Apologies if this has already been answered but I didn't see one like this when I looked through the forum.
I've recently run a scan with GRC that listed my ports 1025-1027 and ports 1031-1032 as open. The Symantec Trojan scan verifies these ports as open as well. I am using NIS 2011, do not have a router but use a direct connection (as provided by my apartment complex), and have even told the Norton Firewall to specifically block these ports.
Using TCPView I found that the following processes were using these ports.
My questions here are: Should I be concerned that these ports are listening? Is there a way to stealth, or at least close these ports?
Hi cubefreak123.
Check the IP address that is being reported by GRC against the IP address shown in Windows, which you can find by following the instructions here:
http://kb.iu.edu/data/aapa.html
If they are not the same, then GRC is giving you information about the gateway that the apartments in your complex share. I suspect this is the case and as long as you have the Norton Smart Firewall set to its defaults those ports are stealthed when not in use, but you will not be able to confirm that using online portscans like Shields Up.
Thank you for responding, I was starting to get a little worried.
Unfortunately the two ip addresses were the same. I do have VMWare installed on my computer, if it makes a difference. The IP addresses for the network adapters show up in ipconfig but they're not what is tested in GRC.
Also, I'm running Win 7 Home Premium SP 1.
cubefreak123 wrote:
Unfortunately the two ip addresses were the same. The IP addresses for the network adapters show up in ipconfig but they're not what is tested in GRC.
Which IP addresses are the same? Is your PC assigned an IP address in one of these ranges of private IP addresses?
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255
My IP is [Removed]and the gateway is[Removed]. GRC checked my specific IP address.
Oddly enough, I just ran the TCPViewer again the open ports in question all were listening on the default network (0.0.0.0).
[edit: Please do not post identifying information per the Participation Guidelines and Terms of Service.]
Those IP addresses are assigned to Pavlov Media, which provides internet access to apartment complexes. Looking at the Terms of Service, Pavlov provides a Local Area Network to its users which is why GRC is unable to directly check your PC - it is behind a gateway set up by Pavlov. You are actually connected to the Pavlov network, rather than directly to the internet.
So I don't have anything to worry about then? I'm really paranoid when it comes to guarding my computer.
Hi, cubefreak123,
Please could you do a Symantec Security Scan, and let us know what the Results are. Here is the Web Link: http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&plfid=23&pkj=WNQPJMRDOLLNKSGGNOL&bhcp=1. Thanks!
-------------
It's the one with the orange background with the padlock - please click on that one - and not on the "New" Security Scan.
Red,
I ran the scan and the Hacker Exposure Check and Windows Vulnerability check came up as Safe, while all of the ports were stealthed except for the following:
Have you rebooted since finding these open ports?
Yes, I have rebooted since finding these open ports but they are still shown as "open". Ports 1028, 1029 are still stealthed.
This is the TCPView from today:
Hi cubefreak123,
Not being real familiar with the LAN that Pavlov sets up, I'm not certain how GRC is seeing these open ports. Try the solution authored by dbrisendine in the following thread to see if you have similar results.
http://community.norton.com/t5/Norton-Internet-Security-Norton/TCP-Port-1025-is-not-being-blocked-by-NIS-2009/m-p/107153/message-uid/107153/highlight/true#U107153
That seems to have done it. I already had a similar rule but I did not check the box that applied it to NAT traversal. After checking that box I ran ShieldsUp again and the ports came up as stealthed.
Thank you very much!