
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: port security
AS mentioned before. all I have is the Verizon DSL modem\NAT router which I have had for years. Shields Up never showed anything but "stealth" for all ports, until suddenly, there it is with 20 & 21 responding, but not open. Gibson did mention that separate routers could affect the tests but never this one. ( up until now ) Something made the change and that's what I'm trying to find out.StuartR wrote:If there is a router between your PC and the Internet then it is very likely that it is the router that is responding to these requests. No changes you make to firewall configurations on your PC will affect this.
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: port security
Moving along here. I uninstalled Windows 7 firewall and installed Zone Alarm free. This just to start eliminating some of the possibilities. Did the port check and it was exactly the same as with Win 7 firewall. So much for that idea. Put Win7 back in place after uninstalling ZA.
Now with much regret, I started a chat with a Verizon "tech' in New Delhi. This was a complete waste of time. I don't think I ever had to deal with total incompetence like this before. She\He didn't have a clue as to what I even describing to them. They tried a remote session and I watched as they moused around and were lost in space.
I asked for a link to download a manual for the Westell 6100G modem\router. Couldn't even do that. Finally they gave up and gave me a number to call for "advanced support." Haven't got up the courage to do that yet.
I suppose all this proved was that the firewall is not the culprit. The modem\router is the more likely one.
Now with much regret, I started a chat with a Verizon "tech' in New Delhi. This was a complete waste of time. I don't think I ever had to deal with total incompetence like this before. She\He didn't have a clue as to what I even describing to them. They tried a remote session and I watched as they moused around and were lost in space.
I asked for a link to download a manual for the Westell 6100G modem\router. Couldn't even do that. Finally they gave up and gave me a number to call for "advanced support." Haven't got up the courage to do that yet.
I suppose all this proved was that the firewall is not the culprit. The modem\router is the more likely one.
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- Administrator
- Posts: 12650
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: port security
The modem/router is definitely the culprit here. I wonder if the ISP has intentionally configured it to accept ftp transfers so that they can upload new images or configuration files.viking33 wrote:...
I suppose all this proved was that the firewall is not the culprit. The modem\router is the more likely one.
StuartR
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: port security
That's very possible, Stuart.StuartR wrote:The modem/router is definitely the culprit here. I wonder if the ISP has intentionally configured it to accept ftp transfers so that they can upload new images or configuration files.viking33 wrote:...
I suppose all this proved was that the firewall is not the culprit. The modem\router is the more likely one.
Now if I could only get them to admit and acknowledge that, then advise how I could close those ports! Using the "tech support" like I had yesterday, and getting a true answer, would be the impossible dream.
Even checking with Westell drew a blank, where they said the 6100G modem /router was made specifically for Verizon and I would have to contact Verizon for any help. Catch 22?
Maybe tomorrow I'll pour a pitcher of martinis and call the advanced tech support.
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- SilverLounger
- Posts: 2079
- Joined: 25 Jan 2010, 02:12
Re: port security
Can you access the router configuration pages? Often that is http://192.168.0.1" onclick="window.open(this.href);return false; or http://192.168.1.1" onclick="window.open(this.href);return false;.
Joe
Joe
Joe
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: port security
Yes, I can as always, using the latter address. The GUI has changed to a newer one and I have not been able to find or go the correct location regarding blocking or enabling ports.JoeP wrote:Can you access the router configuration pages? Often that is http://192.168.0.1" onclick="window.open(this.href);return false; or http://192.168.1.1" onclick="window.open(this.href);return false;.
Joe
Somewhere along the way Verizon has slipped in a new version that is uniquely theirs and not Westell. Hence my request for a manual for the model 6100G.
You would think I was asking for the design plans for the new stealth bomber or something!
Do I have to file for a freedom of information act to Congress?
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- Administrator
- Posts: 12650
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: port security
This would certainly explain why they need the ftp port to be usable.viking33 wrote:...
Somewhere along the way Verizon has slipped in a new version that is uniquely theirs and not Westell...
StuartR
-
- 5StarLounger
- Posts: 1120
- Joined: 26 Jan 2010, 11:32
- Location: "What a mighty long bridge to such a mighty little old town"
Re: port security
This post here suggests downloading the manual for the 327 from Verizon's site here. The firmware's the same (they say).
But YMMV (as always)
But YMMV (as always)
John
“Always trust a microbiologist because they have the best chance of predicting when the world will end”
― Teddie O. Rahube
“Always trust a microbiologist because they have the best chance of predicting when the world will end”
― Teddie O. Rahube
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: port security
Might be worth a shot, Jon. Thanks.
Some progress to report. Using Jon's link to that 327 modem/router, It at least gave me what appears to be the same info that Verizon has with the 6100G.
Buried in the bowels of the advanced settings was IPSEC-ALG and UPNP,
which I disabled.
This gave me a clear green board at Gibson with ALL ports "stealth!"
Now all that is shown as "failing" is that I am responding to ICMP Echo which is NOT supposed to be a good thing.
-----------------------------------
Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.
---------------------------
Now to try to find out how to fix this?
( I have no clue as to where and how these changes occurred )
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: port security
I'll consider this thread closed and solved.
Opening a new thread regarding the Ping Request replying to incoming pings.
Opening a new thread regarding the Ping Request replying to incoming pings.
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.