• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 436
  • Last Modified:

Should and HOW do I close a port in ZoneAlarm Pro 5.5 (following a port scan)?

I ran a port scan in Shields Up website (https://grc.com/x/ne.dll?bh0bkyd2) and at http://www.auditmypc.com/freescan. In both cases I get a result that my port 22 is dangerously open.

1. How can I find out what software opened up that port? It used to be safe (I would get 100% Stealth mode results).

2. How do I deal with this? Should I close it manually via ZoneAlarm or do something else?

3. If closing it manually is indeed the only way to go about it - HOW do I do that ZoneAlarm Pro 5.5?

4. Bonus: some p2p software (like eMule) suggest we open ports for that software. Is that safe? Can you do that without compromising your system's safety? Can you open a port without losing Stealth mode in such port scanning tests?

THANKS!
0
eroka00
Asked:
eroka00
  • 3
  • 3
1 Solution
 
eroka00Author Commented:
Update:
I tried blocking both the incoming and outgoing both TCP and UDP for port 22 via my ZoneAlarm (Firelwall - Main - Trusted/Internet Zones - Medium Security) but it made NO effect - I still fail those tests.

When I ran "netstat -b" it showed NO application that has opened port 22.

So I know now how to open/block the ports (q. 3 above).

Can anyone explain what is going on with my PC?... :-(
0
 
Rich RumbleSecurity SamuraiCommented:
There can be false positives on a site such as GRC.com ... something you need to check is if your ISP is NAT'ing you out a different address than what your PC actually has.
There are many cable/dsl ISP's that will give your computer an ip in a private, non-routable subnet, as in the RFC 1918 (10.x.x.x 192.168.x.x or 172.16.x.x)
So do this, go to a cmd prompt, and type "ipconfig -all" and see if your IP matches that of what shields up says it's scanning. If there is no match, then GRC is scanning your modem/router, which unless you purchased yourself, there probably is no way you can control the ssh port being open or closed, as your ISP probably uses it for administering your modem. You can also do the ipconfig -all and visit "whatismyip.com" to see if your IP's match.

Again, if they do not match what ipconfig and what grc or whatismyip say then ZAP will not be able to close the ports. If they do match, ZAP should definatly be able to close the SSH port, but since a netstat did not show any app's listening on port 22, then it's probably because your being NAT'd which is good as nat has great security by default. I wouldn't worry about the port being open, unless it is in fact coming from your PC.

On to your P2P quesion. When you go to a page like google.com, your telling your firewall-router-modem that you'd like to establish a connection to google.com. Your equipment recognizes your request, and says, sure go ahead, and we will let that site sned you info/data once you've contacted them first. So your packest go out, and connect to google, and google sends some data back to your browser so you can start your search. This is an established connection.
P2P is no different... but if you want to SHARE what you have, you must open those ports, or some port to use. But if your just DL'ing from others, you don't need any port's open what-so-ever. Your able to search what others have, then make or establish connections with others, because they have their P2P port's open so that folks can DL what they want.
-rich
0
 
eroka00Author Commented:
I see...

OK - results (as you have been a superb help by now and I truly thank you for your contribution):
GRC.com says:  81.58.58.154
ipconfig -all says: 192.168.1.254
http://www.auditmypc.com says (note this):
NATTED IP
Your external IP address (81.58.58.154) is always exposed to the internet, if it wasn't, you wouldn't be able to visit sites.  On the other hand, your internal IP address (192.168.1.254) should be protected and not be obtainable by websites.

So - what does this teach me?
As I understand - and let's see if I learnt the lesson of the day - I am behind a NAT (router?) and so I cannot do anything about the open router. I DO have a wireless router. I thought it was from it - but then - now I am not sure so if you can clear this for me - if I have my PC, a wireless router and then a NAT router - would the reuslts make sense?

As for the eMuke question - I am told I have "a low ID" - so I download slowly.
So how can I ehnace my speed over the P2P networks?

I would be happy to give you points even now - is it OK igf I grant them after your response...? ;-)
THANKS!
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
Rich RumbleSecurity SamuraiCommented:
The only way a site would be able to see anything on your wireless connection is if was using wireless to scan your PC, there's not much difference, except the data is sent through the air, rather than a wire. So unless your a few hundred feet from GRC.com and it was doing wireless scanning...
Again, since your are indeed nat'd, you cannot close the port on the router, and your protected as good as can be expected, espically if running ZAP properly, which I think you are.
The thing to fully understand is NAT, network address translation
http://computer.howstuffworks.com/nat.htm
http://en.wikipedia.org/wiki/NAT

http://en.wikipedia.org/wiki/WAP

I hope these site help, they are great for other questions you may have also, or terms that you don't know very well or have only heard of.
Since you do have wireless, here is some more information on how to protect yourslef with it, ZAP should be good enough, but better safe than sorry.
http://en.wikipedia.org/wiki/Wardriving (be aware of these practices)
http://www.wardriving.com/ (good site for info news and tools)
http://www.wi-fi.org/OpenSection/secure_the_network_setup.asp?TID=2

GL!
-rich
0
 
eroka00Author Commented:
Hey Rich,
Can I be your apprentice? :-)
I think you have been the person with the best answers to one of my questions - ever - and I am deeply thankful. This is because I am simply used to a different level of help and you superceeded it in every serpect of your replies. Direct, different angles of the solution and external help links. Superb.
Thank you - I will use your links to educate myself in something that I should know more about.
Yours,
Iddo (from Rotterdam, Netherlands). ;-)
0
 
Rich RumbleSecurity SamuraiCommented:
No problem, and thanks it's my pleasure.
-rich
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now