Should and HOW do I close a port in ZoneAlarm Pro 5.5 (following a port scan)?

Posted on 2005-05-07
Last Modified: 2013-12-04
I ran a port scan in Shields Up website ( and at In both cases I get a result that my port 22 is dangerously open.

1. How can I find out what software opened up that port? It used to be safe (I would get 100% Stealth mode results).

2. How do I deal with this? Should I close it manually via ZoneAlarm or do something else?

3. If closing it manually is indeed the only way to go about it - HOW do I do that ZoneAlarm Pro 5.5?

4. Bonus: some p2p software (like eMule) suggest we open ports for that software. Is that safe? Can you do that without compromising your system's safety? Can you open a port without losing Stealth mode in such port scanning tests?

Question by:eroka00

    Author Comment

    I tried blocking both the incoming and outgoing both TCP and UDP for port 22 via my ZoneAlarm (Firelwall - Main - Trusted/Internet Zones - Medium Security) but it made NO effect - I still fail those tests.

    When I ran "netstat -b" it showed NO application that has opened port 22.

    So I know now how to open/block the ports (q. 3 above).

    Can anyone explain what is going on with my PC?... :-(
    LVL 38

    Expert Comment

    by:Rich Rumble
    There can be false positives on a site such as ... something you need to check is if your ISP is NAT'ing you out a different address than what your PC actually has.
    There are many cable/dsl ISP's that will give your computer an ip in a private, non-routable subnet, as in the RFC 1918 (10.x.x.x 192.168.x.x or 172.16.x.x)
    So do this, go to a cmd prompt, and type "ipconfig -all" and see if your IP matches that of what shields up says it's scanning. If there is no match, then GRC is scanning your modem/router, which unless you purchased yourself, there probably is no way you can control the ssh port being open or closed, as your ISP probably uses it for administering your modem. You can also do the ipconfig -all and visit "" to see if your IP's match.

    Again, if they do not match what ipconfig and what grc or whatismyip say then ZAP will not be able to close the ports. If they do match, ZAP should definatly be able to close the SSH port, but since a netstat did not show any app's listening on port 22, then it's probably because your being NAT'd which is good as nat has great security by default. I wouldn't worry about the port being open, unless it is in fact coming from your PC.

    On to your P2P quesion. When you go to a page like, your telling your firewall-router-modem that you'd like to establish a connection to Your equipment recognizes your request, and says, sure go ahead, and we will let that site sned you info/data once you've contacted them first. So your packest go out, and connect to google, and google sends some data back to your browser so you can start your search. This is an established connection.
    P2P is no different... but if you want to SHARE what you have, you must open those ports, or some port to use. But if your just DL'ing from others, you don't need any port's open what-so-ever. Your able to search what others have, then make or establish connections with others, because they have their P2P port's open so that folks can DL what they want.

    Author Comment

    I see...

    OK - results (as you have been a superb help by now and I truly thank you for your contribution): says:
    ipconfig -all says: says (note this):
    Your external IP address ( is always exposed to the internet, if it wasn't, you wouldn't be able to visit sites.  On the other hand, your internal IP address ( should be protected and not be obtainable by websites.

    So - what does this teach me?
    As I understand - and let's see if I learnt the lesson of the day - I am behind a NAT (router?) and so I cannot do anything about the open router. I DO have a wireless router. I thought it was from it - but then - now I am not sure so if you can clear this for me - if I have my PC, a wireless router and then a NAT router - would the reuslts make sense?

    As for the eMuke question - I am told I have "a low ID" - so I download slowly.
    So how can I ehnace my speed over the P2P networks?

    I would be happy to give you points even now - is it OK igf I grant them after your response...? ;-)
    LVL 38

    Accepted Solution

    The only way a site would be able to see anything on your wireless connection is if was using wireless to scan your PC, there's not much difference, except the data is sent through the air, rather than a wire. So unless your a few hundred feet from and it was doing wireless scanning...
    Again, since your are indeed nat'd, you cannot close the port on the router, and your protected as good as can be expected, espically if running ZAP properly, which I think you are.
    The thing to fully understand is NAT, network address translation

    I hope these site help, they are great for other questions you may have also, or terms that you don't know very well or have only heard of.
    Since you do have wireless, here is some more information on how to protect yourslef with it, ZAP should be good enough, but better safe than sorry. (be aware of these practices) (good site for info news and tools)


    Author Comment

    Hey Rich,
    Can I be your apprentice? :-)
    I think you have been the person with the best answers to one of my questions - ever - and I am deeply thankful. This is because I am simply used to a different level of help and you superceeded it in every serpect of your replies. Direct, different angles of the solution and external help links. Superb.
    Thank you - I will use your links to educate myself in something that I should know more about.
    Iddo (from Rotterdam, Netherlands). ;-)
    LVL 38

    Expert Comment

    by:Rich Rumble
    No problem, and thanks it's my pleasure.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
    In a recent article here at Experts Exchange (, I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now