LRI41
asked on
Firewall Scans are Inconsistant
I have a computer thats a little over two years old.
I am running Win XP Home Ed with AOL/DSL utlizing
McAfee “Personal Firewall Express” provided through
AOL. I get inconsistant results are GRC's Firewall Scan.
The first couple of time during the day that I go to it,
it shows passed with all common ports "stealthed."
Later say three or four hours or even later in the evening, it will show: one or both of the following:
Port 25 SMPT OPEN
Port 1025 HOST OPEN
When I go to "Task Mgr" the identical applications and
processes are running. I am quite sure that I do not have any virues, trojans or adware on the machine.
Since we are using AOL mail, can't figure out why the
SMPT port would be open at all?
I am running Win XP Home Ed with AOL/DSL utlizing
McAfee “Personal Firewall Express” provided through
AOL. I get inconsistant results are GRC's Firewall Scan.
The first couple of time during the day that I go to it,
it shows passed with all common ports "stealthed."
Later say three or four hours or even later in the evening, it will show: one or both of the following:
Port 25 SMPT OPEN
Port 1025 HOST OPEN
When I go to "Task Mgr" the identical applications and
processes are running. I am quite sure that I do not have any virues, trojans or adware on the machine.
Since we are using AOL mail, can't figure out why the
SMPT port would be open at all?
ASKER
After determining my current IP for the current use time , could I
engage the services of my son who lives near by ( say an hour away) and give him the Ip address and have him telent my current IP on such and such a port? If so, I think we may also need some
direction or how one does that?
I did find the following via google:
Im new to the telnet. I know I go to Start>Run> and type in telnet. Then i press o to connect and type in my ISP's email and use port _____
This is a Mac forum, but I have a suggestion.
Start > Run..
then type "telnet IPaddress 25" where IPaddress is the IP address of your ISP's mailserver.
Then when the window opens, hit 'c' or whatever special character your client requires.
Telnet for windows connect command is
open IP port
open x.x.x.x 25
Unless you have an older version, if you do, start> run> telnet>
then from there click connect and work from that!!!
engage the services of my son who lives near by ( say an hour away) and give him the Ip address and have him telent my current IP on such and such a port? If so, I think we may also need some
direction or how one does that?
I did find the following via google:
Im new to the telnet. I know I go to Start>Run> and type in telnet. Then i press o to connect and type in my ISP's email and use port _____
This is a Mac forum, but I have a suggestion.
Start > Run..
then type "telnet IPaddress 25" where IPaddress is the IP address of your ISP's mailserver.
Then when the window opens, hit 'c' or whatever special character your client requires.
Telnet for windows connect command is
open IP port
open x.x.x.x 25
Unless you have an older version, if you do, start> run> telnet>
then from there click connect and work from that!!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Bembi, thanks for your reponse, due to some unexpected events that came up and my son's work
schedule, probably will not get a chance to work on this till this week end, my guess is may be this coming Sunday, so bear with us. No Need to Reply.
schedule, probably will not get a chance to work on this till this week end, my guess is may be this coming Sunday, so bear with us. No Need to Reply.
ASKER
Bembi, Just to keep you up to date, I scanned
5 or 6 times this morning and wouldn't you just
know each and every time, complete "stealth"
on all ports. I even sent a test email to myself which was received, still nothing. So as soon as I find either
25 or 1025 open and my son is available, we will do the test and I let you know what is responds. My guess is that your analysis and or guess is correct and
its AOL's response and not my computer. Just to keep you advised and I haven't forgotten and as soon as we can do the test and get the results , I will post it here.
Se no need to reply until then nor will I post until then.
TIA
5 or 6 times this morning and wouldn't you just
know each and every time, complete "stealth"
on all ports. I even sent a test email to myself which was received, still nothing. So as soon as I find either
25 or 1025 open and my son is available, we will do the test and I let you know what is responds. My guess is that your analysis and or guess is correct and
its AOL's response and not my computer. Just to keep you advised and I haven't forgotten and as soon as we can do the test and get the results , I will post it here.
Se no need to reply until then nor will I post until then.
TIA
ASKER
Bembi: Well today the scan showed Port 25 SMPT
open and I got a hold of my son and he did the telnet
and the message returned as follows:
"Connecting To (IP Number only not port number). . . . .Could not open connection to the host, on port 25: connect failed"
We were also on the phone at the same time, and
as he was emailing it to me, I went back to Gibson's site and did another scan right then which still showed
port 25 SMPT open!!!
open and I got a hold of my son and he did the telnet
and the message returned as follows:
"Connecting To (IP Number only not port number). . . . .Could not open connection to the host, on port 25: connect failed"
We were also on the phone at the same time, and
as he was emailing it to me, I went back to Gibson's site and did another scan right then which still showed
port 25 SMPT open!!!
Means, nothing comes back, that is fine.
Two additional tests, to be sure, your machine is safe:
Open DOS promt and type
netstat -n
you can see there all open ports on your machine. That does not mean, that all these ports are open to the public world, that means only, that there are a few ports, which are used internal. If you can not find port 25 there, but Shields Up reports port 25 as open, you can be sure, that your port 25 is closed, as no service is listening on it.
Another tool to test is can you find here:
http://support.microsoft.com/default.aspx?scid=kb;de;310099
Also, if you find port 25 open, use the complete port scan to test all of the first 1024 ports and see, if the results are the same.
I assume, that this is a routing issue of AOL. Also compare the IP Address Shields Up is showing with the IP Address you can find, if you type IPConfig /All at DOS promt.
Two additional tests, to be sure, your machine is safe:
Open DOS promt and type
netstat -n
you can see there all open ports on your machine. That does not mean, that all these ports are open to the public world, that means only, that there are a few ports, which are used internal. If you can not find port 25 there, but Shields Up reports port 25 as open, you can be sure, that your port 25 is closed, as no service is listening on it.
Another tool to test is can you find here:
http://support.microsoft.com/default.aspx?scid=kb;de;310099
Also, if you find port 25 open, use the complete port scan to test all of the first 1024 ports and see, if the results are the same.
I assume, that this is a routing issue of AOL. Also compare the IP Address Shields Up is showing with the IP Address you can find, if you type IPConfig /All at DOS promt.
ASKER
Bembi thanks for all your time, information and advice.
I tried to run the additional tests but the scan tonight like
Yesterday came back "Stealthed" I have taken enought of your time and in the future when the stars are right, and the ports show they are open , I will run the other tests and if I have
additional questions I will post a new questions. I did find the
English version:
Another tool to test is can you find here:http://support.microsoft.com/default.aspx?scid=kb;de;310099
Use English:
http://support.microsoft.com/default.aspx?scid=kb;en-us;310099
But haven't download it yet, I will see what the other ones show first. Again Thanks!!!!
I tried to run the additional tests but the scan tonight like
Yesterday came back "Stealthed" I have taken enought of your time and in the future when the stars are right, and the ports show they are open , I will run the other tests and if I have
additional questions I will post a new questions. I did find the
English version:
Another tool to test is can you find here:http://support.microsoft.com/default.aspx?scid=kb;de;310099
Use English:
http://support.microsoft.com/default.aspx?scid=kb;en-us;310099
But haven't download it yet, I will see what the other ones show first. Again Thanks!!!!
Upps, havn't realized, that its the german version.
Take care.
Take care.
Secondary, if you scan your machine from outside, it must not be your machine, which is responding. As you are routed through the AOL software, it maybe that AOL responses for your actual IP address. If the port is really open is hard to determine, as the AOL Software is between your machine and AOL.
What you can do is, use a secondary machine and telnet your current IP on port 25, if your scanner tells you, that the port is open. The banner text, which coes back, may a hint, who is responding on port 25, your machine or AOL.