Which firewall for WIN XP Pro - Firewalls

This is a discussion on Which firewall for WIN XP Pro - Firewalls ; "Ansgar -59cobalt- Wiechers" wrote in message news:5aclniF2npdlvU1@mid.individual.net... > Randy Tingley wrote: >> "Ansgar -59cobalt- Wiechers" wrote: >>> Randy Tingley wrote: >>>> "Ansgar -59cobalt- Wiechers" wrote: >>>>> Which part exactly of 'netstat -anob's output do you fail to >>>>> understand? >>>> ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 34 of 34

Thread: Which firewall for WIN XP Pro

  1. Re: Which firewall for WIN XP Pro


    "Ansgar -59cobalt- Wiechers" wrote in message
    news:5aclniF2npdlvU1@mid.individual.net...
    > Randy Tingley wrote:
    >> "Ansgar -59cobalt- Wiechers" wrote:
    >>> Randy Tingley wrote:
    >>>> "Ansgar -59cobalt- Wiechers" wrote:
    >>>>> Which part exactly of 'netstat -anob's output do you fail to
    >>>>> understand?
    >>>>
    >>>> Under the PID the netstat -ano does not show anything running on ports
    >>>> 21, 25, 110, & 143? but when I have these scanned they show open?
    >>>>
    >>>> I am trying to locate the service, then turn it off to close these
    >>>> ports.
    >>>
    >>> Please post the exact command and output from your portscan. Also post
    >>> the output of the commands "ipconfig /all" and "netstat -anob". Maybe
    >>> with some actual data we'll be getting somewhere.

    >>
    >> Port Scan
    >> GRC Port Authority Report created on UTC: 2007-05-08 at 22:32:16Results
    >> from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
    >> 119, 135, 139, 143, 389, 443, 445, 1002,
    >> 1024-1030, 1720, 5000 4 Ports Open 1 Ports Closed 21 Ports
    >> Stealth--------------------- 26 Ports Tested Ports found to be OPEN
    >> were:
    >> 21, 25, 110, 143 The port found to be CLOSED was: 113 Other than what is
    >> listed above, all ports are STEALTH.

    >
    > http://grcsucks.com/
    >
    > I'd suggest using a real port scanner (like e.g. [1], if you can't run
    > something like nmap or scanline or portqry from outside your network).
    >
    >> C:\>netstat -anob

    > [...]
    >> TCP 192.168.1.100:139 0.0.0.0:0 LISTENING 4
    >> [System]

    >
    > Since your computer has a private IP address it is apparently behind
    > some router doing NAT. Meaning that the portscan you performed showed
    > open ports on that router, not on your local computer. What kind of
    > router do you use?
    >
    > [1] http://www.derkeiler.com/Service/PortScan/
    >
    > cu
    > 59cobalt
    > --
    > "If a software developer ever believes a rootkit is a necessary part of
    > their architecture they should go back and re-architect their solution."
    > --Mark Russinovich



    It a Linksys router/4 port switch.



  2. Re: Which firewall for WIN XP Pro

    Randy Tingley wrote:

    > "Ansgar -59cobalt- Wiechers" wrote in
    >> What kind of router do you use?


    > It a Linksys router/4 port switch.


    Who configured it or who can take a look at the configuration?
    Are there other machines behind that router?
    If yes, what kind of machines? Is one or more them running services like
    ftp, smtp, pop3 and imap?
    Are portforwardings configured on the router pointing to those machines?

    Sorry, but you really make helping you a bit complicated because one needs
    several questions before you provide the nessessary information about your
    setup.

    Wolfgang


  3. Re: Which firewall for WIN XP Pro

    Randy Tingley wrote:
    > It a Linksys router/4 port switch.


    Check the status page of the router. Connect to http://192.168.1.1/
    Click on the Status tab. The router should show you the IP address for
    its internet connection. Is that the same IP address you see on grc or
    pages like http://www.whatismyipaddress.com/ ?

    If it is not the same IP address grc does not even scan your router but
    something else unrelated with your LAN.

    Gerald

  4. Re: Which firewall for WIN XP Pro

    Randy Tingley wrote:
    > "Ansgar -59cobalt- Wiechers" wrote:
    >> Randy Tingley wrote:
    >>> C:\>netstat -anob

    >> [...]
    >>> TCP 192.168.1.100:139 0.0.0.0:0 LISTENING 4
    >>> [System]

    >>
    >> Since your computer has a private IP address it is apparently behind
    >> some router doing NAT. Meaning that the portscan you performed showed
    >> open ports on that router, not on your local computer. What kind of
    >> router do you use?
    >>
    >> [1] http://www.derkeiler.com/Service/PortScan/

    >
    > It a Linksys router/4 port switch.


    Oh, come on! Which model? Firmware revision? Have you checked its
    configuration? Is it running any services? If so: which? And why? Are
    any port-forwardings configured? If so: whereto? And why?

    Be verbose. As Wolfgang already said: it's really tiresome to have to
    wrest every single bit of information from you.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  5. Re: Which firewall for WIN XP Pro

    >
    > It a Linksys router/4 port switch.
    >


    Oh, you have a Linksys router. The test you're doing at GRC is worthless and
    bogus. The ports on the router are closed by default.

    The purpose of the router is to protect the Services on the NT based O/S.
    The services cannot be attacked, because the router is setting in front of
    it.

    It would only mean something if the computer was directly connected to the
    modem and therefore, directly connected to the Internet is when you would
    need to make sure services were disabled and protected, which would be the
    router is not setting between the modem and the computer.

    You didn't even have to remove Client for MS network or File and Print
    Sharing off of the NIC, because the computer is behind the router and is
    protected from the Internet.

    If the router is in its default configuration out of the box state else and
    you have not manually opened ports on the router, then by default, the ports
    are closed and everything behind the router is protected.

    Whatever else you're trying to do here with the computer is a moot point
    with that router in play.

    The only thing you should be concerned with is that the user-id and psw on
    the router are changed and are not the defaults everyone else knows about.

    And that you have enabled logging on the Linksys router so that you can use
    Wallwatcher to watch traffic to and from the router by possible dubious
    remote connections by the computers behind the router.

    The security link for the XP O/S that was posted to you where it talks about
    disabling certain user-id(s) along with other things in that link is where
    you need to concentrate on.

    http://sonic.net/wallwatcher/

    Think about this. The computer is setting behind the router, unsolicited
    inbound traffic that the router is stopping cannot reach the computer,
    therefore, the computer cannot react to traffic one way or the other in some
    kind of *stealth* tests.

    The computer is *stealthed* because it's behind the router.


  6. Re: Which firewall for WIN XP Pro


    "Gerald Vogt" wrote in message
    news:4641b062$0$15972$44c9b20d@news3.asahi-net.or.jp...
    > Randy Tingley wrote:
    >> It a Linksys router/4 port switch.

    >
    > Check the status page of the router. Connect to http://192.168.1.1/
    > Click on the Status tab. The router should show you the IP address for
    > its internet connection. Is that the same IP address you see on grc or
    > pages like http://www.whatismyipaddress.com/ ?
    >
    > If it is not the same IP address grc does not even scan your router but
    > something else unrelated with your LAN.
    >
    > Gerald


    This is correct!
    THe same ip address.



  7. Re: Which firewall for WIN XP Pro


    "Ansgar -59cobalt- Wiechers" wrote in message
    news:5adtnfF2mdubdU1@mid.individual.net...
    > Randy Tingley wrote:
    >> "Ansgar -59cobalt- Wiechers" wrote:
    >>> Randy Tingley wrote:
    >>>> C:\>netstat -anob
    >>> [...]
    >>>> TCP 192.168.1.100:139 0.0.0.0:0 LISTENING 4
    >>>> [System]
    >>>
    >>> Since your computer has a private IP address it is apparently behind
    >>> some router doing NAT. Meaning that the portscan you performed showed
    >>> open ports on that router, not on your local computer. What kind of
    >>> router do you use?
    >>>
    >>> [1] http://www.derkeiler.com/Service/PortScan/

    >>
    >> It a Linksys router/4 port switch.

    >
    > Oh, come on! Which model? Firmware revision? Have you checked its
    > configuration? Is it running any services? If so: which? And why? Are
    > any port-forwardings configured? If so: whereto? And why?
    >
    > Be verbose. As Wolfgang already said: it's really tiresome to have to
    > wrest every single bit of information from you.
    >
    > cu
    > 59cobalt
    > --
    > "If a software developer ever believes a rootkit is a necessary part of
    > their architecture they should go back and re-architect their solution."
    > --Mark Russinovich


    The router is:
    Linksys Cable/DSL Router 4port switch
    model# BEFSR41 V3
    Firmware V 1.05.00

    Std out of the box settings. This is the router that was on my win2K system
    until last week when i replaced it with a new Win XP Cpu unit. THis was
    secure until the new XP cpu.




  8. Re: Which firewall for WIN XP Pro

    Randy Tingley wrote:
    > This is correct!
    > THe same ip address.


    If it is the same IP address on the scans and on the status page of the
    router then your router has probably port forwardings configured for
    those open ports. Check the settings in the router if there are any.
    Also make sure to turn off UPnP support in the router. You don't want
    some software in your LAN open ports on the router automatically.

    You should verify the scans with other internet port scanners.

    Gerald

  9. Re: Which firewall for WIN XP Pro

    Randy Tingley wrote:
    > "Ansgar -59cobalt- Wiechers" wrote:
    >> Randy Tingley wrote:
    >>> It a Linksys router/4 port switch.

    >>
    >> Oh, come on! Which model? Firmware revision? Have you checked its
    >> configuration? Is it running any services? If so: which? And why? Are
    >> any port-forwardings configured? If so: whereto? And why?
    >>
    >> Be verbose. As Wolfgang already said: it's really tiresome to have to
    >> wrest every single bit of information from you.

    >
    > The router is:
    > Linksys Cable/DSL Router 4port switch
    > model# BEFSR41 V3
    > Firmware V 1.05.00


    Seems to be the latest Firmware. Good.

    > Std out of the box settings.


    *sigh*

    Look, "out of the box" can mean just about anything. Why don't you go
    and find out what the actual settings are and then answer my questions?
    Would that make things too easy for us?

    BTW: Have you cross-checked the results from grc.com with another port
    scanner (like the one I mentioned previously)? Does the router allow for
    configuration via UPnP?

    > This is the router that was on my win2K system until last week when i
    > replaced it with a new Win XP Cpu unit. THis was secure until the new
    > XP cpu.


    XP is an operating system, not a CPU.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  10. Re: Which firewall for WIN XP Pro

    On May 10, 10:13 am, Ansgar -59cobalt- Wiechers
    wrote:
    > BTW: Have you cross-checked the results from grc.com with another port
    > scanner (like the one I mentioned previously)? Does the router allow for
    > configuration via UPnP?


    http://www.grcsucks.com

    > XP is an operating system, not a CPU.


    and Steve Gibson is a moron...

    > cu
    > 59cobalt
    > --
    > "If a software developer ever believes a rootkit is a necessary part of
    > their architecture they should go back and re-architect their solution."
    > --Mark Russinovich- Hide quoted text -
    >
    > - Show quoted text -




  11. Re: Which firewall for WIN XP Pro

    RedForeman wrote:
    > On May 10, 10:13 am, Ansgar -59cobalt- Wiechers wrote:
    >> BTW: Have you cross-checked the results from grc.com with another
    >> port scanner (like the one I mentioned previously)? Does the router
    >> allow for configuration via UPnP?

    >
    > http://www.grcsucks.com
    >
    >> XP is an operating system, not a CPU.

    >
    > and Steve Gibson is a moron...


    This has already been mentioned by several people in this thread
    (including myself).

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  12. Re: Which firewall for WIN XP Pro


    "Ansgar -59cobalt- Wiechers" wrote in message
    news:5agnkaF2olli5U1@mid.individual.net...
    > Randy Tingley wrote:
    >> "Ansgar -59cobalt- Wiechers" wrote:
    >>> Randy Tingley wrote:
    >>>> It a Linksys router/4 port switch.
    >>>
    >>> Oh, come on! Which model? Firmware revision? Have you checked its
    >>> configuration? Is it running any services? If so: which? And why? Are
    >>> any port-forwardings configured? If so: whereto? And why?
    >>>
    >>> Be verbose. As Wolfgang already said: it's really tiresome to have to
    >>> wrest every single bit of information from you.

    >>
    >> The router is:
    >> Linksys Cable/DSL Router 4port switch
    >> model# BEFSR41 V3
    >> Firmware V 1.05.00

    >
    > Seems to be the latest Firmware. Good.
    >
    >> Std out of the box settings.

    >
    > *sigh*
    >
    > Look, "out of the box" can mean just about anything. Why don't you go
    > and find out what the actual settings are and then answer my questions?
    > Would that make things too easy for us?
    >
    > BTW: Have you cross-checked the results from grc.com with another port
    > scanner (like the one I mentioned previously)? Does the router allow for
    > configuration via UPnP?


    Disabled for the UPnp

    Yes, I did!
    Starting nmap 3.77 ( http://www.insecure.org/nmap/ ) at 2007-05-11 00:01
    CEST
    Initiating Connect() Scan against 65.170.232.173 [1663 ports] at 00:01
    Discovered open port 21/tcp on 65.170.232.173
    Discovered open port 25/tcp on 65.170.232.173
    Discovered open port 110/tcp on 65.170.232.173
    Discovered open port 143/tcp on 65.170.232.173
    The Connect() Scan took 48.60s to scan 1663 total ports.
    Host 65.170.232.173 appears to be up ... good.
    Interesting ports on 65.170.232.173:
    (The 1659 ports scanned but not shown below are in state: filtered)
    PORT STATE SERVICE
    21/tcp open ftp
    25/tcp open smtp
    110/tcp open pop3
    143/tcp open imap

    Nmap run completed -- 1 IP address (1 host up) scanned in 49.169 seconds



    >
    >> This is the router that was on my win2K system until last week when i
    >> replaced it with a new Win XP Cpu unit. THis was secure until the new
    >> XP cpu.

    >
    > XP is an operating system, not a CPU.


    Once again, you are correct!

    Hope this helps.


    >
    > cu
    > 59cobalt
    > --
    > "If a software developer ever believes a rootkit is a necessary part of
    > their architecture they should go back and re-architect their solution."
    > --Mark Russinovich




  13. Re: Which firewall for WIN XP Pro

    Randy Tingley wrote:
    > Starting nmap 3.77 ( http://www.insecure.org/nmap/ ) at 2007-05-11 00:01
    > CEST
    > Initiating Connect() Scan against 65.170.232.173 [1663 ports] at 00:01
    > Discovered open port 21/tcp on 65.170.232.173
    > Discovered open port 25/tcp on 65.170.232.173
    > Discovered open port 110/tcp on 65.170.232.173
    > Discovered open port 143/tcp on 65.170.232.173
    > The Connect() Scan took 48.60s to scan 1663 total ports.
    > Host 65.170.232.173 appears to be up ... good.
    > Interesting ports on 65.170.232.173:
    > (The 1659 ports scanned but not shown below are in state: filtered)
    > PORT STATE SERVICE
    > 21/tcp open ftp
    > 25/tcp open smtp
    > 110/tcp open pop3
    > 143/tcp open imap
    >
    > Nmap run completed -- 1 IP address (1 host up) scanned in 49.169 seconds


    So nmap reports them as open, too, and since I can connect to them
    there's definitely something listening there. Whatever it is doesn't
    seem to be a mail or FTP server, though.

    I'd suggest to check the router's configuration. Another thing you could
    try is resetting the router to defaults and then re-create your custom
    settings. Make sure you have all required data (credentials for your
    internet connection, etc.) at hand before doing this.

    If the ports ar still shown as open after that I'd check back with
    Linksys.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  14. Re: Which firewall for WIN XP Pro


    "Ansgar -59cobalt- Wiechers" wrote in message
    news:5ahofiF2o8s1aU1@mid.individual.net...
    > Randy Tingley wrote:
    >> Starting nmap 3.77 ( http://www.insecure.org/nmap/ ) at 2007-05-11 00:01
    >> CEST
    >> Initiating Connect() Scan against 65.170.232.173 [1663 ports] at 00:01
    >> Discovered open port 21/tcp on 65.170.232.173
    >> Discovered open port 25/tcp on 65.170.232.173
    >> Discovered open port 110/tcp on 65.170.232.173
    >> Discovered open port 143/tcp on 65.170.232.173
    >> The Connect() Scan took 48.60s to scan 1663 total ports.
    >> Host 65.170.232.173 appears to be up ... good.
    >> Interesting ports on 65.170.232.173:
    >> (The 1659 ports scanned but not shown below are in state: filtered)
    >> PORT STATE SERVICE
    >> 21/tcp open ftp
    >> 25/tcp open smtp
    >> 110/tcp open pop3
    >> 143/tcp open imap
    >>
    >> Nmap run completed -- 1 IP address (1 host up) scanned in 49.169 seconds

    >
    > So nmap reports them as open, too, and since I can connect to them
    > there's definitely something listening there. Whatever it is doesn't
    > seem to be a mail or FTP server, though.
    >
    > I'd suggest to check the router's configuration. Another thing you could
    > try is resetting the router to defaults and then re-create your custom
    > settings. Make sure you have all required data (credentials for your
    > internet connection, etc.) at hand before doing this.
    >
    > If the ports ar still shown as open after that I'd check back with
    > Linksys.
    >
    > cu
    > 59cobalt
    > --
    > "If a software developer ever believes a rootkit is a necessary part of
    > their architecture they should go back and re-architect their solution."
    > --Mark Russinovich


    Thank you!
    I will try this.



+ Reply to Thread
Page 2 of 2 FirstFirst 1 2