[Wolves] Ok now i'm slightly worried.

Simon Morris mozrat at gmail.com
Fri Sep 23 13:54:05 BST 2005


On 23/09/05, Bobby Singh <bs_wm at yahoo.co.uk> wrote:
> Hello,
>
> I tried a link from one of the post which was
> www.hackerwatch.org/probe.  My set-up is a belkin
> modem-router with its own firewall.  Then on my linux
> distros and other os they have there own firewall such
> as firestarter.  I thought this would well secured.
> Now this website tests your firewall/security of your
> PC.  I tried the 'simple probe' which was a basic one
> with the results;
>
> '...we were able to get a response from the computer
> at the IP address...'
> '... computer is through a router behaving as a NAT
> (network address translator)...'
> '...we can not test your computer directly but through
> your proxy server...'
>
> Well my router is firewalled so all good.
>
> Then i tried the 'port scan' which is more precise.
> The results were;
>
> Closed but Unsecure
> 21 (FTP)
> This port is not being blocked, but there is no
> program currently accepting connections on this port.
>

Hi Bobby,

The way they are testing whether a port is open, blocked or closed is
by trying to connect to that port.

If a port is open your machine would respond and synchronise the
connection over TCP with the testing machine

If a port is actively being blocked your machine would send a TCP RST
(reset) packet telling the testing machine to close and reset the
connection. Basically 'f' off

If the port is closed (as in there is no listen application) the TCP
SYN request from the testing machine will just go unanswered (although
different OS's do different things here sometimes)

So.....


> Open and Unsecure!
> 80 (HTTP)
> If this computer is not supposed to be acting as a web
> server you should not have this port open.
>

Testing machine sent a SYN (Synchronise connection please!) and got
back a SYN-ACK (Yep - lets talk) packet. Could this be the web based
admin package on your router?

> Closed but Unsecure
> 110 (POP3 Mail Server Port)
> This port is not being blocked, but there is no
> program currently accepting connections on this port.
>

Testing machine sent a SYN packet and got no response ( I think ). Is
this something to worry about? Probably not but you could actively
block the port in case an intruder managed to start a listening
application there (or you did accidentally)


>
> Secure
> 443 (HTTPS)
> This port is completely invisible to the outside
> world.
>

??? I don't have a definite explanation for this message they are giving you

> Now the fact i don't know what these abbreviations
> stand for and mean wasn't enough.  They are all
> UNSECURE besides the '443 HTTPS'.  Now i thought with
> my ubuntu and vector and the other OS all packed up
> with firewalls and security.  I thought it was more
> than ok.  Now i'm on a lot of reserch on 'ports' and
> not ship kind. People who have tried this what results
> do they get, which firewall blocks most ports,  do i
> need to worry about the ports, what shall i change in
> my set-up to to be secure.
>

So as I say - you look fairly secure. You are only running a HTTP
server on your public address. If you want to send me your public IP I
can test what your 443 port is doing (IANAC - I am not a cracker :) )

Cheers!


--
~sm
Jabber: mozrat at gmail.com
www: http://beerandspeech.org



More information about the Wolves mailing list