Results 1 to 6 of 6

Thread: Open ports ICMP ping, 22 SSH, 80 HTTP

  1. #1
    jpfrost Guest

    Default Open ports ICMP ping, 22 SSH, 80 HTTP

    I have just runa Semantec Security Check on my Firewall protected PC, and it reports that i have the above ports open. Is there a good reason for any these to be open? Should i close or stealth them? If so, how can I do this?
    I have read on previous post that if I have a router then the security check will be checking the router and not my PC - is this correct? Does that mean that my PC will actually be fully secured? is there a way to check my PC behind the router? And should I close /stealth the ports on the router (if that is possible??)?
    Thanks in advance.


    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:6.1

  2. #2
    ad_hock Guest

    Default Re: Open ports ICMP ping, 22 SSH, 80 HTTP

    Hi jpfrost
    If you are behind a NAT router yes that's true,it's the router that is tested and not your pc.About the other questions:
    -if the scan shows open ports that means your router answers to solicitations from the internet.
    -about security there is no immediate harm to your computer as it has a private ip that is not usable and scannable from the internnet side.What the scan gets it's the exterior router ip assigned by your ISP.However a scanner will know that at that external ip something is there and it's a invitation to try to exploit. If the router leaks or he succeds to connect to your router he enters in your LAN. However you still have ZA as a second line of defense.See your router manual or the web site of the manufacturer to see if you can set the router to not answer (be stealthed).
    -If you wish to test your software firewall(ZA),the easiest way (at least it's how I do),bypass the router plugging directly the computer in the modem,and isolating the router from your computer.
    As a comment I would do the scan test at www.grc.com (shields up test)or (sygate or dslreports) as they are in my opinion more reliable then Symantec Security Check which I don't trust as it misses quite often the ip even with a simple firewall.
    Best regards

  3. #3
    jpfrost Guest

    Default Re: Open ports ICMP ping, 22 SSH, 80 HTTP

    Ad-hock,
    thanks for your reply. i have now tried www.grc.com and this reported a completley secure PC. Should I trust this over Symantec? Why would Symantec report an Open report while Sheilds Up said it is Stealthed??

  4. #4
    ad_hock Guest

    Default Re: Open ports ICMP ping, 22 SSH, 80 HTTP

    You're welcome
    I trust grc more then Symantec check.But there is a way to find out.I've been assuming from your first post that you are behind a router and if yes it's the external router ip that is scanned.In windows open a command line, start-run-cmd-ok,and in the black window from the command line type ipconfig .Now see what is your computer ip.If this ip is inside one of this ranges:
    10.0.0.0 - 10.255.255.255
    172.16.0.0 - 172.31.255.255
    192.168.0.0 - 192.168.255.255
    This means you have a private ip not usable or scannable from the internet.This means that you are behind a NAT router (could be a NAT modem but you spoke about a router;by the way you don't use DSL, if yes tell me).Take note of this ip.
    Now you need to know the external ip.Go to this site and take note of the ip http://www.whatismyipaddress.com/
    Then run the shields up again and take note of the ip that is scanned. It should be the same you got in the site. Run the Symantec Security Check and also take note of the ip and compare to see if it is the same.If the ip's in the scan tests are different from the one you got in the site this means that the scan is done over a wrong ip.Do this little test and if necessary post back.
    Best regards

  5. #5
    jpfrost Guest

    Default Re: Open ports ICMP ping, 22 SSH, 80 HTTP

    To answer your questions:
    I have a NAT Wireless Router.When I run ipconfig a 192.160.0.2 ip address is reported.I use ntl broadband
    Whatismyipaddress reports the same ip address that Shields Up is testing. However, Symantec Security Check says it is testing a different ip address. Does this mean I can stop worrying and that my PC is secure?

  6. #6
    ad_hock Guest

    Default Re: Open ports ICMP ping, 22 SSH, 80 HTTP

    Hi jpfrost
    Yes you may relax.Like I told you Symantec Security Check misses very often the right ip. On the other side grc,I never saw it to fail the ip and as you say the scan is made over the same ip that whatismyipaddress reports.So as I expected grc is correct and Symantec missed and scanned a wrong ip,probably the forwarded ip in the modem.This means your router is well setted as it stealths the ports.Don't worry your pc is well defended from incoming attempts.If you want another opinion google the sygate scan test to get the address and test there,I'm sure the results will be the same as grc.
    My best regards

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •