Results 1 to 8 of 8

Thread: sg port scanner??? HELP, INPUT ??????

  1. #1
    Regular Member Mopwr2u1's Avatar
    Join Date
    Dec 2002
    Posts
    266

    Exclamation sg port scanner??? HELP, INPUT ??????

    if I forward a port from my computer which is behind a dlink DI-604 router shouldnt it show up in the scan??
    and if i put my computer in the dmz shouldn't all the ports be open??
    I am forced to have to use win 98 right now no firewall other than the router also in win 98 I am able to send and recieve tcp packets through the port forwarding and dmz but udp packets are not allowed through either am I missing something here ??

    also If ya could look at these and see what i mean by the first statement

    Scanning c-67-XXX-XXX-1XX.client.comcast.net (67.XXX.XXX.1XX):
    (The 24 ports scanned but not shown below are in state: closed)
    Port Status Service Description
    20/udp filtered ftp-data
    21/udp filtered ftp FSP/FTP
    22/udp filtered ssh Old verson of PC-Anywhere.
    49/udp filtered tacacs Login Host Protocol (TACACS)
    53/udp filtered domain DNS (Domain Name Service) is used for domain name resolution.
    67/udp filtered dhcpserver Bootstrap protocol server. Used by DHCP servers to communicate addressing information to remote DHCP clients.
    68/udp filtered dhcpclient Bootstrap protocol client. Used by client machines to obtain dynamic IP addressing information from a DHCP server.
    69/udp filtered tftp Trivial File Transfer Protocol - A less secure version of FTP, generally used in maintaining and updating systems, for configuration file transfers between LAN systems, firmware updates on routers, etc.
    88/udp filtered kerberos-sec KDC (Kerberos key distribution center) server.
    99/udp filtered metagram metagram relay, gnutella?
    110/udp filtered pop-3 POP3 server traffic (should be TCP only?)
    111/udp filtered sunrpc Provides information between Unix based systems. Port is often probed, it can be used to fingerprint the Nix OS, and to obtain information about available services.

    Also NFS, NIS, or any rpc-based service.
    113/udp filtered auth Port 113 used for Identification/Authorization service. When a client program on your end contacts a remote server for services such as POP, IMAP, SMTP, IRC, FTP, etc. that remote server sends back a query to the IDENT port 113 asking for identification from your system...

    Port 113 can be probed by attackers and it poses some security concerns, but the problem with filtering/stealthing port 113 is that if legitimate requests get no response at all from port 113 queries, the connection to them (which initiated their query in the first place) will be delayed or perhaps even completely abandoned.

    The simplest solution is to close, rather than filter port 113.
    119/udp filtered nntp NNTP (Network News Transfer Protocol) control messages.
    123/udp filtered ntp Network Time Protocol (NTP)
    137/tcp filtered netbios-ns NetBIOS is a protocol used for File and Print Sharing under all current versions of Windows. While this in itself is not a problem, the way that the protocol is implemented can be.

    By default, when File and Print Sharing is enabled it binds to everything, including TCP/IP (The Internet Protocol), rather than just the local network, meaning your shared resources are available over the entire Internet for reading and deletion, unless configured properly. Any machine with NetBIOS enabled should be considered a risk. The best protection is to turn it off completely. If you must enable it, use the following guidelines:

    1. Use strong passwords, containing non-alphanumeric characters.
    2. Attach "$" at the end of your share names (the casual snooper using net view might not see them).
    3. Unbind File and Print Sharing from TCP/IP and use NetBEUI instead (it's a non-routable protocol).

    Keep in mind that you can still be leaking out information about your system that can be used against you to the entire Internet, such as your computer and workgroup names.

    The following trojans/backdoors also use these ports: Chode, God Message worm, Msinit, Netlog, Network, Qaz
    137/udp filtered netbios-ns same as port 137/tcp
    138/tcp filtered netbios-dgm same as port 137/tcp
    138/udp filtered netbios-dgm same as port 137/tcp
    139/tcp filtered netbios-ssn same as port 137/tcp
    139/udp filtered netbios-ssn same as port 137/tcp
    143/udp filtered imap2 IMAP
    161/udp filtered snmp Simple network management protocol (SNMP). Used by various devices and applications (including firewalls and routers) to communicate logging and management information with remote monitoring applications.

    Typically, SNMP agents listen on UDP port 161, asynchronous traps are received on port 162.
    162/udp filtered snmptrap same as port 161/udp
    1025/udp filtered blackjack Ports > 1024 are designated for dynamic allocation by Windows. When programs ask for the "next available" socket, they usually get sequential ports starting at 1025.
    1026/udp filtered unknown same as port 1025/udp
    1027/udp filtered unknown same as port 1025/udp
    1028/udp filtered ms-lsa same as port 1025/udp
    1029/udp filtered unknown same as port 1025/udp
    1863/udp filtered unknown Port used by MSN Messenger
    5678/udp filtered unknown Port used by Linksys (and other) Cable/DSL Routers Remote Administration

    Vulnerable systems: Linksys Cable/DSL version 1.42.7 (BEFSR11 / BEFSR41 / BEFSRU31)
    Immune systems: Linksys Cable/DSL versions prior to 1.42.7 (BEFSR11 / BEFSR41 / BEFSRU31)

    27374/udp filtered unknown SubSeven Trojan horse (TCP). Also used as a backdoor port left behind by exploit scripts, such as those in the Ramen worm. While some scans for this port may be due to SubSeven, others may be looking for a remote shell.

    Some other trojan horses/backdoors that use this port: Bad Blood, Ramen, Seeker, SubSeven (many versions), Ttfloader
    Total scanned ports: 56
    Open ports: 0
    Closed ports: 24
    Filtered ports: 32
    Login (or register) for a more complete security scan.
    Our Security Scan found NO open ports.

    That is in DMZ zone on the router ^^^^^^^^^



    Scanning c-67-XXX-XXX-XXX.client.comcast.net (67.XXX.XXX.XXX):
    (The 52 ports scanned but not shown below are in state: filtered)
    Port Status Service Description
    23/tcp closed telnet Telnet is one of the oldest Internet protocols and the most popular program for remote access to Unix machines. It has numerous security vulnerabilities.
    53/tcp closed domain DNS (Domain Name Service) is used for domain name resolution.
    113/tcp closed auth Port 113 used for Identification/Authorization service. When a client program on your end contacts a remote server for services such as POP, IMAP, SMTP, IRC, FTP, etc. that remote server sends back a query to the IDENT port 113 asking for identification from your system...

    Port 113 can be probed by attackers and it poses some security concerns, but the problem with filtering/stealthing port 113 is that if legitimate requests get no response at all from port 113 queries, the connection to them (which initiated their query in the first place) will be delayed or perhaps even completely abandoned.

    The simplest solution is to close, rather than filter port 113.
    5000/tcp closed UPnP Universal Plug and Pray (Windows Me/XP) - "Universal Plug and Play (UPnP) is an architecture in Microsoft Windows Millennium Edition (Me) that supports peer-to-peer Plug and Play functionality for network devices." MSKB - Universal PnP

    UPnP should be disabled unless necessary, there are known vulnerabilities with it.

    Also, the following Trojan Horses use this port: Back Door Setup, Blazer5, Bubbel, ICKiller, Ra1d, Sockets des Troie
    Total scanned ports: 56
    Open ports: 0
    Closed ports: 4
    Filtered ports: 52
    Login (or register) for a more complete security scan.
    Our Security Scan found NO open ports.

    This is DMZ off (or out ) ports forwarded now my puter ip is not the XXX that is my cable modem my ip is 192.168.0.100

    Any coments appreciated criticism welcomed also


    Last edited by Mopwr2u1; 05-10-03 at 12:46 PM.

  2. #2
    Regular Member Mopwr2u1's Avatar
    Join Date
    Dec 2002
    Posts
    266
    Come on 17 views and not 1 comment even a sorry no idea would be ok !!!!!!!


    The reason I am wondering is yesterday I set a buddy's puter up dlink router comcast cable (XP pro) and pow hey was all good on the UDP and TCP send and recieves so I was wondering since I am on 98 that cause it ?? maybe my modem does He has a surfboard 4100 I got RCA DCM-305 ! I leave it at that till I hopefully get a response even a link saying here go look for yourself would be good I don't mind trying to solve my own situations

    Ok thanks guys don't mean to sound pushy or ungrateful

  3. #3
    New Member
    Join Date
    May 2003
    Location
    Dallas, TX
    Posts
    17
    .
    Last edited by ekephart; 05-08-07 at 11:28 AM.
    The bottleneck is local...

  4. #4
    Regular Member Mopwr2u1's Avatar
    Join Date
    Dec 2002
    Posts
    266
    real simply i open the ports on my router and this program i run needs a udp and a tcp port I set it. tcp go through but not udp so i think the router is blocking udp some how so i put my computer in the dmz still i cannot send or recieve udp packets so I do a port scan in dmz and it has the ports listed as filtered so why is that ?? I have no firewall other than the router

    I had to go to win 98 was running xp does 98 not allow udp ports??
    do I need some other protocol in my network other than tcp/ip to be able to send and recieve udp packets??

  5. #5
    New Member
    Join Date
    May 2003
    Location
    Dallas, TX
    Posts
    17
    .
    Last edited by ekephart; 05-08-07 at 11:28 AM.
    The bottleneck is local...

  6. #6
    Regular Member Mopwr2u1's Avatar
    Join Date
    Dec 2002
    Posts
    266
    ok then why when im in the DMZ zone it supposed to be wide open does it not let UDP come and go seems to still block them??

  7. #7
    New Member
    Join Date
    May 2003
    Location
    Dallas, TX
    Posts
    17
    .
    Last edited by ekephart; 05-08-07 at 11:28 AM.
    The bottleneck is local...

  8. #8
    Regular Member Mopwr2u1's Avatar
    Join Date
    Dec 2002
    Posts
    266
    ok its configured like this I have a tcp port set to virtual server and I have a udp port set to virtual server and the ip of my computer for the ip in the settings.
    so even when Im in the DMZ i still have a firewall in between me and the internet so whats the purpose of the DMZ dlink said it was unprotected in DMZ and should only be used as a last resort ??

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •