Re: Firewall question 2

From: TOYOTA MR2 (toyota_mr2@netvisao.pt)
Date: 03/27/02 

From: "TOYOTA MR2" <toyota_mr2@netvisao.pt>
Date: Wed, 27 Mar 2002 17:03:45 -0000

U should never have 2 or more firewall installed AND running
simultaneously!!!

Reason...ur security is lowered and sometimes even comprimised.

Ports that should be blocked (stealthed) r gonna be only closed and
sometimes even open (not so rarely).

If a port is showing as closed, it can be scanned and eventually be broken
into. And it happens specially important ports such as NetBIOS, Ident, POP3,
HTTPS

http://scan.sygatetech.com/probe.html
We have determined that your IP address is XXX.XXX.XXX.XXX
This is the public IP address that is visible to the internet.
Note: this may not be your IP address if you are connecting through a
router, proxy or firewall.

Trying to gather information from your web browser...

Unable to gather any information from your browser!

Trying to find out your computer name...

Unable to determine your computer name!

Trying to find out what services you are running...

Unable to detect any running services!

Your system ports are now being scanned and the results will be returned
shortly...
Results from stealth scan at TCP/IP address: XXX.XXX.XXX.XXX

Ideally your status should be "Blocked." This indicates that your ports are
not only
closed, but they are completely hidden (stealthed) to attackers.

Service Ports Status Additional Information
FTP DATA 20 BLOCKED Used by FTP for data transmission in Passive mode.
FTP 21 BLOCKED File Transfer Protocol is used to transfer files between
computers. A misconfigured FTP server can allow an attacker to transfer
files, trojan horses, and virus programs at will.
SSH 22 BLOCKED Secure Shell, a encrypted type of telnet. If misconfigured it
can allow for brute-force attacks on your administration account.
TELNET 23 BLOCKED Telnet is used to remotely create a shell (dos prompt),
this can allow an attacker to control your system as if he was sitting in
front of it.
SMTP 25 BLOCKED SMTP is used to send email acrost the internet. This allows
an attacker to verify user accounts on your system, send anonymous (spam)
email, or even access files on your hard drive.
DNS 53 BLOCKED Domain Name Services are used to resolve host names to IP
addresses.
DDC 59 BLOCKED Used mainly by file transfer and chat programs.
FINGER 79 BLOCKED Finger offers information about who is currently logged in
to your computer.
WEB 80 BLOCKED HTTP web services publish web pages. A misconfigured web
server can not only offer an attacker needed information about his target,
but it can allow for various security breaches.
POP3 110 BLOCKED Post Office Protocol is used to receive email. It can be
used by attackers to create fake email addresses, execute programs, and even
intercept your private email.
IDENT 113 BLOCKED Ident is often used for IRC (chat), but also provides
information about your system and who is using it.
NetBIOS 139 BLOCKED NetBios is used to share files through your Network
Neighborhood. If you are connected to the internet with this open, you could
be sharing your whole hard drive with the world! This is a very dangerous
port to have open.
HTTPS 443 BLOCKED Secure Web Servers are often used by banks and online
vendors.
Server Message Block 445 BLOCKED In Windows 2000, Microsoft added the
possibility to run SMB directly over TCP/IP, without the extra layer of NBT.
SOCKS PROXY 1080 BLOCKED Socks Proxy is an internet proxy service, many IRC
servers will not allow you to log in if you are running an unsecured socks
proxy.
SOURCE PORT 1123 BLOCKED This is the port you are using to communicate to
our Web Server. A firewall that uses Stateful Packet Inspection will show a
'BLOCKED' result for this port.
WEB PROXY 8080 BLOCKED HTTP Web Proxy allows other people to bounce their
web browser off of your computer to fake their real IP address to web
servers.

This is what a basic security test on ur firewall should tell u.

http://grc.com/x/ne.dll?rh1ck2l2

NanoProbe Technology Synchronous Internet Port Probe
 by Steve Gibson, Gibson Research Corporation.
Quickly Check for Connectable
Listening Internet Ports
This Internet Port Probe attempts to establish standard TCP Internet
connections with a handful of standard, well-known, and often vulnerable
Internet service ports on YOUR computer. Since this is being done from our
server, successful connections demonstrate which of your ports are "open" or
visible and soliciting connections from passing Internet port scanners.

Your computer at IP:
 XXX.XXX.XXX.XXX
Is being 'NanoProbed'. Please stand by. . .
Total elapsed testing time: 9.989 seconds
(See "NanoProbe" box below.)

Port
Service
Status Security Implications

21
FTP
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer)
exists at this IP address!

23
Telnet
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer)
exists at this IP address!

25
SMTP
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer)
exists at this IP address!

79
Finger
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer)
exists at this IP address!

80
HTTP
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer)
exists at this IP address!

110
POP3
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer)
exists at this IP address!

113
IDENT
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer)
exists at this IP address!

135
RPC
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer)
exists at this IP address!

139
Net
BIOS
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer)
exists at this IP address!

143
IMAP
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer)
exists at this IP address!

443
HTTPS
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer)
exists at this IP address!

445
MSFT
DS
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer)
exists at this IP address!

5000
UPnP
Stealth! There is NO EVIDENCE WHATSOEVER that a port (or even any computer)
exists at this IP address!

For more detailed information u can do it urself.

Besides, there's no such thing as too much information, so here's some stuff
for u...

http://www.moosoft.com/download.php
Go there, downalod, install, update and scan ur system for trojans. If u
have them, clean them.

Scan your system for viruses online for free, just go to this url and it
will look and clean all your drives without cost.
http://housecall.antivirus.com/housecall/start_corp.asp

Check for spyware on your system and remove it. Spyware Ad-aware
Removal available from http://www.lavasoftusa.com/
Also download the RefUpdate, so u can update the Ad-aware spyware removal.

Check your system for open ports. Very complete tests. The most reliable one
I know.
http://scan.sygatetech.com/

To check open ports https://grc.com/x/ne.dll?bh0bkyd2

http://grc.com/UnPnP/UnPnP.htm
That is for information on the Microsoft Universal Plug and Play service and
download of the program that allows you to disable it. That feature being
enabled MIGHT TURN YOUR PC INTO A SERVER
This is to test your ports status. https://grc.com/x/ne.dll?bh0bkyd2
If u have port 5000 open, please go to the 1st URL, download the program,
run it and disable that feature.
That feature is enabled at least on XP, ME and 98

Test if your firewall is safe of it is leaking in terms of security
http://grc.com/lt/leaktest.htm

NoShare and LetShare are terrific solutions for quickly, easily, and
reversibly disabling and enabling NetBIOS resource sharing.
When you are sharing NetBios resources, you are not fully protected, for you
can still be hacked. You can download these disabling and enabling NetBios
resource sharing files at http://grc.com/faq-shieldsup.htm#139
Windows XP users DO NOT download and install No Share file!!! Disabling
NetBIOS resource sharing cannot be done by using this tiny program. If you
install this file on XP you are going to need the Let Share file installed
to reverse this disabling. If you already rebooted your pc...it's too late
and you are going to have to format and reinstall Windows XP.
Best thing to do is download both programs, just in case. I had my ISP
"knocking on my door" all the time on NetBIOS, haven't seen them in 2
months. Now they try UDP on random ports, Sygate takes care of them.
Also important...I'm not sure if No Share can be used on NT and 2000. On 95,
98, 98 SE and ME it can and works great. I'm on ME, cable connection, have
no complaints. NetBIOS is safe.

Go to this site for an Internet Security Forum
 http://grc.com/cb-faq.htm

Check here for software that is suspected bo be SpyWare
http://grc.com/oo/suspects.htm

If u "waste" a bit of ur time checking all that, u'll see ur system will be
a lot safer and u can be a lot more relaxed!!!

Going back to the 2 firewalls thing...u don't have to uninstall them. Go to
MSConfig disable the one that offers less security trust. U can change
active firewall whenever u want. That's what I do and I got 6 installed!!!
Including the Pc-Cillin 2002 one, which is not so bad as a firewall, but
nothing compares to Sygate Pro 5.0, not yet, anyway!!!

"DDJ2" <DDJ2@DDJ2000.net> escreveu na mensagem
news:3CA1106B.5050304@DDJ2000.net...
> Is it worth to have two firewalls
> on the same PC (they do not grab too much resources
> and dial-up traffic is usually slow ) ?
>
> The reason for doing this can be illustrated by
> simplistic example : if one firewall has probability
> of penetration, say, 1/1000 days,
> or 1/3 years which is small but real, then two
> will have 1/1000000 which is 1/3000 years which
> is negligibly small.
>

Relevant Pages