Angelic:
I think Phish meant that the person tunneling through your firewall would be begging you for his job soon..... Not you begging for your's..... Silly..... ;)Quote:
Sounds like someones gonna be begging for their job really soon....
Printable View
Angelic:
I think Phish meant that the person tunneling through your firewall would be begging you for his job soon..... Not you begging for your's..... Silly..... ;)Quote:
Sounds like someones gonna be begging for their job really soon....
Exactly what I meant... sometimes it just doesn't come out right... lolQuote:
Originally posted here by Tiger Shark
I think Phish meant that the person tunneling through your firewall would be begging you for his job soon..... Not you begging for your's..... Silly..... ;)
Oh...right...um, I knew that. ;) Given as much as I still have to learn, I do worry that I may be doing so myself if my noobness gets the best of me! That's why I'm always pestering you guys. :D
/edit -- Ok, IANA did indeed show some more ports that I had found listed as "unavailable" previously. So, to revise my list:
We can knock 3571 off the list. That's for RAID, which is ligit.
3758 though, that's "apw RMI registry", which I have no clue on. Off I go to ask Mr. Google.
/edit -- APW = Add Printer Wizard while RMI = Remote Method Invocation, so perhaps this has something to do with network printing, just guessing? Thus ligit as well?
Quote:
Originally posted here by AngelicKnight
/edit -- APW = Add Printer Wizard while RMI = Remote Method Invocation, so perhaps this has something to do with network printing, just guessing? Thus ligit as well?
Never make the assumption that just because something looks credible, it is OK and there is no need to worry about it. In this case, you need to investigate and see where those connections are coming from. Yes, hearing about Add Printer Wizard may sound legit, but you'll need to look into it and see what might be going on. Don't start out by making that kind of assumption, it may get you in trouble...
Which is why I ask you guys. ;)
So that's one thing about SonicWALL thus far I'm not liking -- It tells me a port and a service, but not where it's coming from (what computer on the network is trying to use it, etc.), so tracking down where it's coming from is a tad tricky. But at least it's a starting point.
Do any of you have any experience with SonicWALL inparticular? I'm going to keep digging to see if there's a way I can find out more about what's going on here. Thanks for all the great advice guys.
What you need to first is to get a list of services that need to be running on your network. For someone in your position, you should know exactly what the higher ups want and need to run and shouldn't be put in the situation to guess at what is right or wrong. That said, if it isn't on the list...zap it!
Have you run a portscan from outside the network yet?
There are programs that will tell you what program opened what port and what not. A Google should turn up a few for ya, they're mostly freeware. I can't think of the name of the one I have right now, if you want it, Private Message me and I'll give it to you later cause I'm at work right now.
Well, since the printer's have to connect to your entire network (and my friend has alerted me that the network he work's for has a program called "Add Print Wizard" which is a program to add printer's to the network) then I would assume it's safe to allow and is legit. Your network higher up's need to inform you of the module program's that are used for network task's (i.e printing, file-sharing, etc). Just some advice.
"Active Ports" displays every port open on your computer and lists the program that started them. It can be found at: http://www.protect-me.com/freeware.html Hope this helps.
Hang on thar a sec.. I am not so learned as I would like in this area.. but are we assuming a bit much here..?
The listed ports.. this is a bit like my question of "Un Named Processes" in a Fport listing..
Could they just be the gateways out bound connections.. are they connected to a outside Port.. or are they just listening.. OK if they are listening further research is warrented.. ..
Besides Active Ports .. TCPView is also a handy tool ..
I feel it is right to act when you see something that look sus.. and deal with as quick as possable.. so Where I am wrong with my thoughts I am sure someone will tell me where to Google..
cheers
Further thought..are we talking your home pc.. with software firewall.. or the work Internet Gateway/proxy server etc..??