Jump to content

Closing XP Port


greenknight

Recommended Posts

When I tested my XP firewall at Shields Up!, it just barely failed. One port, port 1025, responded to a solicited request (one of the 3 ways they ping them). It said that an unidentified DCOM service might be opening the port.

I thought I could disable DCOM or whatever was responsible, and fix it, but no luck. While fiddling around with it I did stumble onto a way to close that port, though. If I use xpy to disable the Firewall/Connection Sharing service, then re-enable the firewall (very quick to do, a warning balloon pops up, you click on it, 2 more clicks and it's done), all ports are completely stealthed, it will pass any test.

This has to be done again every time you boot up. Just disabling and re-enabling the firewall doesn't do it. If anyone knows a less-clumsy way to do this, I'd be interested in hearing about it. I know, I could install another firewall, and if it was just me involved I would. Until I can sell that idea to someone else who doesn't want to have to mess with a separate firewall program, got to stuggle on with this one.

I should add that xpy, as Tarun pointed out elsewhere, can disable a lot of things that shouldn't be disabled. I don't do anything else with it, and it wasn't even successful at disabling DCOM, what I originally got it for.

Link to post
Share on other sites
  • Administrator

GRC and ShieldsUp! is a joke. I read about several studies on his ShieldsUp tests, where people ran trojoans, no firewalls, etc and it still said they were stealthed.

If you really wanna test your firewall, go to PCFlank.

Link to post
Share on other sites

Umm, if you read how ShieldsUp works you'll notice that he emphatically states that it will "NOT" show you what programs are currently 'leaving' your system, be they trojans, running services, etc.

ShieldsUp is designed to stop 'Incoming' requests/probes and it does this. I've used ShiedsUp in the past to 'stealth' my system, run a port sniffer from another machine and tried to break through to my system as I was able to direct the sniffer straight at my IP address. Guess, what? Nothing.

ShieldsUp works for what it's designed for, please next time read 'all' the information about it.

But, having said that, I'm now off to try PCFlank....... :w00t:

Cheers :shocking:

Note to Self: must stop playing with every new link on these boards to see what they do, as work gets in the way........

Link to post
Share on other sites

Passed the PCFlank test, too. Also got a perfect 5 on that test Inu-ya posted: http://www.seifried.org/freescan2/

This trick really works. Of course, the XP firewall still won't block outgoing traffic, but at least I don't have any ports open to incoming traffic.

Another interesting note, I tried doing that Windows Safety Center scan with port 1025 deliberately left open. It's supposed to detect open ports, but it said I didn't have any. Shows how much that's worth.

<Edit> Just tried rebooting and going back on line without doing my firewall tweak. ShieldsUp! detected port 1025 as open, and so did Seifried, but PCFlank didn't. Hmm...

Link to post
Share on other sites
  • Administrator

Umm, if you read how ShieldsUp works you'll notice that he emphatically states that it will "NOT" show you what programs are currently 'leaving' your system, be they trojans, running services, etc.

ShieldsUp is designed to stop 'Incoming' requests/probes and it does this.  I've used ShiedsUp in the past to 'stealth' my system, run a port sniffer from another machine and tried to break through to my system as I was able to direct the sniffer straight at my IP address.  Guess, what?  Nothing. 

ShieldsUp works for what it's designed for, please next time read 'all' the information about it.

But, having said that, I'm now off to try PCFlank....... :w00t:

Cheers :shocking:

Note to Self:  must stop playing with every new link on these boards to see what they do, as work gets in the way........

It doesn't matter if they are trojans, running services, etc. If the port is open, then "ShieldsUp" should detect it, but it doesn't.

Read -> http://blog.netwarriors.org/articles/2003/...eldsup-analyzed

Link to post
Share on other sites

It doesn't matter if they are trojans, running services, etc.  If the port is open, then "ShieldsUp" should detect it, but it doesn't.

Read -> http://blog.netwarriors.org/articles/2003/...eldsup-analyzed

<{POST_SNAPBACK}>

It does report that the port is open though if it's only a 'normal' service.

Please go check his site and you'll see that it is only designed to catch 'open' ports that allow incoming traffic, but is NOT designed to catch trojans, backdoors, nor does it catch outgoing traffic. Is this service very basic? Yes, it is, but it does what it's designed to do and that was to catch open ports, nothing else.

After reading the blog, I must admit that I have been never 100% comfortable with the results, but remember, I first used his ShieldsUp program some 5+ years ago (when I had Cable installed) when there was NOTHING else out there that offered we he did and I've never really checked again since I had my Router installed which was also some 5 years ago.

So, I'm only really going off what the test did for me, and at that initial stage it helped me close down some vulnerable ports that I had open, not knowing anything about them, 'specially NetBIOS, and made my surfing fell a little bit more comfortable. :w00t:

And thanks for the PCFlank link, worked like a charm and all tests were clear :shocking:

Cheers :D

Link to post
Share on other sites

It doesn't matter if they are trojans, running services, etc.  If the port is open, then "ShieldsUp" should detect it, but it doesn't.

Read -> http://blog.netwarriors.org/articles/2003/...eldsup-analyzed

That article is 802 days old, and what it describes doesn't even resemble the current version of ShieldsUp. Gibson may have improved his methods since then, as well as the layout, I have no way to tell. I'd like to see a test of the site that's been done recently. The only test I had available was to try disabling my firewall before running the port scan, and when I did that, I failed the test badly.
Link to post
Share on other sites

G'day,

that's what ShieldUp and PCFlank are designed to show....

Hmmm, not making myself clear :D Lemme try again....

By turning off your firewall and running the tests it shows you just how vulnerable your PC is on the net if a firewall is not installed.

That's why all the browbeating on these forums about installing a good Firewall if you don't have a Router with an internal firewall.

I found out the hard way about firewalls when I first went to cable as with most cable companies you get a static IP, whilst most dial-ups are dynamic (changing your IP address on a regular basis) and by having a static IP and no firewall, once someone's tapped into your system they've got you!

I was getting tagged at a minimum 12 times a day by port sniffers till I got ZoneAlarm and 'stealthed - so to speak' my system.

I kept ZoneAlarm for 2 years till I opted for a Router and have never looked back.

Sooooo, long story short, if you're worried about security, as you rightly should be if you have a presence on the web, get a good quality Router Switch with built in Firewall protection, even if you only have the one PC.

Cheers :shocking:

Link to post
Share on other sites
  • 2 weeks later...

GRC and ShieldsUp! is a joke.  I read about several studies on his ShieldsUp tests, where people ran trojoans, no firewalls, etc and it still said they were stealthed.

If you really wanna test your firewall, go to PCFlank.

<{POST_SNAPBACK}>

The test can't recognize my IP address, and prompt's me to therefore cancel. Is there another test that might work? It said that if my true IP address isn't detected then it can't accurately test my computer.

Any suggestions?

Thank you

Link to post
Share on other sites

are you connected directly to the internet or are you on a network? sometimes if you are on a network there will be a IP conflict with the gateway computer. if that is the case try conecting your computer directly to the internet without being on the network. also which tests did you try to perform? you can also try using this to test your firewall.

http://www.seifried.org/freescan2/

Link to post
Share on other sites

are you connected directly to the internet or are you on a network? sometimes if you are on a network there will be a IP conflict with the gateway computer. if that is the case try conecting your computer directly to the internet without being on the network. also which tests did you try to perform? you can also try using this to test your firewall.

http://www.seifried.org/freescan2/

<{POST_SNAPBACK}>

Thanks for the response MP_handler. I am on a network. All of the Tests detect the same IP Address, but it's not my IP.

My house is networked, but my computer is the Hub so the modem connects to my router, and router to my computer, the rest wireless. So I should unplug the router, and connect the modem to my tower? I was wanting to test the security of my router firewall. Maybe the router firewall can't be tested, I don't know.

Tests Performed: GRC Shields Up, PCFlank, and the one that you posted.

Thanks again for your help!

:)

Link to post
Share on other sites

is it possible that you have a dynamic IP address? i wonder if that would even make a difference in regards to the firewall tests. i'll look into it.

<{POST_SNAPBACK}>

No I don't have a dynamic IP address, but there is a submask. The odd thing is that these tests all detected the same address, and the address doesn't match my real ip address or my mask address.

Thanks again MP_handler!

:)

Link to post
Share on other sites

ok, i think the problem is the test is picking the submasks from the router that you are using. if you havnt already connect the computer that you are using directly to the lan line and try the test from there.

the firewall built inside the router that you areusing is more robust then whatever software firewall application you have. and it will also provide far better protection then any software type firewall.

EDIT: go to this link, it will display in the top right corner the IP address that is associated with your machine.

dnsstuff

Link to post
Share on other sites

EDIT: go to this link, it will display in the top right corner  the IP address that is associated with your machine.

dnsstuff

<{POST_SNAPBACK}>

:) That website got it wrong too, but at least it was a different number than the others detected. It's funny though because the city and state are right, so it's close.

Cool website! Thanks! :)

Hold on! I'm busted. The number in the top right corner is wrong, but under DNS server it found the right address.

Bummer, I thought I was invisible or something.

Link to post
Share on other sites
  • Administrator

services such as remote help and remote access

those sevices should be disabled.

I would not disable those. Remote Registry would be one to disable but "Remote Help" (I'm thinking you meant Remote Desktop Help Session Manager) should be set to manual (which it is by default). It's very useful if you need a Remote Desktop Assistance session to fix issues in your pc.

Link to post
Share on other sites

services can be tricky, the only one i ever use knowingly is the messenger one. our school is networked, and on a specific few of them you can net send messages through the network, extremely fun and entertaining. Does anybody have an idea on how to net send if the block they run program though? is there a string you can input into internet explorer?

)corjello(

Link to post
Share on other sites

Any good firewall will block outgoing traffic as well as incoming traffic, the XP firewall only blocks incoming. This means that if a trojan manages to get into your computer, it can access the internet to load spyware onto the machine.

I have Messenger disabled, I feel that any instant messaging app presents unacceptable security risks. Of course, if I was on a network, behind a router, that would be different. I can see using IM within a network.

Link to post
Share on other sites

Thanks for the response MP_handler.  I am on a network.  All of the Tests detect the same IP Address, but it's not my IP. 

My house is networked, but my computer is the Hub so the modem connects to my router, and router to my computer, the rest wireless.  So I should unplug the router, and connect the modem to my tower?  I was wanting to test the security of my router firewall.  Maybe the router firewall can't be tested, I don't know.

Tests Performed: GRC Shields Up, PCFlank, and the one that you posted.

Thanks again for your help!

:hello:

<{POST_SNAPBACK}>

G'day Krit,

the setup you've detailed above is the same that I run. You can test your Router Firewall using PCFlank and ShieldsUp! giving you an indication of your security settings.

There's no need to unplug your Router as it is the main defence for your system and should (if configured correctly) mask your system on the net.

After doing the checks on my system, all settings come up 'stealth' which I tend to think is an inaccurate way of describing your security settings because if you want to be completely 'stealthy' you'll need to disconnect from the internet which is pointless.

Therefore I prefer to think of my system as being 'masked', meaning that to the casual websurfer, they won't see my system. However, to someone with knowledge of security systems can, if they really want to, get into your system regardless.

Most security problems that people have is that they DO NOT follow basic steps to secure their system from 'attacks'. I know of quite a few people who have ADSL/Cable and do NOT have any form of security setup for their system and keep wondering why they constantly get virii or trojans on their system.

My suggestion to them constantly is to go and buy a Router/Hub with built-in firewall protection as this alleviates the need to have software firewalls installed and will give you a very good degree of protection. However, if you feel uncomfortable about only using the Router as protection, by all means, spend the extra dollars to get software firewalls, but I prefer to spend my money on other things.

:Disclaimer: The above is only my opinion and in no way depicts how YOU should protect your system.  Security of your system is up to YOU, and if things go wrong you can only blame yourself, not your PC or your ISP.

Now, having given the disclaimer, if you are worried about your security, Lunarsoft is an excellent resource to use to ask other folk (as you've been doing) on how to secure your system and is still the best system IMO to get proper help than trying to go it alone and downloading at lot of useless crap which not only costs you money but will also cause you a lot of grief. Asking someone who's been there, done it and fixed it is still the best solution. Heck your not going to ask your butcher how to fix your carburettor are you (unless he's a closet mechanic :wish: )?

Cheers :cake:

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...