xp security

I'm trying to tighten my computer security by eliminating the open
ports in my Xp pro system.

When I do a netstat -an it show the following ports listening: 25,
110, 135, 143, 1025, 1028, and 1121.

When I do a Superscan 3.0 of my computer I get these open ports: 135,
1025.

Shields Up web site www.grc.com shows I am running stealth. But, when
I bang into this site it know who I am. (Here is the information he
receives from me: 24.229.134.70.cmts.tv13.ptd.net)

Is there a way to tighten up my system more? BTW, I am running Zone
Alarm…

Thanks Hank from Pa

Hank

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Hank" <> wrote in message
news...
> I'm trying to tighten my computer security by eliminating the open
> ports in my Xp pro system.
>
> When I do a netstat -an it show the following ports listening: 25,
> 110, 135, 143, 1025, 1028, and 1121.
>
> When I do a Superscan 3.0 of my computer I get these open ports: 135,
> 1025.
>
> Shields Up web site www.grc.com shows I am running stealth. But, when
> I bang into this site it know who I am. (Here is the information he
> receives from me: 24.229.134.70.cmts.tv13.ptd.net)
>
> Is there a way to tighten up my system more? BTW, I am running Zone
> Alarm.

I'd like to know more about this myself, so here's my take on this, please
feel free to correct ( I think it's gonna need it :/ ) :

The ports you found to be 'listening' would be stealthed from an 'internet
perspective', with your firewall running. www grc com is making external
probes to your computer, but is finding nothing, because the firewall is
'hiding' (for want of a better word) those ports from the scan. It is most
likely 'dropping' the packets sent from www grc com. What this means to me
is that the packets sent from www grc com are being blocked, but www grc
com is not 'informed' of this, and so concludes that no port exists there.
( I think I may be in trouble now ...)

The ports are still there, listening away, as 'netstat' discovered, but
they can't be connected to because the firewall is making them 'deaf' to
the outside world (internet). Of course, you can allow whatever ports you
want, to be 'visible' to scans, and of course the whole Internet, by
setting up rules in your firewall to do this. Chances are www grc com would
then detect them as OPEN.

You have ports 110 (pop3) and 25 (smtp) open it would appear. Do you have
anti-virus software that checks your mail as it's downloaded running ?
Might explain the 110 ... Or are you running a mail server ?

As for www grc com getting your IP address, you may notice that the
'http://' changes to 'https://' at the start of their web address when you
start the scan. If you read the site again, it'll tell you why this
happens, and how it is used to determine an IP address.

Corrections and additions most welcome.

Regards,

Pete.

- --
'War doesn't prove who's right, just who's left.'

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBP6frUPYt+hJ+PYFrEQJvmgCgsOk4ERfEQ3ou+S9m3S/fBJ5Tst4AniXg
g+/1Q02xPg/+W683vGy2c2id
=KNJq
-----END PGP SIGNATURE-----

Pete-X

In article <>,
says...
> I'm trying to tighten my computer security by eliminating the open
> ports in my Xp pro system.
>
> When I do a netstat -an it show the following ports listening: 25,
> 110, 135, 143, 1025, 1028, and 1121.
>
> When I do a Superscan 3.0 of my computer I get these open ports: 135,
> 1025.
>
> Shields Up web site www.grc.com shows I am running stealth. But, when
> I bang into this site it know who I am. (Here is the information he
> receives from me: 24.229.134.70.cmts.tv13.ptd.net)
>
> Is there a way to tighten up my system more? BTW, I am running Zone
> Alarm?
>
> Thanks Hank from Pa
>
>
>
>


Most of these online tests give false readings concerning port mapping.
The ports you see open *could be* filters from your ISP, blocking
attempts to connect to mail servers, http servers, etc. that break your
ToS with the ISP. As for 24.229.134.70.cmts.tv13.ptd.net, that is your
host mask, a reverse dns of your IP address, which is 24.229.134.70,
this *needs* to be sent "somewhere". In your case, you're not using a
proxy, therefore, it is sent. *If* you were to use a proxy, you'd be
able to block websites from seeing your IP address and from connecting
directly to your computer.


--
Colonel Flagg
http://www.internetwarzone.org/

Privacy at a click:
http://www.cotse.net

Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."

"...I see stupid people."

Colonel Flagg

Yes, I have anti-virus (avast) checking my email....
Thanks for your input.

Hank from pa


On Tue, 4 Nov 2003 18:09:22 -0000, "Pete-X" <> wrote:

>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>"Hank" <> wrote in message
>news.. .
>> I'm trying to tighten my computer security by eliminating the open
>> ports in my Xp pro system.
>>
>> When I do a netstat -an it show the following ports listening: 25,
>> 110, 135, 143, 1025, 1028, and 1121.
>>
>> When I do a Superscan 3.0 of my computer I get these open ports: 135,
>> 1025.
>>
>> Shields Up web site www.grc.com shows I am running stealth. But, when
>> I bang into this site it know who I am. (Here is the information he
>> receives from me: 24.229.134.70.cmts.tv13.ptd.net)
>>
>> Is there a way to tighten up my system more? BTW, I am running Zone
>> Alarm.
>
>I'd like to know more about this myself, so here's my take on this, please
>feel free to correct ( I think it's gonna need it :/ ) :
>
>The ports you found to be 'listening' would be stealthed from an 'internet
>perspective', with your firewall running. www grc com is making external
>probes to your computer, but is finding nothing, because the firewall is
>'hiding' (for want of a better word) those ports from the scan. It is most
>likely 'dropping' the packets sent from www grc com. What this means to me
>is that the packets sent from www grc com are being blocked, but www grc
>com is not 'informed' of this, and so concludes that no port exists there.
>( I think I may be in trouble now ...)
>
>The ports are still there, listening away, as 'netstat' discovered, but
>they can't be connected to because the firewall is making them 'deaf' to
>the outside world (internet). Of course, you can allow whatever ports you
>want, to be 'visible' to scans, and of course the whole Internet, by
>setting up rules in your firewall to do this. Chances are www grc com would
>then detect them as OPEN.
>
>You have ports 110 (pop3) and 25 (smtp) open it would appear. Do you have
>anti-virus software that checks your mail as it's downloaded running ?
>Might explain the 110 ... Or are you running a mail server ?
>
>As for www grc com getting your IP address, you may notice that the
>'http://' changes to 'https://' at the start of their web address when you
>start the scan. If you read the site again, it'll tell you why this
>happens, and how it is used to determine an IP address.
>
>Corrections and additions most welcome.
>
>Regards,
>
>Pete.

Hank

Thanks for all the info... I need more studding time on this huge
subject.

Hank from pa

On Tue, 4 Nov 2003 20:34:57 -0500, Colonel Flagg
<> wrote:

>In article <>,
>says...
>> I'm trying to tighten my computer security by eliminating the open
>> ports in my Xp pro system.
>>
>> When I do a netstat -an it show the following ports listening: 25,
>> 110, 135, 143, 1025, 1028, and 1121.
>>
>> When I do a Superscan 3.0 of my computer I get these open ports: 135,
>> 1025.
>>
>> Shields Up web site www.grc.com shows I am running stealth. But, when
>> I bang into this site it know who I am. (Here is the information he
>> receives from me: 24.229.134.70.cmts.tv13.ptd.net)
>>
>> Is there a way to tighten up my system more? BTW, I am running Zone
>> Alarm?
>>
>> Thanks Hank from Pa
>>
>>
>>
>>
>
>
>Most of these online tests give false readings concerning port mapping.
>The ports you see open *could be* filters from your ISP, blocking
>attempts to connect to mail servers, http servers, etc. that break your
>ToS with the ISP. As for 24.229.134.70.cmts.tv13.ptd.net, that is your
>host mask, a reverse dns of your IP address, which is 24.229.134.70,
>this *needs* to be sent "somewhere". In your case, you're not using a
>proxy, therefore, it is sent. *If* you were to use a proxy, you'd be
>able to block websites from seeing your IP address and from connecting
>directly to your computer.

Hank

Hank wrote:

> Is there a way to tighten up my system more?

Yes. Install Linux.


--
-=-=-=-=-=-=-=-=-=Atr2-WBS @ Atr2.Ath.Cx=-=-=-=-=-=-=-=-=-
Mod-SSL / PGP Key / CA Onsite
-{jayjwa} Was I helpful? https://atr2.ath.cx/affero.php
Contact: https://atr2.ath.cx/cgi-bin/ping-jay.cgi
or finger, same name & domain, for plan, projects, $ PGP

Who We Are: https://atr2.ath.cx/who-we-are.html
=-=-=Linux Tough.Powered By Slackware=-=HTTPS/FTP=-RLF#37=

@micro$oft.com

In article <>, "@micro$oft.com"
<""billyboi\"@micro$oft.com"> says...
> Hank wrote:
>
> > Is there a way to tighten up my system more?
>
> Yes. Install Linux.

Installing Linux would be just as bad, it has many security holes too.

Get a router with NAT for your cable/dsl connection and you will be much
better off as a FIRST layer.



--
--

(Remove 999 to reply to me)

Leythos

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Leythos" <> wrote in message
news:...
> In article <>, "@micro$oft.com"
> <""billyboi\"@micro$oft.com"> says...
> > Hank wrote:
> >
> > > Is there a way to tighten up my system more?
> >
> > Yes. Install Linux.
>
> Installing Linux would be just as bad, it has many security holes too.
>
> Get a router with NAT for your cable/dsl connection and you will be much
> better off as a FIRST layer.

Well said Mark. Nice to see someone daring to go 'against the grain' for
once. Besides, it's the end users that often compromise security rather
than the fact that they're running 'whatever' OS.

NAT router from Belkin, Linksys etc would IMO give a user 'breathing space'
to sort out other layers of security. Or, if you have an old PC lying
around, whack a couple of NIC's (Network Interface Cards) in it, set up ICS
(Internet Connection Sharing) with a decent (Kerio, Sygate etc) firewall on
this 'gateway' PC, connect it to your main PC with a crossover cable, and
you have much the same thing, but it will be infinitely more expandable and
versatile. You can also try out Linux on this 'gateway' PC, and see which
you prefer.

For simplicity and speed, I think your NAT router suggestion comes out on
top.

Regards,

Pete.

- --
'War doesn't prove who's right, just who's left.'



-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBP6kthPYt+hJ+PYFrEQJc9QCg4/29lZjWmlBujJlpbBOQdyqOpzIAn2Je
Ie0ThnKlaN69JSHZhWuhHk2e
=Vlmp
-----END PGP SIGNATURE-----

Pete-X

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Pete-X" <> wrote in message
news:RL2dnYVPHPYRsDSiRVn-...

> NAT router from Belkin, Linksys etc would IMO give a user 'breathing
> space' to sort out other layers of security. Or, if you have an old PC
> lying
> around, whack a couple of NIC's (Network Interface Cards) in it, set up
> ICS (Internet Connection Sharing) with a decent (Kerio, Sygate etc)
> firewall on this 'gateway' PC, connect it to your main PC with a
> crossover cable, and you have much the same thing, but it will be
> infinitely more expandable and versatile. You can also try out Linux on
> this 'gateway' PC, and see which you prefer.

To clarify what I said, by 'you', I was referring to 'anyone' .

My other suggestion is a bit more work than installing a hardware router,
but I find it works well for me. My current setup looks something like this
:

main pc --- gateway pc + firewall --- modem --- Internet

My 'gateway' PC has two NIC's in it. One to connect to 'main pc', via a
'crossover' cable, and the other to my modem. I can switch OS's on this
gateway PC if and when I choose. Currently it's a fully patched up and
tweaked Win2000 SP4 install running ICS, with Kerio Personal Firewall ( 'Is
Running On Internet Gateway' mode selected) holding the fort. Ideally, I'd
like to change the firewall to WinRoute Firewall 5 from Kerio, when and if
funds allow ... :/

To add more computers to my home network, I'd most likely buy a 'hub'. It
might then look something like this ( sorry if this wraps ) :

pc1----
|
pc2--------hub --- gateway pc + firewall --- modem --- Internet
|
pc3----


My main PC has F-PROT anti-virus protection, and another install of Kerio
Personal Firewall.

So far ... so good. AFAIK ...

Regards,

Pete.

- --
'War doesn't prove who's right, just who's left.'


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBP6k3l/Yt+hJ+PYFrEQIjeACfWB61YvEa6j0xT7P3S5SjN/KjJUcAoKCw
t6ZGwgzciHk10olS5xdgEAnE
=GaRL
-----END PGP SIGNATURE-----

Pete-X

"Pete-X" <> wrote in message
news:GeOdnU5dlrICqjSiRVn-...
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> "Pete-X" <> wrote in message
> news:RL2dnYVPHPYRsDSiRVn-...
>
> > NAT router from Belkin, Linksys etc would IMO give a user 'breathing
> > space' to sort out other layers of security. Or, if you have an old PC
> > lying
> > around, whack a couple of NIC's (Network Interface Cards) in it, set up
> > ICS (Internet Connection Sharing) with a decent (Kerio, Sygate etc)
> > firewall on this 'gateway' PC, connect it to your main PC with a
> > crossover cable, and you have much the same thing, but it will be
> > infinitely more expandable and versatile. You can also try out Linux on
> > this 'gateway' PC, and see which you prefer.
>
> To clarify what I said, by 'you', I was referring to 'anyone' .
>
> My other suggestion is a bit more work than installing a hardware router,
> but I find it works well for me. My current setup looks something like
this
> :
>
> main pc --- gateway pc + firewall --- modem --- Internet
>
> My 'gateway' PC has two NIC's in it. One to connect to 'main pc', via a
> 'crossover' cable, and the other to my modem. I can switch OS's on this
> gateway PC if and when I choose. Currently it's a fully patched up and
> tweaked Win2000 SP4 install running ICS, with Kerio Personal Firewall (
'Is
> Running On Internet Gateway' mode selected) holding the fort. Ideally, I'd
> like to change the firewall to WinRoute Firewall 5 from Kerio, when and if
> funds allow ... :/
>
> To add more computers to my home network, I'd most likely buy a 'hub'. It
> might then look something like this ( sorry if this wraps ) :
>
> pc1----
> |
> pc2--------hub --- gateway pc + firewall --- modem --- Internet
> |
> pc3----
>
>
> My main PC has F-PROT anti-virus protection, and another install of Kerio
> Personal Firewall.
>
> So far ... so good. AFAIK ...
>
> Regards,
>
> Pete.

Interesting, right now I have this set up:

Linux PC----
----Router ----Cable Modem ---Internet
XPPRo PC--

Would I gain anything by using that linux box as a gateway PC and adding
another NIC to it? I have an F-secure firewall running on the XP box,
nothing on the Linux box as it is only used for web surfing by my son, and
no valuable data on it at all...

john

Ernest T. Bass