PDA

View Full Version : telnet and FTP port blocking



John L.
31-05-2004, 09:22 PM
Hi all,
Now I have finally been able to create a new account.

Firstly many thanks to those who put in the hard work to enable this to happen. I have been following the trials and tribulations with interest.

Now for my question:

I have recently changed from dialup to ADSL with xtra.

As a software firewall I run Zonealarm pro.

Under dial up a net side scan of all ports by both Nortons and "shields up" of GRC. com showed as I expected good security. the common ports used by hackers etc were all stealthed etc.

Under ADSL this is no longer the case.

I am running a ethernet modem not a router.

My Telnet port now shows as open at all times. This may be as the result of my modem having a telnet default access but this should surely only be visible from the LAN side only not from the WAN (Net) side.

My FTP port now shows as open at all times from the net side. I do not run an FTP server so this should not be.

My port 80 nows shows as open at all times. This should also not be from the net side.

My machine responds to pings from the net side.

There is another two higher ports which register as being open. These may be of no consequence but I don't really know at this stage.

I have unbundled all protocols. TCP/IP is now the only access to and from the net.


The following is the report from "shields up". Nortons shows similar:

Results from scan of ports: 0-1055

5 Ports Open
1049 Ports Closed
2 Ports Stealth
---------------------
1056 Ports Tested

Ports found to be OPEN were: 21, 23, 80, 254, 255

Ports found to be STEALTH were: 0, 135

Other than what is listed above, all ports are CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

Does anyone have any ideas on how to stealth the common ports.

Alternatively Could it be my modem responding not my machine. If this is the case how can I prove this to my satifaction and gain peace of mind.

I have no software control over any of these ports in my modem.

Jen C
31-05-2004, 09:41 PM
Why not use ZA Pro to block the ports? Don't know what ports 254 and 255 are.

stu120404
31-05-2004, 09:50 PM
>Don't know
> what ports 254 and 255 are.

On grc.com under "shields up" there is page, which says what all the ports are used for :)

Jen C
31-05-2004, 09:54 PM
> >Don't know
> > what ports 254 and 255 are.
>
> On grc.com under "shields up" there is page, which
> says what all the ports are used for :)


Yes I know - have you looked them up? No information available :)

JohnD
31-05-2004, 10:03 PM
Ports 254 and 255 cannot be commonly assigned ports since they do not appear in Linux /etc/services file or in web sites such as http://www.seifried.org/security/ports/0/

tweak\'e
31-05-2004, 10:14 PM
is the internet zone (in ZA) for the adsl card set to internet or trusted ?

whiskeytangofoxtrot
31-05-2004, 10:21 PM
> Alternatively Could it be my modem responding not my
> machine. If this is the case how can I prove this to
> my satifaction and gain peace of mind.

It's most likely your modem thats responding to the scans. You should be able to modify port allocations etc in the web interface of the modem.

Although you're looking at security overkill really.

stu120404
01-06-2004, 11:43 AM
> > >Don't know
> > > what ports 254 and 255 are.
> >
> > On grc.com under "shields up" there is page, which
> > says what all the ports are used for :)
>
>
> Yes I know - have you looked them up? No information
> available :)

Oh :( :|

John L.
01-06-2004, 12:39 PM
It's set to internet

John L.
01-06-2004, 03:10 PM
>
> It's most likely your modem thats responding to the
> scans. You should be able to modify port allocations
> etc in the web interface of the modem.

Therein lies the problem. The particular Belkin modem I have at the moment wont let me modify them. I cant even get access to them.


> Although you're looking at security overkill really.

I don't agree with you here.

While if it is only the modem responding not my PC then I agree I have no problem and Zonealarm is actually doing it's job.

But if not these are the three most commonly used ports for mischief making and unless I purposefully open them for a particular application or activity then they should show as stealth at all times.

Perhaps there is something I am not understanding here. If there is then please advise me why you think I am looking for security overkill.

Stealth is "supposedly" the default state of these under Zonealarm Pro. But this is not what is being shown by scans.

At this point I know of no way short of buying another modem that I know doesn't respond and trying it in my current modem's place to prove it or not.

One point I hadn't mentioned is that my OS is 98SE.

I realise that my "apparent" ping response problem will definitely be resolved when I upgrade to XP PRO which gives me more administrative control over ping responses etc.

But I have reservations that it will overcome the other "apparent" obvious ports open for access problem. Especially given the popular view on how much Microsoft actually understands about security.

Ideas?