I'm running NIS 20.4.0.40 on my fully patched Win7 Pro laptop. I connect to the internet using a 3G cellular modem (Reliance in India). The 3G modem is connected to a Hame external 3G WiFi HotSpot Router (3GWHR). The 3GWHR broadcasts a WiFi signal and that's how my laptop gets internet.
I went to grc.com and did a Shields Up port scan. See attached file to see the detailed results. The port scan shows my Port 23 Telnet and Port 53 DNS are both open. Ouch!
I think I'm getting a dynamic IP from the ISP. Is my ISP using a NAT and am I behind that NAT?
Is this dangerous? How can I fix it? I checked the Firewall control panel and NIS is controlling my firewall, not Windows.
When I do a full system AV scan with NIS and Malwarebytes free they show no infections.
Do I need to log into my router and change something?
Before doing anything, I would suggest that you check the IP address to make sure that Shields Up is checking your router or your machine. You can drop in a little network meter from Windows gadgets for a quick check. It should show and internal IP and an external IP.
It is much better to have an all green report showing a stealthed response than a blue. The closed ports reveal the fact that a system exists, whereas stealthed is like dead air, no system at all.
From the information given below the scan results from GRC
Checking a NAT Router's WAN Security Residential broadband "NAT" routers which allow many computers to share a single Internet connection are becoming quite popular. We love them for the security they provide to the machines placed behind them since any NAT router functions as a natural and excellent hardware firewall.
However, the Internet or "WAN" (Wide Area Network) side connection of many NAT routers and DSL gateways is not as secure as it should be. Many routers ship with web, ftp, or Telnet management ports wide open! And many are still configured with their well-known default administrative passwords. Although the router may be protecting the machines behind it, it might not be protecting itself without your deliberate closing of remote "WAN" administration ports.
ShieldsUP! automatically tests your NAT router's WAN-side security because the router's WAN IP is the single public IP that connects your internal private network to the public Internet. When a test is initiated by any system behind a NAT router, we are testing the public-side security of the router itself and not the security of the individual machines which are located behind and protected by the router.
See if you can go into your router to change those default settings.
So I guess this means that Shields Up is just testing my router and not my actual Windows 7 computer. Remember that I'm using a Hame-R1 3G Wifi Hotspot router. My 3G cellular modem plugs into the router and then the router broadcasts a wifi signal and my laptop connects to the wifi and that's how I get internet.
Questions:
Am I correct in assuming that the Norton Firewall is giving me good protection so I don't have to worry if some ports are open on the router?
Are the ports open on my Hame router or on the ISP router? Sorry for this stupid question but I'm new to all this networking stuff.
If the router (WAN side) has opened some ports but the Norton Firewall has them closed on my laptop, then am I safe?
Is there some way to confirm that the Norton Firewall has closed or stealthed ports 23 and 53?
Is there some way to find out which ports (if any) the Norton Firewall has opened?
I'm assuming the Norton Firewall is smart enough to keep all ports stealthed or at least closed. Is this assumption correct?
Does the Norton Firewall stealth all ports by default? Or just close all ports?
I'm now researching how to configure the firewall ports on the router but that will take me more time to research. If anyone can answer these questions that will be a big help. Thanks!]]
You can drop in a little network meter from Windows gadgets for a quick check. It should show and internal IP and an external IP.
It is much better to have an all green report showing a stealthed response than a blue. The closed ports reveal the fact that a system exists, whereas stealthed is like dead air, no system at all.
I forgot to mention: I logged into the Hame router config web page and remote WAN side router admin is DISABLED. I looked thru all the Hame router config settings and didn't see anything about how to turn off ports like the TelNet or DNS ports.
See attached pic of one of the router setting pages. Does this provide some way of closing ports?
Also attached is another pic that shows how the WAN router admin is disabled.
I'm running NIS 20.4.0.40 on my fully patched Win7 Pro laptop. I connect to the internet using a 3G cellular modem (Reliance in India). The 3G modem is connected to a Hame external 3G WiFi HotSpot Router (3GWHR). The 3GWHR broadcasts a WiFi signal and that's how my laptop gets internet.
I went to grc.com and did a Shields Up port scan. See attached file to see the detailed results. The port scan shows my Port 23 Telnet and Port 53 DNS are both open. Ouch!
I think I'm getting a dynamic IP from the ISP. Is my ISP using a NAT and am I behind that NAT?
Is this dangerous? How can I fix it? I checked the Firewall control panel and NIS is controlling my firewall, not Windows.
When I do a full system AV scan with NIS and Malwarebytes free they show no infections.
Do I need to log into my router and change something?
You are correct that Shields Up is probing your router, as seen by the IP addresses. The 192.x.x.x address is assigned to your computer by the router. The tested IP is the IP address given TO the router by your ISP.
From the System Security Settings image you gave, try enabling the option Block Port Scan.
As you are behind the router with a different IP address than what is seen by the internet, you are not as vulnerable to attack. Your main concern is to surf safely, and do not click on links in unknown emails.
[[Thanks for your reply. My replies below in brackets.]] peterweb wrote: You are correct that Shields Up is probing your router, as seen by the IP addresses. The 192.x.x.x address is assigned to your computer by the router. The tested IP is the IP address given TO the router by your ISP. [[OK, that’s what I thought and its good to make sure.]] From the System Security Settings image you gave, try enabling the option Block Port Scan. [[OK, I’ll do some more research on this. I wonder if “Block Port Scan” simply stealths the ports? I’ll research.]] As you are behind the router with a different IP address than what is seen by the internet, you are not as vulnerable to attack. Your main concern is to surf safely, and do not click on links in unknown emails. [[I always surf the web and check my gmail with my Chrome browser running SandboxIE. So my browser runs in a very good sandbox that’s deleted after every browsing session.]] [[I still have some questions: **How can I see all the port settings established by the Norton Firewall? I want to confirm the Norton Firewall has all ports closed and stealthed. Any way to do this? I’m eager to see the details. **Does the Norton Firewall stealth all ports by default? Or just close all ports? Anyone know the answers to these?]] [[Thanks!]]
[[Thanks for your reply. My replies below in brackets.]]
peterweb wrote: You are correct that Shields Up is probing your router, as seen by the IP addresses. The 192.x.x.x address is assigned to your computer by the router. The tested IP is the IP address given TO the router by your ISP.
[[OK, that's what I thought and its good to make sure.]]
From the System Security Settings image you gave, try enabling the option Block Port Scan.
[[OK, I'll do some more research on this. I wonder if "Block Port Scan" simply stealths the ports? I'll research.]]
As you are behind the router with a different IP address than what is seen by the internet, you are not as vulnerable to attack. Your main concern is to surf safely, and do not click on links in unknown emails.
[[I always surf the web and check my gmail with my Chrome browser running SandboxIE. So my browser runs in a very good sandbox that's deleted after every browsing session.]]
[[I still have some questions: **How can I see all the port settings established by the Norton Firewall? I want to confirm the Norton Firewall has all ports closed and stealthed. Any way to do this? I'm eager to see the details. **Does the Norton Firewall stealth all ports by default? Or just close all ports? Anyone know the answers to these?]]
