Results 1 to 4 of 4

Thread: Port Question

  1. November 19th, 2005, 09:33 PM #1
    dayneman1
    dayneman1 is offline
    Member
    Join Date
    Jul 2003
    Posts
    53

    Port Question

    I run the port scanner from hackerwatch.org and the result were very surprising to me with it telling me that I have port 139 (Net Bois) closed but not secured, unlike the rest of the ports. I know I have the port closed but shouldn't my firewall (Norton firewall 2005) be hiding and securing the port automatically like the rest of my ports. Thanks for any help that is anyone is able to provide.
    Reply With Quote Reply With Quote
  2. November 19th, 2005, 10:21 PM #2
    thehorse13
    thehorse13 is offline
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    I take this to mean that the port is closed but traffic was able to hit your machine, i.e. there is no device (such as a firewall) infront of the machine. Then again, this could be a false positive which I would lean more towards.

    Without knowing precisely how the scan was conducted, you'll never know the answer. If you'd like to see, throw a sniffer up on your host and record the session.

    If the port is closed, you're not going to have any problems. Don't let the evil hackerwatch scanner scare you.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
    Reply With Quote Reply With Quote
  3. November 19th, 2005, 11:45 PM #3
    skiddieleet
    skiddieleet is offline
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I get similar results from the shieldsup test at grc.com. it correctly reports the ports of services I have running as open, and all but one of the other ports it scans are showed as stealthed. I'm thinking that my ISP might respond to the port which is reported closed with a forged reset packet. All the other probes are dropped by my router I believe (except the ones to open ports). This could be what is happening with you. I'm not connected directly to the internet so I can't really sniff to see what's going on, but I think that'd be a good idea for you as TH13 suggested.

    p.s. I didn't see a portscanning service or download at hackerwatch.org.
    http://www.skiddieleet.org/
    http://www.skiddieleet.org/projects.php
    Reply With Quote Reply With Quote
  4. November 21st, 2005, 05:53 AM #4
    Godsrock37
    Godsrock37 is offline
    Senior Member Godsrock37's Avatar
    Join Date
    Jan 2005
    Location
    PA
    Posts
    121
    i found a similar issue when using shieldsup on port 113. It turned out my router was blocking it (Netgear wireless) instead of dropping it. My solution was to forward the port to a nonexistent ip on my network. Also, i researched grc newsgroup info and found that some ISP's block port 139, which is what h3r3tic said. another reason norton might not be stealthing the port might be found in this grc exerpt - 'Different firewalls may choose differently to leaving Windows NetBIOS file and printer sharing open or closed with their default settings. So, just installing a firewall doesn't instantly protect you. The firewall may need some help from you to determine what you want to be protected from! Therefore, you may need to examine the software's configuration settings to determine how to close external access to the dangerous NetBIOS ports 137, 138, and 139.'

    hope that helps
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules