Re: Discrepancies in port scanning = trouble?
From: LRW (druid_at_NOSPAHMcelticbear.com)
Date: Sat, 20 Sep 2003 20:39:33 GMT
"Leythos" <firstname.lastname@example.org> wrote in message
> In article <email@example.com>,
> firstname.lastname@example.org says...
> > So I have a Linksys router with no port forwarding on.
> > I'm using ZoneAlarm with high internet security turned on.
> > I'm using WindowsXP with the connection's firewall turned on.
> > I used www.grc.com 's Shields Up port scanner, and it found all my
> > ports in stealth mode, except 113 visible but closed.
> > That worries me.
> > But even moreso, I used SuperScan by foundstone to do a portscan of my
> > IP, I suppose similar to what a scriptkiddie would do, and it found
> > ports 25, 80, 110, 2468, 5678, and 6688. 80 is my router's admin
> > webpage, fortunately I changed the default password immediately after
> > plugging the thing in for the 1st time.
> > But what about those other ports? Shouldn't they be invisible to a
> > port scan?
> > I tried telneting to each one, and it just timesout at least. But it
> > still bothers me that GRC saw 113 and SuperScan found 6 (and not port
> > 113, odd.)
> > How unsafe am I?
> The above is wrong, the router uses 8080 for remote management. If the
> scanner did a scan INSIDE your network then you would seem to have a few
> problems, but the Linksys isn't one of them. Why are you running an
> IDENT Server (113).
That's just it...I'm NOT intentionally running an IDENT server!
How would I even know if I am?
The grc.com port scan is done completely outside my system and it only found
113, (albet "closed", although not "stealth" like everything else.) So I
guess that's the one that most troubles me.
How can I find out how to disable or hide that port?
I mean, my Linksys has no ports forwarding, my ZoneAlarm has nothing
trusted, and my WindowsXP firewall isn't allowing anything. How is 113 being
The SuperScan was run by my own machine, scanning the public IP assigned by
the ISP...but I will still grant because it was initiated by the machine in
question, the results might not be accurrate?
But as for port 80, if I HTTP to just my IP, it comes up with my Linksys
logon screen. And that's set right out of the box. I changed the remote
administration to a different port, but 80 still goes to my router's control
Again, it seems as though I'm already doing everything I can with my router
not forwarding anything, nothing set on the DMZ, and ZoneAlarm at max. What
else can I do to hide these ports, especially 113?
Thanks for the replies!!