Which firewall for WIN XP Pro - Firewalls

This is a discussion on Which firewall for WIN XP Pro - Firewalls ; I am trying to decide which firewall is best for a single user Win XP pro. I have tried Outpost in the past, but with the XP ports 21, 25, 110, 143 show open. Can someone comment on which one ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 34

Thread: Which firewall for WIN XP Pro

  1. Which firewall for WIN XP Pro

    I am trying to decide which firewall is best for a single user Win XP pro.
    I have tried Outpost in the past, but with the XP ports 21, 25, 110, 143
    show open.

    Can someone comment on which one to try, before I buy, that will close these
    ports or at least stealth them?

    THanks,
    Randy

    --


    ************************************************** ********************
    Randy Tingley "Life is an Adventure,
    Mary Tingley not an ulcer giving experience"
    rtingley@nep.net
    ************************************************** ********************



  2. Re: Which firewall for WIN XP Pro

    Randy Tingley wrote:

    > I am trying to decide which firewall is best for a single user Win XP pro.
    > I have tried Outpost in the past, but with the XP ports 21, 25, 110, 143
    > show open.


    So you run servers on the well known ports for ftp, smtp, pop3 and imap.

    > Can someone comment on which one to try, before I buy, that will close
    > these ports


    Stop running the above servers.

    > or at least stealth them?


    steath is technical nonsense.

    Wolfgang

  3. Re: Which firewall for WIN XP Pro


    "Randy Tingley" wrote in message
    news:133n4dhibjrsc2c@corp.supernews.com...
    >I am trying to decide which firewall is best for a single user Win XP pro.
    > I have tried Outpost in the past, but with the XP ports 21, 25, 110, 143
    > show open.
    >
    > Can someone comment on which one to try, before I buy, that will close
    > these ports or at least stealth them?
    >


    It's obvious you went to the Gibson site and have done some testing. Stealth
    is nonsense. The more important thing is that the port is closed.

    However, I am most likely going to get hammered for this, because I have
    been against the XP FW for only one reason, which is it allows some
    applications to punch holes in the FW when said application is installed, I
    was against it. But as long as you know this, then you can disable those
    exceptions.

    I now say use the XP FW. I say this, because I am now using the equivalent
    of the FW that's on Vista Ultimate. The FW on Vista is doing its job of
    protecting the machine from unsolicited inbound traffic from reaching the
    machine. It has passed all FW tests I have tried even Gibson's site and the
    stupid stealth test.

    However, I do supplement the FW on Vista like I was doing before when I was
    running BlackIce on the XP Pro machine. The FW on Vista is being
    supplemented by IPsec and I am using the AnalogX rules that have been
    applied for IPsec on Vista.

    I am not concerned about inbound traffic which I can set rules with IPsec to
    stop inbound traffic by port, protocol, or IP. What I will use IPsec for if
    need be is to stop outbound traffic by port, protocol, or IP.

    The AnalogX rules are set to protect the services, like NNTP, HTTP, SMTP,
    etc etc where you will have to enable the client side of the rules to allow
    traffic. You have no need to allow the server side, unless you have a
    service you want to expose to the Internet, which for the average Joe Blow
    home user, he or she will not enable those rules.

    You can learn from the AnalogX rules and make your own rules if need be or
    change existing ones, like I had to change the SMTP port to 587 from 25,
    because the ISP uses 587.

    http://www.petri.co.il/block_ping_tr...with_ipsec.htm
    http://www.analogx.com/CONTENTS/articles/ipsec.htm
    http://www.microsoft.com/technet/com...mt/sm0105.mspx
    http://support.microsoft.com/kb/813878

    Enable the XP FW, be aware of any rules that will be set for the FW if
    installing software, enable the XP FW log, and enable IPsec log, if you want
    and use the AnalogX rules.

    You should secure the XP O/S to attack as much as possible, which I have
    applied some of it to Vista as much as I can, like the Everyone account
    being removed, etc, etc.

    http://labmice.techtarget.com/articl...ychecklist.htm

    They need something for Vista.

    I need to find out how to disable the application control in Vista, that's
    driving me crazy with asking a lot of questions. I'll get around to doing
    that, eventually.







  4. Re: Which firewall for WIN XP Pro

    Actually i am not running any servers. I just upgraded to XP pro after 5
    years with win 2K and I am trying to locate what XP is running on these
    ports. Then maybe I can turn off the services.

    Randy


    "Wolfgang Kueter" wrote in message
    news:f1g3t5$uj7$1@news.shlink.de...
    > Randy Tingley wrote:
    >
    >> I am trying to decide which firewall is best for a single user Win XP
    >> pro.
    >> I have tried Outpost in the past, but with the XP ports 21, 25, 110, 143
    >> show open.

    >
    > So you run servers on the well known ports for ftp, smtp, pop3 and imap.
    >
    >> Can someone comment on which one to try, before I buy, that will close
    >> these ports

    >
    > Stop running the above servers.
    >
    >> or at least stealth them?

    >
    > steath is technical nonsense.
    >
    > Wolfgang




  5. Re: Which firewall for WIN XP Pro


    "Mr. Arnold" Arnold@Arnold.com> wrote in message
    news:LHP_h.11732$3P3.8420@newsread3.news.pas.earth link.net...
    >
    > "Randy Tingley" wrote in message
    > news:133n4dhibjrsc2c@corp.supernews.com...
    >>I am trying to decide which firewall is best for a single user Win XP pro.
    >> I have tried Outpost in the past, but with the XP ports 21, 25, 110, 143
    >> show open.
    >>
    >> Can someone comment on which one to try, before I buy, that will close
    >> these ports or at least stealth them?
    >>

    >
    > It's obvious you went to the Gibson site and have done some testing.
    > Stealth is nonsense. The more important thing is that the port is closed.
    >
    > However, I am most likely going to get hammered for this, because I have
    > been against the XP FW for only one reason, which is it allows some
    > applications to punch holes in the FW when said application is installed,
    > I was against it. But as long as you know this, then you can disable those
    > exceptions.
    >
    > I now say use the XP FW. I say this, because I am now using the equivalent
    > of the FW that's on Vista Ultimate. The FW on Vista is doing its job of
    > protecting the machine from unsolicited inbound traffic from reaching the
    > machine. It has passed all FW tests I have tried even Gibson's site and
    > the stupid stealth test.
    >
    > However, I do supplement the FW on Vista like I was doing before when I
    > was running BlackIce on the XP Pro machine. The FW on Vista is being
    > supplemented by IPsec and I am using the AnalogX rules that have been
    > applied for IPsec on Vista.
    >
    > I am not concerned about inbound traffic which I can set rules with IPsec
    > to stop inbound traffic by port, protocol, or IP. What I will use IPsec
    > for if need be is to stop outbound traffic by port, protocol, or IP.
    >
    > The AnalogX rules are set to protect the services, like NNTP, HTTP, SMTP,
    > etc etc where you will have to enable the client side of the rules to
    > allow traffic. You have no need to allow the server side, unless you have
    > a service you want to expose to the Internet, which for the average Joe
    > Blow home user, he or she will not enable those rules.
    >
    > You can learn from the AnalogX rules and make your own rules if need be or
    > change existing ones, like I had to change the SMTP port to 587 from 25,
    > because the ISP uses 587.
    >
    > http://www.petri.co.il/block_ping_tr...with_ipsec.htm
    > http://www.analogx.com/CONTENTS/articles/ipsec.htm
    > http://www.microsoft.com/technet/com...mt/sm0105.mspx
    > http://support.microsoft.com/kb/813878
    >
    > Enable the XP FW, be aware of any rules that will be set for the FW if
    > installing software, enable the XP FW log, and enable IPsec log, if you
    > want and use the AnalogX rules.
    >
    > You should secure the XP O/S to attack as much as possible, which I have
    > applied some of it to Vista as much as I can, like the Everyone account
    > being removed, etc, etc.
    >
    > http://labmice.techtarget.com/articl...ychecklist.htm
    >
    > They need something for Vista.
    >
    > I need to find out how to disable the application control in Vista, that's
    > driving me crazy with asking a lot of questions. I'll get around to doing
    > that, eventually.
    >

    This is good to know that the XP FW is acceptable. Also thanks for the
    links, I will read up on closing 21, 25, 110, 143.
    Randy



  6. Re: Which firewall for WIN XP Pro

    Mr. Arnold wrote:


    > However, I am most likely going to get hammered for this, because I have
    > been against the XP FW for only one reason, which is it allows some
    > applications to punch holes in the FW when said application is installed, I
    > was against it.



    That's only possible with admin rights. And then it's no different from any
    other packet filter - any application running with admin credentials can do
    whatever it wants.

  7. Re: Which firewall for WIN XP Pro

    Randy Tingley wrote:
    > "Wolfgang Kueter" wrote:
    >> Randy Tingley wrote:
    >>> I am trying to decide which firewall is best for a single user Win
    >>> XP pro. I have tried Outpost in the past, but with the XP ports 21,
    >>> 25, 110, 143 show open.

    >>
    >> So you run servers on the well known ports for ftp, smtp, pop3 and
    >> imap.
    >>
    >>> Can someone comment on which one to try, before I buy, that will
    >>> close these ports

    >>
    >> Stop running the above servers.
    >>
    >>> or at least stealth them?

    >>
    >> steath is technical nonsense.

    >
    > Actually i am not running any servers.


    Actually, since those ports are open, you *are* running servers there.

    > I just upgraded to XP pro after 5 years with win 2K and I am trying to
    > locate what XP is running on these ports.


    netstat -anob

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  8. Re: Which firewall for WIN XP Pro

    I have looked down the list of services running, but can id the correct
    service to turn it off.

    Randy



    "Ansgar -59cobalt- Wiechers" wrote in message
    news:5a8oi4F2n7upbU1@mid.individual.net...
    > Randy Tingley wrote:
    >> "Wolfgang Kueter" wrote:
    >>> Randy Tingley wrote:
    >>>> I am trying to decide which firewall is best for a single user Win
    >>>> XP pro. I have tried Outpost in the past, but with the XP ports 21,
    >>>> 25, 110, 143 show open.
    >>>
    >>> So you run servers on the well known ports for ftp, smtp, pop3 and
    >>> imap.
    >>>
    >>>> Can someone comment on which one to try, before I buy, that will
    >>>> close these ports
    >>>
    >>> Stop running the above servers.
    >>>
    >>>> or at least stealth them?
    >>>
    >>> steath is technical nonsense.

    >>
    >> Actually i am not running any servers.

    >
    > Actually, since those ports are open, you *are* running servers there.
    >
    >> I just upgraded to XP pro after 5 years with win 2K and I am trying to
    >> locate what XP is running on these ports.

    >
    > netstat -anob
    >
    > cu
    > 59cobalt
    > --
    > "If a software developer ever believes a rootkit is a necessary part of
    > their architecture they should go back and re-architect their solution."
    > --Mark Russinovich




  9. Re: Which firewall for WIN XP Pro


    "Randy Tingley" wrote in message
    news:133v2l75c79ltee@corp.supernews.com...
    >I have looked down the list of services running, but can id the correct
    >service to turn it off.
    >
    > Randy
    >


    If you have applied SP 2 to XP, then they have done some of it for you.

    But here is a list of services that you can look into disabling.

    http://www.beemerworld.com/tips/servicesxp.htm

    If the computer has a direct connection to the modem, and therefore, a
    direct connection to the Internet, then disable Client for MS networks and
    File and Print Sharing for MS networks off of the network card or dial-up
    connection.

    The machine has no business being in any kind of networking with a direct
    connection to the Internet.



  10. Re: Which firewall for WIN XP Pro

    On May 5, 1:04 am, "Randy Tingley" wrote:
    > I am trying to decide which firewall is best for a single user Win XP pro.
    > I have tried Outpost in the past, but with the XP ports 21, 25, 110, 143
    > show open.
    >
    > Can someone comment on which one to try, before I buy, that will close these
    > ports or at least stealth them?
    >
    > THanks,
    > Randy
    >
    > --
    >
    > ************************************************** ********************
    > Randy Tingley "Life is an Adventure,
    > Mary Tingley not an ulcer giving experience"
    > rting...@nep.net
    > ************************************************** ********************


    well randy why dont u try windows firewall for single use .........i
    am using it since long and i think its gud...


  11. Re: Which firewall for WIN XP Pro

    Randy Tingley wrote:
    > "Ansgar -59cobalt- Wiechers" wrote:
    >> Randy Tingley wrote:
    >>> Actually i am not running any servers.

    >>
    >> Actually, since those ports are open, you *are* running servers
    >> there.
    >>
    >>> I just upgraded to XP pro after 5 years with win 2K and I am trying
    >>> to locate what XP is running on these ports.

    >>
    >> netstat -anob

    >
    > I have looked down the list of services running, but can id the
    > correct service to turn it off.


    Which part exactly of 'netstat -anob's output do you fail to understand?

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  12. Re: Which firewall for WIN XP Pro


    "Mr. Arnold" Arnold@Arnold.com> wrote in message
    news:J6M%h.4530$296.1054@newsread4.news.pas.earthl ink.net...
    >
    > "Randy Tingley" wrote in message
    > news:133v2l75c79ltee@corp.supernews.com...
    >>I have looked down the list of services running, but can id the correct
    >>service to turn it off.
    >>
    >> Randy
    >>

    >
    > If you have applied SP 2 to XP, then they have done some of it for you.
    >
    > But here is a list of services that you can look into disabling.
    >
    > http://www.beemerworld.com/tips/servicesxp.htm
    >
    > If the computer has a direct connection to the modem, and therefore, a
    > direct connection to the Internet, then disable Client for MS networks and
    > File and Print Sharing for MS networks off of the network card or dial-up
    > connection.
    >
    > The machine has no business being in any kind of networking with a direct
    > connection to the Internet.
    >

    Mr. Arnold,
    THank you! I diabled both at the connection level.
    Randy



  13. Re: Which firewall for WIN XP Pro


    "Randy Tingley" wrote in message
    news:1341m75h485777f@corp.supernews.com...
    >
    > "Mr. Arnold" Arnold@Arnold.com> wrote in message
    > news:J6M%h.4530$296.1054@newsread4.news.pas.earthl ink.net...
    >>
    >> "Randy Tingley" wrote in message
    >> news:133v2l75c79ltee@corp.supernews.com...
    >>>I have looked down the list of services running, but can id the correct
    >>>service to turn it off.
    >>>
    >>> Randy
    >>>

    >>
    >> If you have applied SP 2 to XP, then they have done some of it for you.
    >>
    >> But here is a list of services that you can look into disabling.
    >>
    >> http://www.beemerworld.com/tips/servicesxp.htm
    >>
    >> If the computer has a direct connection to the modem, and therefore, a
    >> direct connection to the Internet, then disable Client for MS networks
    >> and File and Print Sharing for MS networks off of the network card or
    >> dial-up connection.
    >>
    >> The machine has no business being in any kind of networking with a direct
    >> connection to the Internet.
    >>

    > Mr. Arnold,
    > THank you! I diabled both at the connection level.
    > Randy


    You are welcomed.



  14. Re: Which firewall for WIN XP Pro


    "Ansgar -59cobalt- Wiechers" wrote in message
    news:5abqgtF2nqkutU2@mid.individual.net...
    > Randy Tingley wrote:
    >> "Ansgar -59cobalt- Wiechers" wrote:
    >>> Randy Tingley wrote:
    >>>> Actually i am not running any servers.
    >>>
    >>> Actually, since those ports are open, you *are* running servers
    >>> there.
    >>>
    >>>> I just upgraded to XP pro after 5 years with win 2K and I am trying
    >>>> to locate what XP is running on these ports.
    >>>
    >>> netstat -anob

    >>
    >> I have looked down the list of services running, but can id the
    >> correct service to turn it off.

    >
    > Which part exactly of 'netstat -anob's output do you fail to understand?
    >
    > cu
    > 59cobalt
    > --
    > "If a software developer ever believes a rootkit is a necessary part of
    > their architecture they should go back and re-architect their solution."
    > --Mark Russinovich


    Under the PID the netstat -ano does not show anything running on ports 21,
    25, 110, & 143? but when I have these scanned they show open?

    I am trying to locate the service, then turn it off to close these ports.



  15. Re: Which firewall for WIN XP Pro

    Randy Tingley wrote:
    > "Ansgar -59cobalt- Wiechers" wrote:
    >> Randy Tingley wrote:
    >>> "Ansgar -59cobalt- Wiechers" wrote:
    >>>> Randy Tingley wrote:
    >>>>> Actually i am not running any servers.
    >>>>
    >>>> Actually, since those ports are open, you *are* running servers
    >>>> there.
    >>>>
    >>>>> I just upgraded to XP pro after 5 years with win 2K and I am trying
    >>>>> to locate what XP is running on these ports.
    >>>>
    >>>> netstat -anob
    >>>
    >>> I have looked down the list of services running, but can id the
    >>> correct service to turn it off.

    >>
    >> Which part exactly of 'netstat -anob's output do you fail to understand?

    >
    > Under the PID the netstat -ano does not show anything running on ports 21,
    > 25, 110, & 143? but when I have these scanned they show open?
    >
    > I am trying to locate the service, then turn it off to close these ports.


    Please post the exact command and output from your portscan. Also post
    the output of the commands "ipconfig /all" and "netstat -anob". Maybe
    with some actual data we'll be getting somewhere.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  16. Re: Which firewall for WIN XP Pro


    "Ansgar -59cobalt- Wiechers" wrote in message
    news:5ac9tjF2obhfjU1@mid.individual.net...
    > Randy Tingley wrote:
    >> "Ansgar -59cobalt- Wiechers" wrote:
    >>> Randy Tingley wrote:
    >>>> "Ansgar -59cobalt- Wiechers" wrote:
    >>>>> Randy Tingley wrote:
    >>>>>> Actually i am not running any servers.
    >>>>>
    >>>>> Actually, since those ports are open, you *are* running servers
    >>>>> there.
    >>>>>
    >>>>>> I just upgraded to XP pro after 5 years with win 2K and I am trying
    >>>>>> to locate what XP is running on these ports.
    >>>>>
    >>>>> netstat -anob
    >>>>
    >>>> I have looked down the list of services running, but can id the
    >>>> correct service to turn it off.
    >>>
    >>> Which part exactly of 'netstat -anob's output do you fail to understand?

    >>
    >> Under the PID the netstat -ano does not show anything running on ports
    >> 21,
    >> 25, 110, & 143? but when I have these scanned they show open?
    >>
    >> I am trying to locate the service, then turn it off to close these ports.

    >
    > Please post the exact command and output from your portscan. Also post
    > the output of the commands "ipconfig /all" and "netstat -anob". Maybe
    > with some actual data we'll be getting somewhere.
    >
    > cu
    > 59cobalt
    > --
    > "If a software developer ever believes a rootkit is a necessary part of
    > their architecture they should go back and re-architect their solution."
    > --Mark Russinovich


    Port Scan
    GRC Port Authority Report created on UTC: 2007-05-08 at 22:32:16Results from
    scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
    119, 135, 139, 143, 389, 443, 445, 1002,
    1024-1030, 1720, 5000 4 Ports Open 1 Ports Closed 21 Ports
    Stealth--------------------- 26 Ports Tested Ports found to be OPEN were:
    21, 25, 110, 143 The port found to be CLOSED was: 113 Other than what is
    listed above, all ports are STEALTH.

    C:\>netstat -anob
    Active Connections



    Proto Local Address Foreign Address State PID

    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 992

    c:\windows\system32\WS2_32.dll

    C:\WINDOWS\system32\RPCRT4.dll

    c:\windows\system32\rpcss.dll

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\ADVAPI32.dll

    [svchost.exe]



    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4

    [System]

    TCP 0.0.0.0:2967 0.0.0.0:0 LISTENING 576

    [Rtvscan.exe]

    TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING 2884

    [alg.exe]

    TCP 127.0.0.1:1032 0.0.0.0:0 LISTENING 1172

    [ccApp.exe]

    TCP 192.168.1.100:139 0.0.0.0:0 LISTENING 4

    [System]

    TCP 192.168.1.100:1439 216.168.3.44:119 ESTABLISHED 1652

    [msimn.exe]

    TCP 192.168.1.100:1456 216.37.198.32:80 ESTABLISHED 2436

    [IEXPLORE.EXE]

    TCP 192.168.1.100:1473 216.37.198.32:80 ESTABLISHED 2436

    [IEXPLORE.EXE]

    TCP 192.168.1.100:1475 216.37.198.32:80 ESTABLISHED 2436

    [IEXPLORE.EXE]

    TCP 192.168.1.100:1476 216.37.198.32:80 ESTABLISHED 2436

    [IEXPLORE.EXE]

    UDP 0.0.0.0:500 *:* 784

    [lsass.exe]

    UDP 0.0.0.0:1267 *:* 1196

    C:\WINDOWS\system32\mswsock.dll

    c:\windows\system32\WS2_32.dll

    c:\windows\system32\DNSAPI.dll

    c:\windows\system32\dnsrslvr.dll

    C:\WINDOWS\system32\RPCRT4.dll

    [svchost.exe]

    UDP 0.0.0.0:4500 *:* 784

    [lsass.exe]

    UDP 0.0.0.0:445 *:* 4

    [System]

    UDP 0.0.0.0:1034 *:* 1196

    C:\WINDOWS\system32\mswsock.dll

    c:\windows\system32\WS2_32.dll

    c:\windows\system32\DNSAPI.dll

    c:\windows\system32\dnsrslvr.dll

    C:\WINDOWS\system32\RPCRT4.dll

    [svchost.exe]

    UDP 127.0.0.1:1416 *:* 2436

    [IEXPLORE.EXE]

    UDP 127.0.0.1:1900 *:* 1152

    c:\windows\system32\WS2_32.dll

    c:\windows\system32\ssdpsrv.dll

    C:\WINDOWS\system32\ADVAPI32.dll

    C:\WINDOWS\system32\kernel32.dll

    [svchost.exe]



    UDP 127.0.0.1:123 *:* 1128

    c:\windows\system32\WS2_32.dll

    c:\windows\system32\w32time.dll

    ntdll.dll

    C:\WINDOWS\system32\kernel32.dll

    [svchost.exe]



    UDP 192.168.1.100:1900 *:* 1152

    c:\windows\system32\WS2_32.dll

    c:\windows\system32\ssdpsrv.dll

    C:\WINDOWS\system32\ADVAPI32.dll

    C:\WINDOWS\system32\kernel32.dll

    [svchost.exe]



    UDP 192.168.1.100:138 *:* 4

    [System]



    UDP 192.168.1.100:123 *:* 1128

    c:\windows\system32\WS2_32.dll

    c:\windows\system32\w32time.dll

    ntdll.dll

    C:\WINDOWS\system32\kernel32.dll

    [svchost.exe]



    UDP 192.168.1.100:137 *:* 4

    [System]





    Folks ... this is where I am lost.





  17. Re: Which firewall for WIN XP Pro

    Randy Tingley wrote:

    > Port Scan
    > GRC Port Authority Report created on UTC: 2007-05-08 at 22:32:16Results
    > from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
    > 119, 135, 139, 143, 389, 443, 445, 1002,
    > 1024-1030, 1720, 5000 4 Ports Open 1 Ports Closed 21 Ports
    > Stealth--------------------- 26 Ports Tested Ports found to be OPEN
    > were: 21, 25, 110, 143 The port found to be CLOSED was: 113 Other than
    > what is listed above, all ports are STEALTH.


    As always ... GRC sucks ...

    >
    > C:\>netstat -anob
    > Active Connections
    > [...]
    > Folks ... this is where I am lost.


    Apart from ports 500/udp and 4500/udp listening which are usually used for
    IPSEC this looks like a pretty normal wondoze box to me.

    Besides that that the local IP 192.168.1.100 seems to indicate that you are
    sitting behind some gateway/router that does NAT. As long as the NAT
    implementation on the gateway/router works correct the scan from external
    will never reach your box but only the gateway.

    Please describe your setup and give more information about the gateway your
    are using.

    I could offer a more reliable scan from external than the GRC crap using
    nmap. If those ports are really open either some port redirections to some
    internal machine(s) are configured on the gateway (what kind of gateway is
    that?) or the gateway is running those services.

    Wolfgang



  18. Re: Which firewall for WIN XP Pro


    >
    > Folks ... this is where I am lost.
    >


    We'll see, but I think this whole exercise is worthless. You have the link
    telling what services on the NT based O/S to disable. You also have the link
    telling what you need to do to better secure the XP NT based O/S.

    Here are some other tools that will help you look around for yourself from
    time to time and see what is happening.

    http://preview.tinyurl.com/klw1


  19. Re: Which firewall for WIN XP Pro

    Randy Tingley wrote:
    > "Ansgar -59cobalt- Wiechers" wrote:
    >> Randy Tingley wrote:
    >>> "Ansgar -59cobalt- Wiechers" wrote:
    >>>> Which part exactly of 'netstat -anob's output do you fail to understand?
    >>>
    >>> Under the PID the netstat -ano does not show anything running on ports
    >>> 21, 25, 110, & 143? but when I have these scanned they show open?
    >>>
    >>> I am trying to locate the service, then turn it off to close these ports.

    >>
    >> Please post the exact command and output from your portscan. Also post
    >> the output of the commands "ipconfig /all" and "netstat -anob". Maybe
    >> with some actual data we'll be getting somewhere.

    >
    > Port Scan
    > GRC Port Authority Report created on UTC: 2007-05-08 at 22:32:16Results
    > from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
    > 119, 135, 139, 143, 389, 443, 445, 1002,
    > 1024-1030, 1720, 5000 4 Ports Open 1 Ports Closed 21 Ports
    > Stealth--------------------- 26 Ports Tested Ports found to be OPEN were:
    > 21, 25, 110, 143 The port found to be CLOSED was: 113 Other than what is
    > listed above, all ports are STEALTH.


    http://grcsucks.com/

    I'd suggest using a real port scanner (like e.g. [1], if you can't run
    something like nmap or scanline or portqry from outside your network).

    > C:\>netstat -anob

    [...]
    > TCP 192.168.1.100:139 0.0.0.0:0 LISTENING 4
    > [System]


    Since your computer has a private IP address it is apparently behind
    some router doing NAT. Meaning that the portscan you performed showed
    open ports on that router, not on your local computer. What kind of
    router do you use?

    [1] http://www.derkeiler.com/Service/PortScan/

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  20. Re: Which firewall for WIN XP Pro

    Randy Tingley wrote:
    > GRC Port Authority Report


    http://grcsucks.com

    Better use nmap.

    Yours,
    VB.
    --
    "Es muss darauf geachtet werden, dass das Grundgesetz nicht mit Methoden
    geschützt wird, die seinem Ziel und seinem Geist zuwider sind."

    Gustav Heinemann, "Freimütige Kritik und demokratischer Rechtsstaat"

+ Reply to Thread
Page 1 of 2 1 2 LastLast