Re: Discrepancies in port scanning = trouble?

From: LRW (
Date: 09/20/03

Date: Sat, 20 Sep 2003 20:39:33 GMT

"Leythos" <> wrote in message
> In article <>,
> says...
> > So I have a Linksys router with no port forwarding on.
> > I'm using ZoneAlarm with high internet security turned on.
> > I'm using WindowsXP with the connection's firewall turned on.
> >
> > I used 's Shields Up port scanner, and it found all my
> > ports in stealth mode, except 113 visible but closed.
> > That worries me.
> >
> > But even moreso, I used SuperScan by foundstone to do a portscan of my
> > IP, I suppose similar to what a scriptkiddie would do, and it found
> > ports 25, 80, 110, 2468, 5678, and 6688. 80 is my router's admin
> > webpage, fortunately I changed the default password immediately after
> > plugging the thing in for the 1st time.
> > But what about those other ports? Shouldn't they be invisible to a
> > port scan?
> > I tried telneting to each one, and it just timesout at least. But it
> > still bothers me that GRC saw 113 and SuperScan found 6 (and not port
> > 113, odd.)
> >
> > How unsafe am I?
> The above is wrong, the router uses 8080 for remote management. If the
> scanner did a scan INSIDE your network then you would seem to have a few
> problems, but the Linksys isn't one of them. Why are you running an
> IDENT Server (113).

That's just it...I'm NOT intentionally running an IDENT server!
How would I even know if I am?
The port scan is done completely outside my system and it only found
113, (albet "closed", although not "stealth" like everything else.) So I
guess that's the one that most troubles me.
How can I find out how to disable or hide that port?
I mean, my Linksys has no ports forwarding, my ZoneAlarm has nothing
trusted, and my WindowsXP firewall isn't allowing anything. How is 113 being

The SuperScan was run by my own machine, scanning the public IP assigned by
the ISP...but I will still grant because it was initiated by the machine in
question, the results might not be accurrate?
But as for port 80, if I HTTP to just my IP, it comes up with my Linksys
logon screen. And that's set right out of the box. I changed the remote
administration to a different port, but 80 still goes to my router's control
Again, it seems as though I'm already doing everything I can with my router
not forwarding anything, nothing set on the DMZ, and ZoneAlarm at max. What
else can I do to hide these ports, especially 113?

Thanks for the replies!!

Relevant Pages

  • Re: Cant get remote access to work
    ... The name is simply something that relates to the port used. ... "RDP" in my Linksys example and "RemoteDesktop" with the Buffalo example... ... > server" which the port forwarding website says you will need, ... >> Your talking about accessing your office XP Pro PC using Remote Desktop, ...
  • Re: LInksys WAG354G Router Woes
    ... one is my main computer and the other is my web server. ... Linksys support have been useless and want it back for inspection so I ... WEP and trouble free port forwarding? ...
  • Re: hardware and software firewall?
    ... The Linksys only allows/blocks connections based on protocol and port. ... > I have a Linksys 4 port router and am using the free version of Zonealarm. ...
  • Re: Connect to More Than 1 Computer On A Network?
    ... is in the Linksys router configuration page. ... long as I change the IP address on the Linksys port forwarding page. ... I'm able to change the port of one of the machines in RegEdit. ...
  • Re: LinkSys BEFSX41Filter in conjunction with Port Forwarding
    ... > When I enable Port Forwarding everyone outside can see that port. ... There is no filtering of forwarded ports on a Linksys router, ...