So I just port scanned myself...
Results 1 to 4 of 4

Thread: So I just port scanned myself...

  1. #1
    Member
    Join Date
    Feb 2002
    Posts
    99

    So I just port scanned myself...

    I'm new to all this computer securty, but lately it has caught my interest. I downloaded a few utilities for port scanning and the like. Just now I got done port scanning myself and I found that the telnet, FTP, as well as HTTP ports (23,21,80) are all open!!

    I just tried to connect to myself via telnet and it asks me a password, I tried all the passwords I have ever used and I wouldent let me in. That leads me to believe somebody has givin me a backdoor of some sort. Then I tried to connect via HTTP and it gives me a user login prompt much like a pay site would. Try to FTP in and again I'm confronted with a password prompt, tried all known passwords I have and nothing.

    As for the system I have I'm running a P4 @ 1.4 ghz, 256 Mb ram, 40 gig HD, Netgear wireless router with one wireless connect, and mac connected via ethernet, and a Toshiba Cable modem plugged up to the router. Oh yeah, I'm also running Norton Personal Firewall and it returned 13 open ports. So what do you think computer security gurus? Is my box owned right now (most likely )?? How can I go about fixing this? Thanks in advance.

    Jonesy

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Posts
    884
    Umm...might wanna go into your firewall config and manually set to close those ports, as well as updating your virus definitions on your virus-scanner and scan ya system. Nothing too intense I can think to tell ya, that's basically it. If none of that works (it should), change firewalls. I've not ever used Norton Personal Firewall, so I can't say if it's bad or good, but I know some other ones out there are good. Might wanna check into getting Sygate. It's a good one, .

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    752
    Don't you think it would be better to turn off those ports on the router? It's always better to close those ports off before you get to the machine. I'm assuming that router supports that option. It would be a pretty horrible one not to. Also remember that when behind a router, you have the nifty advandage of being behind a little feature called NAT (Network Address Translation). What that means is that if the router has to know where to send the packet. So if you block ports 21, 25, and 80, and a request to one of those ports comes in to your router, it knows to drop the packet instead of forwarding it on. Also remember that if the router doesn't know where to forward the packet, it will just drop it. It's not exactly easy to telnet into a machine behind a NAT "firewall" unless the router is set to forward requests on port 21 to that machine. The same applies to FTP, HTTP, or basically any other kind of request. So just block all ports that you never use, and you basically have eliminated somebody's chances of even getting past your router. At that point, their only choice is to come in through one of the few ports you have left open, and they still have to get through NAT. If they actually make it that far, they still have your software firewall to contend with. As for that, I don't know how good Norton Personal Firewall is, but if you're feeling experimental, try Tiny. It's freeware, so you don't have to pay for it. You can get it here. I used it before I got fed-up with Windows, and it worked beautifully.





    Another suggestion about locking down your box would be to get rid of Windows. Show me a Windows box, and I'll show you a hacking waiting to happen. Just by installing something like Linux or BSD, you automatically make yourself immune to almost all viruses, the vast majority of script kiddie attacks, and end up with less vulnerabilities for real hackers to exploit.

  4. #4
    Member
    Join Date
    Feb 2002
    Posts
    99
    Well right now, I use an certain IP address to get into my router's configureation. I'm assuming I can turn ports on as well as off in there somewhere. I'll try it later, thanks. As far as trying to figure out when this might have come from, anybody have any suggestions?

    Edit, ok, I just got to the routers configuration file, I can get to a page that has as an option, it looks like this:


    PORT FORWARDING


    Server


    Default DMZ server 0.0.0.0

    # Start Port End port Server IP address
    1 | | 0.0.0.0
    2
    3
    4
    5
    6
    7
    8
    9
    10
    | |

    Once I get here, what next? Sorry if I sound like a fuggin newbie, but truthfully I am. Thanks in advance to anybody willing to lend their time.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •