Solved

Blocked Ports

Posted on 2004-09-18
10
297 Views
Last Modified: 2010-04-11
I recently did a scan on Sygate Technologies site to check the security of my system. I ran all their scans, and they scanned all my ports, tcp etc.. they all came back blocked, and Sygate said they were all stealthed. Does this mean my system is secure from outside attacks? Aren't sockets still exposed? I guess I'm not sure what it means that all my ports are blocked?
Thanks Gary
0
Comment
Question by:fourwayflight
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12092774
> Does this mean my system is secure from outside attacks?
If all ports are closed, how did you get outside?
0
 
LVL 7

Accepted Solution

by:
jimwasson earned 125 total points
ID: 12093208
First of all, it is unlikely they scanned all of your ports -- just a subset that is likely to be used by various services.

The "blocked" status is the best that you can hope for in a scan such as this.  Their website says this about blocked ports:
  "This port has not responded to any of our probes. It appears to be completely stealthed."
This means that when they probed this port they couldn't tell whether there was a computer connected or not -- hence "stealthed".

For "closed" ports they says this:
  "This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities."
This means that they can tell that there is a computer connected at that address and at that port. So you wouldn't be "hidden" from hackers probing for vulnerable machines.

I don't know which scan you had them run but try their "Stealth scan" which may show up some vulnerabilities.
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12093368
Sockets are the application level "listeners" on the ports... so if all your ports are blocked then the sockets (which still can listen on blocked ports) won't communicate with anything.

Think of your computer as a house... the doors are the ports... the sockets are people behind the doors waiting to greet whoever comes in.  If the doors are all locked, the people would just stand there... bored... cause they have no one to talk to.
0
 

Expert Comment

by:Xygus
ID: 12094258
to lose or gain, hidden to the shadows. ip ports blocked not a good site.
i perfer that u would use a better firewall, maybe norton.
maybe u should install windows service pack 2.

lalalalala >>>if u thought to accept this, u are doin urself a wrong<<<

FORCE ACCEPT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!

I don't have nothing to steal only my bandwidth, plz not my bandwidth.  my service provider only gives me 7 gigs a month.  WHAT am i suppose to do with 7 gigs a month, i can't even log into msn messenger without half of it gone.
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12096726
Huh?
0
Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 12096927
> .. so if all your ports are blocked then ... won't communicate with anything.
Wrong. Dot.
If someone disagrees with "wrong" please search the web or books or whatever how to use for example ICMP to build a full client-server application (sorry EE's membership agreements do not allow to post proper links).
BTW, ICMP does not use any port.
If you got used to that, you understand my first comment http:#12092774  :-)
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12098102
ahoffmann, this is not to offend in anyway - I am just clarifying what I said...

In context, the statement "so if all your ports are blocked then the sockets (which still can listen on blocked ports) won't communicate with anything" is true for all cases... even for ICMP.  The statement I made refers to the port-socket relationship.  If the ports are blocked then the socket behind the port will not communicate.  This is true even for ICMP - If you use an ICMP socket, the assigned port must be open in order for it to communicate (basic socket level programming).

ICMP can be used in a non-port, non-socket communication but this was not an issue that I was addressing since the user asked about port-socket blocking.

Your first comment (or question) in this thread is probably a misunderstanding.  The question presented by fourwayflight was referring to an incoming packet originating from the outside to his firewall - in this case the user went to a website that sent port probes to his firewall.  Firewall's are designed to block any non-internally generated responses from the outside - which for the user, the firewall was blocking all common ports 1-1024, as it should be by default.  This does not imply the user cannot "get outside" - firewalls will allow responses from internal requests (stateful packet inspection as an example).
0
 

Expert Comment

by:Xygus
ID: 12098303
NOOOOOOOOOOOOOOOOOOOOOOOOOO, LimeSMJ Has Gone Mad!
His tipping over tables and chairs, ripping his hair out of it's sockets, offending everyone in his site.  Keep away, Keep away!

Warning, LimeSMJ is classified as High Alert.
High Level of Radiation and Raw Rage.
Proceed with immediate quarenteen proceedure.

-Xygus
Investigation of Pure Evil
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12099248
Huh? (again)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12099731
it's useless to explain the "unbelievable" if you won't make yourself used to it (like communicating through firewalls without being blocked, or even detected:)
If a firewall allows traffic in one direction, I can coomunicate.
No offence too ;-)

I agree that "usual" tcp (and most udp) traffic is blocked when the firewall drops these packets, and hence no "usual" program using sockets can communicate.
The questieon was indeed about sockets, so we can stop explaining other techniques here :-)

> I guess I'm not sure what it means that all my ports are blocked?
to be more precise:
  if ports 1..65335 do not respond from outside, then tcp (and probably udp) they can be assumed blocked
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

939 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now