[Wolves] Ok now i'm slightly worried.

chris procter chris-procter at talk21.com
Fri Sep 23 13:45:42 BST 2005 

Ports are basically addresses for specific
applications on your machine, so when a message
arrives from the network the operating system knows
which application it should be given to to deal with.
They are numbers between 0-65536. By convention
certain standard ports are used for standard
applications, so port 80 is used for web servers. So
assuming your machine has the IP address 192.168.0.1
when a message arrives from the network for
192.168.0.1 port 80 your operating system will
recognise that the message is for it and pass the it
to the webserver running on your machine. 

Ports are TCP part of TCP/IP

A firewall is configured to reject certain port/ip
combinations and pass others through, so a firewall
set up to block 192.168.0.1 port 80 will reject
messages sent to your webserver.

A port scan will probe the ports your firewall allows
connections to and report wether they are blocked, or
if they are open, but there is no application
responding, or if they are open and accepting
connections. Just because a port scan tells you a port
is opened doesn't mean its a bad thing, if you want to
receive connections to a services on your machine you
need the ports open (if you're running a webserver you
want people to be able to connect to it), but if you
dont then they should be closed on the firewall.

As rule of thumb if you dont know what a service does
then close the port, you should be able to do this
through your firewalls management software. All
firewalls can block all ports its just a question of
how you configure them, 

Your firewall appears to come pre-configured with
certain ports open which is what the portscan is
detecting. Unless you are running a server of some
kind I would sugest you close them all, you dont need
any of them open if you are just running a desktop
machine.

Phew that was longer then it was meant to be.

chris


--- Bobby Singh <bs_wm at yahoo.co.uk> wrote:

> Hello,
> 
> I tried a link from one of the post which was
> www.hackerwatch.org/probe.  My set-up is a belkin
> modem-router with its own firewall.  Then on my
> linux
> distros and other os they have there own firewall
> such
> as firestarter.  I thought this would well secured. 
> Now this website tests your firewall/security of
> your
> PC.  I tried the 'simple probe' which was a basic
> one
> with the results;
> 
> '...we were able to get a response from the computer
> at the IP address...'
> '... computer is through a router behaving as a NAT
> (network address translator)...'
> '...we can not test your computer directly but
> through
> your proxy server...'
> 
> Well my router is firewalled so all good.
> 
> Then i tried the 'port scan' which is more precise. 
> The results were;
> 
> Closed but Unsecure
> 21 (FTP)
> This port is not being blocked, but there is no
> program currently accepting connections on this
> port.
> 	
> Closed but Unsecure
> 23 (Telnet)
> This port is not being blocked, but there is no
> program currently accepting connections on this
> port.
> 	
> Closed but Unsecure
> 25 (SMTP Mail Server Port)
> This port is not being blocked, but there is no
> program currently accepting connections on this
> port.
> 	
> Closed but Unsecure
> 79 (Finger)
> This port is not being blocked, but there is no
> program currently accepting connections on this
> port.
> 	
> Open and Unsecure!
> 80 (HTTP)
> If this computer is not supposed to be acting as a
> web
> server you should not have this port open.
> 	
> Closed but Unsecure
> 110 (POP3 Mail Server Port)
> This port is not being blocked, but there is no
> program currently accepting connections on this
> port.
> 	
> Closed but Unsecure
> 139 (Net BIOS)
> This port is not being blocked, but there is no
> program currently accepting connections on this
> port.
> 
> Closed but Unsecure
> 143 (IMAP)
> This port is not being blocked, but there is no
> program currently accepting connections on this
> port.
> 	
> Secure
> 443 (HTTPS)
> This port is completely invisible to the outside
> world.
> 
> Now the fact i don't know what these abbreviations
> stand for and mean wasn't enough.  They are all
> UNSECURE besides the '443 HTTPS'.  Now i thought
> with
> my ubuntu and vector and the other OS all packed up
> with firewalls and security.  I thought it was more
> than ok.  Now i'm on a lot of reserch on 'ports' and
> not ship kind. People who have tried this what
> results
> do they get, which firewall blocks most ports,  do i
> need to worry about the ports, what shall i change
> in
> my set-up to to be secure.
> 
> 
> 	
> 	
> 		
>
___________________________________________________________
> 
> Yahoo! Messenger - NEW crystal clear PC to PC
> calling worldwide with voicemail
> http://uk.messenger.yahoo.com
> 
> _______________________________________________
> Wolves LUG mailing list
> Homepage: http://www.wolveslug.org.uk/
> Mailing list: Wolves at mailman.lug.org.uk
> Mailing list home:
> http://mailman.lug.org.uk/mailman/listinfo/wolves
> 



		
___________________________________________________________ 
To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com

More information about the Wolves mailing list