Symantec Security checker

[prathapml]

Do I have to configure my firewall so that everything is blocked and all ports are closed, and then re-open all the ports one by one to see which are the offenders?

Don't block out "everything". Just close all ports leaving none open.

And why'd you want to re-open *ALL* the ports one-by-one? There's 65,000 of them!

[phiber0ptik]

hi m8E, I was going to send a PM til I read some new posts in here

You have antivirus, firewall and antispyware installed, thats good but do not forget to update them (norton does that auto, spybot doesnt). About your ports that are opened... your firewall, Norton Internet Security if im not mistaken, is configured so these ports that your are talking about answers on request from an outside source. This can be re-configured (ofcourse) in the preferences for Norton Internet Security. But since you dont even need these ports you can disable the services which uses these ports. Port 23 is, like I said in an earlier PM the standardport for telnet. To close this port you have to disable the Telnet Service, and port 80 is the standardport for webservers... and the only OS from windows that I know of, that have this service running from start is Windows 2000 Look for "Internet Information Service" and disable that one too. Port 1025 belongs to RPC, do not disable the RPC service tho, just make sure the rules in your firewall is configured to block incoming requests on this port. ICMP is blocked by softwarefirewalls by default I guess, but since it answered on symantecs echo-request, take a closer look in your firewalls preferences.

About that list of applications that startup when you logon... none of them will harm your computer :

Do not configure your firewall so it blocks everything, there should be a "learning"-mode, try that.

//phiber0ptik

[epic]

To disable telnet / http (80):

Go to Start -> Run -> services.msc /s -> Enter

Scroll down until you see a listing for Telnet and stop/disable the service.

Scroll down until you see a listing for IIS (Internet Information Services) and stop/disable the service.

Here is a good resource to follow up with, there should be a link there for services. I have not checked it out for ages.

http://www.blackviper.com/

[m8E]

Thanks epic, I've already tried doing that for Telnet and even though the service is showing up as being disabled the Symantec Security checker still detects it as being open, does something smell wrong there to anyone!?

Also I do not have any such service with the name of IIS or Internet Information Services actually showing in services.msc /s so I cannot disable it because it isn't there, does something smell wrong there too??

65,000 ports in my computer! blimey prathapml I didn't know there were so many, (and now risking sounding totally computer dumb) what does a computer need that many ports for?

phiber0ptik thanks for letting me know about that list more firewall tinkering and learning to do now!!

[epic]

Well, it's probably Norton (if you have updated everything). Go figure. Norton stinks...

Actually, 65,554. However, some ports are not ever used- there just there. But here is good list to work with to get a general idea.

http://www.networksorcery.com/enp/protocol/ip/ports00000.htm

[acidtrance]

My mum did the Symantec Security check on her Vista PC and found port 80 and 443 Open instead of Stealth. I had quick look and found that the service which uses these ports is the WebClient service. I turned off the service, and set startup type to Manual instead of Automatic, and then ran Symantec Security check again and the ports were stealthed.

You should be safe to keep this service turned off, unless you are in a corporate network and use WebDAV. A google search for WebClient gets this article (see MORE INFORMATION at the bottom of the article):

http://support.microsoft.com/kb/832161

Then after rebooting and experimenting with this service turned off and on, I found ports still hidden (stealthed) on the Symantec Security check with service back on. Still I think it is better to keep service turned off unless it is needed. As we just finished using Skype just before I started investigating this problem, I found that when you login to Skype your PC will start listening on 3 ports, 2 of which are 80 and 443. Skype has option "Use port 80 and 443 as alternatives for incoming connections", presumably to get past firewalls blocking other ports.

So my main suggestion is to make sure you log out of all programs first before running port scanning tests. You could also uncheck the option in Skype, as long as you have the other incoming port in Skype configured to work with your routers firewall.

Doesn't explain why Norton Firewall can't hide the ports. If you use router with inbuilt firewall, these ports should will be hidden anyway.

Edited June 2, 2007 by acidtrance

[Woomera]

Well i dont trust Symantec Security check or infact any otheir products but my suggestion for anyone who wanna see if any ports on their computer is really open to the outside is THIS WEBSITE.

Its an online nmap scan with any option you want.

[acidtrance]

This is the one that I always use: ShieldsUp from www.grc.com

https://grc.com/x/ne.dll?bh0bkyd2