Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: how to disable these UDP and TCP ports

  1. #1
    miamia Guest

    Default how to disable these UDP and TCP ports

    hello,I performed port scan and I would like to close these portsTCP ports: 80 110 139 443 446 995 3128 8080 28801UDP ports: 123 137 138 500 1900 4500 4767 28801
    how should I configure ZA to do it?
    thank you


    Operating System:Windows XP Pro
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: how to disable these UDP and TCP ports

    Details of this port scan?
    From where and who and when?
    I ask this because the list of ports seems suspicious - you are using a hardware router or a nat enabled modem or performed this port scan in a hot spot/hotel/cafe or used a proxy server?

    Oldsod.
    Best regards.
    oldsod

  3. #3
    miamia Guest

    Default Re: how to disable these UDP and TCP ports

    well, I have new cable internet connection so I did portscan with foundstone scanline and
    blue's portscanner. I am using only cable modem and public IP.
    logs from scanline:Responded in 0 ms.
    0 hops away
    Responds with ICMP unreachable: No
    TCP ports: 80 110 139 443 446 995 3128 8080 28801
    Responded in 0 ms.
    0 hops away
    Responds with ICMP unreachable: YesUDP ports: 123 137 138 500 1900 4500 4767 28801

    log from blue's portscanner:UDP: myip [25-smtp]
    UDP: myip [123-ntp]
    UDP: myip [138-netbios-dgm]
    UDP: myip [137-netbios-ns]
    UDP: myip [500-isakmp]
    UDP: myip [1900-ssdp]
    UDP: myip [3722]
    UDP: myip [3956]
    UDP: myip [4500]
    UDP: myip [4767]
    UDP: myip [9826]
    UDP: myip [28801]


  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: how to disable these UDP and TCP ports

    Did you happen to notice the IP indicated as being scanned by the port scanners?
    Please note down the actual IP as seen by these port scanners and then compare this IP to the "true" IP of your computer that is getting tested.
    The true IP of the computer is found in the ipconfig /all command of the command prompt.

    http://technet.microsoft.com/en-us/l.../bb490921.aspx

    If the two IPs do not match exactly, then it was not the software firewall of the computer which was being tested, but instead a hardware firewall placed before your computer which was getting tested.

    Oldsod.
    Best regards.
    oldsod

  5. #5
    miamia Guest

    Default Re: how to disable these UDP and TCP ports

    I think you are right. I tried http://www.t1shopper.com/tools/port-scanner/
    to scan these ports and ZA blocked it successfuly.but I don't understand how can I check my right IP and use it in
    port scanner to test my ZA software? I am sorry for stupid question I am newbee.
    ---
    please can you tell me which address from ipconfig should I use
    to test my software firewall?
    many thanks

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: how to disable these UDP and TCP ports

    All online port scanners show the exact IP which will be tested.
    Usually in the beginning of the test or before the test will be performed..
    Open the Run of Windows.
    Type in "cmd" (without the quotation marks) and hit the OK.
    In the command window type in "ipconfig /all" (without the quotation marks).
    The results are:

    IP Address... this is the correct and true address of your computer which is being used.


    also Default Gateway is the correct IP for your dhcp server and the DNS Server(s) is the correct domain name lookup servers.


    also while here at this point of time do this:

    Make sure your DNS and DHCP server IP's are in your Firewall's Trusted zone. Finding DNS and DCHP servers, etc

    1. Go to Run and type in command and hit 'ok', and in the command then type in ipconfig /all then press the enter key. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side. Make sure there is a space between the ipconfig and the /all, and the font is the same (no capitals).
    2. In ZA on your machine on the Firewall, open the Zones tab, click Add and then select IP Address. Make sure the Zone is set to Trusted. Add the DNS IP(s) .
    3. Click OK and Apply. Then do the same for the DHCP server.
    4. The localhost (127.0.0.1) must be listed as Trusted.
    5. The Generic Host Process (svchost.exe) as seen in the Zone Alarm's Program's list must have server rights for the Trusted Zone.
    Plus it must have both Trusted and Internet Access.

    Extra help is found at Guru Hoov site for the DNS/DHCP.


    It should be noted the only possbile time the port scans will show the ZA with open ports IS if there are any internet server allowed in the Program listings. (this will allow open ports and only when this is used. The usual is no internet servers are allowed!).
    Plus the Internet security slider of the ZA should be at the highest setting not at the middle or lower setting.


    Oldsod
    Best regards.
    oldsod

  7. #7
    miamia Guest

    Default Re: how to disable these UDP and TCP ports

    thank you for your help. I will try your steps...
    by the way in portscan software I used right IP but I think (your first opinion was right) scan request did not come to my computer because
    in
    ZA logs I do not see entry. but when I use online port scanner I see in ZA logs that is was blocked. it is strange for me to see this because I am using the same IP for online scanners and same for local scanning software.

  8. #8
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: how to disable these UDP and TCP ports

    It does depend on the nature of the port scan itself.
    Most do just as TCP ACK probe and skip any other TCP SYN or TCP ACK-SYN probes.
    But port scanner doing TCP SYN and TCP ACK-SYN probes are a different nature completely.
    If just trying TCP ACK scans the ports should be all seen as "stealthed" and not in a "closed" or "open" state.


    Usually the best port scan is the ShieldsUp port scan found at grc.com.
    Used to be the syg ate once had a great port scanner but Norton/Symantec has dismantled their site since they bought out sy gate.

    Probably the best solution is purchase a cheap router along with the ZA. It is a hardware firewall which can not be fooled as it is seperate from the computer, uses no computer resources and usually in the default setting will stealth all ports and not reply to any pings (if enabled).

    But check your ZA settings as the ZA should be passing these tests with flying colors.
    That is if it is the computer's firewall getting tested and not any intermiatary firewall.

    Also try the "netstat -r" command (without the quotation marks). It will show you the "route" involved for that compute and any other server/gateway/dhcp server involved.

    Oldsod.
    Best regards.
    oldsod

  9. #9
    miamia Guest

    Default Re: how to disable these UDP and TCP ports

    thank you very much for your replies. i will try shieldsUp later
    if i have time.


  10. #10
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: how to disable these UDP and TCP ports

    OK.
    Oldsod.
    Best regards.
    oldsod

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •