Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Problems with leaking ports?

  1. #1
    pixieperf Guest

    Default Problems with leaking ports?

    I'm running Windows 7 Home Premium 64-bit. I process credit cards for my business and have to pass quarterly scans done by Security Metrics. I'm having trouble passing them this time around. I have 3 things listed regarding ports. They all identical except for the port numbers, which are 256, 257, and 258. This is the message Security Metrics gives me:

    Synopsis : The remote firewall is leaking information. Description : The remote host has the three TCP ports 256, 257, and 258 open. It's very likely that this host is a Check Point FireWall/1. A remote attacker could use this information to mount further attacks. See also : http://www.securitymetrics.com/u?f189d2b 7 Solution: Do not allow any connections on the firewall itself, except for the firewall protocol, and allow that for trusted sources only. If you have a router that performs packet filtering, add an ACL that disallows the connection to these ports for unauthorized systems. Risk Factor: Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

    When it says it's likely a "Check Point Firewall", what does that mean? How do I fix this? It's driving me crazy. Any help at all would be appreciated. At the rate I'm going, I'll be bald before I get this figured out.

  2. #2
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,465

    Default Re: Problems with leaking ports?

    Welcome to the Zone Alarm User Forum..

    This Forum exist to allow Volunteer experienced Zone Alarm Users to help the Few Users who encounter a problem with ZoneAlarm and need to be guided in the right direction..

    It is Sometimes very Difficult to Diagnose and fix a Computer from halfway across the Country,
    without All the Details about your computer and Software that you failed to provide, without our ability to sit in front of your Computer monitor and see what's going on..

    It is normally Helpful when posting here to give full details of your computer setup.

    Give the Exact Type and version of Zone Alarm used, Windows Version used, other security tools installed. is this a First time install?
    Stopped working recently? other issues? Error messages in the ZA logs?

    The More information you post the more likely users here will be able to understand the issue and try to help.

    1.) We don't know what Type and Version # of Zone Alarm you have installed and it it is an Old out dated version or not?
    2.) We don't even know what type and version of Windows you have?

    3.) We know nothing about your computer, Type, Brand, CPU, Laptop/Desktop..

    4.) or anything about the other software you have,

    also is this a DeskTop, Laptop computer or Netbook.

    Please List any other Security Programs installed as these programs may be conflicting with Zone Alarm.
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    pixieperf Guest

    Default Re: Problems with leaking ports?

    I'm running ZoneAlarm Extreme Security v. 9.3.037.000.
    Windows 7 Home Premium 64-bit.
    No other security programs installed.
    Dell Studio Laptop with a 6 month old Western Digital Hard Drive
    Pentium Dual-Core CUP T4300@2.10GHz
    Windows Firewall DISABLED

    I was getting REALLY bad failing results b/c it kept saying I had viruses, even though I couldn't detect anything with Zone Alarm. I did download something from Symantec and it scanned and found a "fakealert!" virus, which was removed. I STILL failed scans. I completely reformatted my hard drive, did a fresh install of Windows, and have installed no other programs other than ZA. I've redone my Windows and ZA updates, and am still getting errors.

    If I've left out any info, please let me know. Thanks in advance!

  4. #4
    pixieperf Guest

    Default Re: Problems with leaking ports?

    BTW, no errors are found in the log files.

  5. #5
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,465

    Default Re: Problems with leaking ports?

    Now that we know that you installed Zone Alarm Extreme 9.3.037

    please contact the offical ZA technical support (Free of Charge with a valid License) at the link in my signature,
    provide all the details of your Computer and software..
    and explain how to replicate the problem you are having ..
    Last edited by GeorgeV; June 6th, 2011 at 11:08 AM.
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  6. #6
    pixieperf Guest

    Default Re: Problems with leaking ports?

    Thanks. The only problem is that I don't know how to tell you to replicate the problem. I only get this info (about ports 256, 257, 258) when I do my quarterly can thru Security Metrics. I have no idea how to tell anyone to replicate it.

  7. #7
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Problems with leaking ports?

    If you really tried to restart fresh did you tried to make the check prior to install ZA?
    The reference given points to a hardware firewall (checkpoint/1) not ZA. May be there is something wrong on your router.
    Last edited by fax; June 5th, 2011 at 12:57 AM.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  8. #8
    pixieperf Guest

    Default Re: Problems with leaking ports?

    Yes. I did a fresh install of Windows, did all updates on Windows, then did a scan. Failed. I then reinstalled ZA, updated it, and ran another scan. Failed again. What's interesting is that my risk # (on the failed scans) goes DOWN when I make ZA less secure. I actually get the lowest risk score (aka failing grade) when ZA is completely disabled. I literally have to make my computer less secure in order to have a lower failure score.

    This is crazy, but hear me out. I've compared several of my scan results. When ZA is running, and I fail the test, I get numerous false alerts in my failed scans. Here are a few of them. I haven't included the entire description (but will if you want me to):

    1) Possible worm detected (Ramen) - Score as a 10
    2) The remote host is probably infected with Korgo worm. - Scored as a 10
    3) Worm detected (Solaris Telnet) - Scored as a 10
    4) Possible worm detected (Lion) - Scored as a 10
    5) Possible worm detected (Bugbear) - Scored as a 10
    6) Possible worm detected (lprw0rm) - Scored as a 10
    7) Your Microsoft SQL database is version (). - Scored as a 7
    8) The remote host might be infected by the 'Sapphire' SQL worm. Stop MS SQL server. - Scored as a 7

    And then of course, I have the 3 things regarding ports 256, 257, and 258. Each of those are scored as a 5.

    What's interesting here is that I know I have no viruses. Additionally, I have 2 "severe" errors regarding SQL, and I don't even HAVE an SQL server. As for the viruses, some of them are really old and from what I've read, they don't even apply to my OS.

    So now I'm running yet ANOTHER scan with the ZA firewall disabled. I'll post those results when it finishes.

    Security Metrics is who my merchant provider uses to do the scans. They're the ones that recommended ZA to me when I initially failed the scan last December. I installed ZA, left it on the default settings, ran the scan, and passed with flying colors. Passed again 3/01/11 with flying colors. And now, I can't pass to save me soul from sin.

  9. #9
    pixieperf Guest

    Default Re: Problems with leaking ports?

    I would edit the post I just posted, but I'm new here and that post hasn't received approval yet, hence this post.

    I have a WAP54G Linksys wireless access point. My internet connection is provided by Hughesnet (b/c I don't have any other options aside from dialup). I have tried the scan both wirelessly, and via being directly connected to the modem. Doesn't seem to make a difference.

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Problems with leaking ports?

    I think its time to have your system checked by malware experts.

    Follow all steps as detailed in:
    Malware Clean-up Guidance

    In the above link you will find also web sites where you can post your PC logs to have your system analyzed.

    I would also fully reset your WAP54G, reflash the latest router firmware with official firmware and re-setup it up. First think to do after all of these is to change the router default password with a random character password of at least 8 characters. Ensure you setup the wireless connection with WPA encryption. Ideally better WPA2 (if supported) and a password of at least 12 random characters.

    After all the above you should pretty sure your system is clean. Its important you use only original CDs/DVDs and before connecting to internet you proceed with a full clean-up of the router.

    Fax
    Last edited by fax; June 5th, 2011 at 07:02 AM.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Allow certain ports
    By engr_one in forum ZoneAlarm Configuration
    Replies: 2
    Last Post: November 10th, 2009, 09:03 AM
  2. open ports/stealth ports
    By einchnt in forum General - Questions that don't fit any other category
    Replies: 3
    Last Post: April 26th, 2006, 01:39 AM
  3. ZA leaking? Save.exe got access rights automatically...
    By beholder in forum Security Issues
    Replies: 4
    Last Post: February 24th, 2006, 05:42 PM
  4. Ports
    By geowizardry in forum Access Issues
    Replies: 2
    Last Post: January 25th, 2006, 05:03 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •