April 4th, 2002, 11:03 PM
So I just port scanned myself...
I'm new to all this computer securty, but lately it has caught my interest. I downloaded a few utilities for port scanning and the like. Just now I got done port scanning myself and I found that the telnet, FTP, as well as HTTP ports (23,21,80) are all open!!
I just tried to connect to myself via telnet and it asks me a password, I tried all the passwords I have ever used and I wouldent let me in. That leads me to believe somebody has givin me a backdoor of some sort. Then I tried to connect via HTTP and it gives me a user login prompt much like a pay site would. Try to FTP in and again I'm confronted with a password prompt, tried all known passwords I have and nothing.
As for the system I have I'm running a P4 @ 1.4 ghz, 256 Mb ram, 40 gig HD, Netgear wireless router with one wireless connect, and mac connected via ethernet, and a Toshiba Cable modem plugged up to the router. Oh yeah, I'm also running Norton Personal Firewall and it returned 13 open ports. So what do you think computer security gurus? Is my box owned right now (most likely )?? How can I go about fixing this? Thanks in advance.
April 4th, 2002, 11:36 PM
Umm...might wanna go into your firewall config and manually set to close those ports, as well as updating your virus definitions on your virus-scanner and scan ya system. Nothing too intense I can think to tell ya, that's basically it. If none of that works (it should), change firewalls. I've not ever used Norton Personal Firewall, so I can't say if it's bad or good, but I know some other ones out there are good. Might wanna check into getting Sygate. It's a good one, .
April 5th, 2002, 12:56 AM
Don't you think it would be better to turn off those ports on the router? It's always better to close those ports off before you get to the machine. I'm assuming that router supports that option. It would be a pretty horrible one not to. Also remember that when behind a router, you have the nifty advandage of being behind a little feature called NAT (Network Address Translation). What that means is that if the router has to know where to send the packet. So if you block ports 21, 25, and 80, and a request to one of those ports comes in to your router, it knows to drop the packet instead of forwarding it on. Also remember that if the router doesn't know where to forward the packet, it will just drop it. It's not exactly easy to telnet into a machine behind a NAT "firewall" unless the router is set to forward requests on port 21 to that machine. The same applies to FTP, HTTP, or basically any other kind of request. So just block all ports that you never use, and you basically have eliminated somebody's chances of even getting past your router. At that point, their only choice is to come in through one of the few ports you have left open, and they still have to get through NAT. If they actually make it that far, they still have your software firewall to contend with. As for that, I don't know how good Norton Personal Firewall is, but if you're feeling experimental, try Tiny. It's freeware, so you don't have to pay for it. You can get it here. I used it before I got fed-up with Windows, and it worked beautifully.
Another suggestion about locking down your box would be to get rid of Windows. Show me a Windows box, and I'll show you a hacking waiting to happen. Just by installing something like Linux or BSD, you automatically make yourself immune to almost all viruses, the vast majority of script kiddie attacks, and end up with less vulnerabilities for real hackers to exploit.
April 5th, 2002, 09:02 PM