Hi All,
I'm running NIS 20.4.0.40 on my fully patched Win7 Pro laptop. I connect to the internet using a 3G cellular modem (Reliance in India). The 3G modem is connected to a Hame external 3G WiFi HotSpot Router (3GWHR). The 3GWHR broadcasts a WiFi signal and that's how my laptop gets internet.
I went to grc.com and did a Shields Up port scan. See attached file to see the detailed results. The port scan shows my Port 23 Telnet and Port 53 DNS are both open. Ouch!
I think I'm getting a dynamic IP from the ISP. Is my ISP using a NAT and am I behind that NAT?
Is this dangerous? How can I fix it? I checked the Firewall control panel and NIS is controlling my firewall, not Windows.
When I do a full system AV scan with NIS and Malwarebytes free they show no infections.
Do I need to log into my router and change something?
Anyway I can set all the ports to "Stealth"?
Need any other details? Thanks,
Advait
Before doing anything, I would suggest that you check the IP address to make sure that Shields Up is checking your router or your machine. You can drop in a little network meter from Windows gadgets for a quick check. It should show and internal IP and an external IP.
It is much better to have an all green report showing a stealthed response than a blue. The closed ports reveal the fact that a system exists, whereas stealthed is like dead air, no system at all.
From the information given below the scan results from GRC
Checking a NAT Router's WAN Security
Residential broadband "NAT" routers which allow many computers to share a single Internet connection are becoming quite popular. We love them for the security they provide to the machines placed behind them since any NAT router functions as a natural and excellent hardware firewall.
However, the Internet or "WAN" (Wide Area Network) side connection of many NAT routers and DSL gateways is not as secure as it should be. Many routers ship with web, ftp, or Telnet management ports wide open! And many are still configured with their well-known default administrative passwords. Although the router may be protecting the machines behind it, it might not be protecting itself without your deliberate closing of remote "WAN" administration ports.
ShieldsUP! automatically tests your NAT router's WAN-side security because the router's WAN IP is the single public IP that connects your internal private network to the public Internet. When a test is initiated by any system behind a NAT router, we are testing the public-side security of the router itself and not the security of the individual machines which are located behind and protected by the router.
See if you can go into your router to change those default settings.
I forgot to mention: I logged into the Hame router config web page and remote WAN side router admin is DISABLED. I looked thru all the Hame router config settings and didn't see anything about how to turn off ports like the TelNet or DNS ports.
See attached pic of one of the router setting pages. Does this provide some way of closing ports?
Also attached is another pic that shows how the WAN router admin is disabled.
Hope these are helpful. Thanks.
Hi All,
I'm running NIS 20.4.0.40 on my fully patched Win7 Pro laptop. I connect to the internet using a 3G cellular modem (Reliance in India). The 3G modem is connected to a Hame external 3G WiFi HotSpot Router (3GWHR). The 3GWHR broadcasts a WiFi signal and that's how my laptop gets internet.
I went to grc.com and did a Shields Up port scan. See attached file to see the detailed results. The port scan shows my Port 23 Telnet and Port 53 DNS are both open. Ouch!
I think I'm getting a dynamic IP from the ISP. Is my ISP using a NAT and am I behind that NAT?
Is this dangerous? How can I fix it? I checked the Firewall control panel and NIS is controlling my firewall, not Windows.
When I do a full system AV scan with NIS and Malwarebytes free they show no infections.
Do I need to log into my router and change something?
Anyway I can set all the ports to "Stealth"?
Need any other details? Thanks,
Advait
I forgot to mention that I have not changed any settings in the Norton Firewall on my Windows 7 laptop.
You are correct that Shields Up is probing your router, as seen by the IP addresses. The 192.x.x.x address is assigned to your computer by the router. The tested IP is the IP address given TO the router by your ISP.
From the System Security Settings image you gave, try enabling the option Block Port Scan.
As you are behind the router with a different IP address than what is seen by the internet, you are not as vulnerable to attack. Your main concern is to surf safely, and do not click on links in unknown emails.
[[Thanks for your reply. My replies below in brackets.]] peterweb wrote: You are correct that Shields Up is probing your router, as seen by the IP addresses. The 192.x.x.x address is assigned to your computer by the router. The tested IP is the IP address given TO the router by your ISP. [[OK, that’s what I thought and its good to make sure.]] From the System Security Settings image you gave, try enabling the option Block Port Scan. [[OK, I’ll do some more research on this. I wonder if “Block Port Scan” simply stealths the ports? I’ll research.]] As you are behind the router with a different IP address than what is seen by the internet, you are not as vulnerable to attack. Your main concern is to surf safely, and do not click on links in unknown emails. [[I always surf the web and check my gmail with my Chrome browser running SandboxIE. So my browser runs in a very good sandbox that’s deleted after every browsing session.]] [[I still have some questions: **How can I see all the port settings established by the Norton Firewall? I want to confirm the Norton Firewall has all ports closed and stealthed. Any way to do this? I’m eager to see the details. **Does the Norton Firewall stealth all ports by default? Or just close all ports? Anyone know the answers to these?]] [[Thanks!]]