Firewall behind a firewall?

iliya1

Distinguished
Mar 3, 2009
10
0
18,510
After living with dial-up ever since Al Gore invented the internet, I FINALLY got broadband, through a WISP. I bought a Linksys E3000 and it works fine on my combined wired / wireless home LAN. All computers are Windows XP SP2. I had some questions that I would really love to have answered concerning network security. I have file and printer sharing turned on. When I ran the port scan service from GRC.com, it showed ports 21, 22, 23, and 80 as open. This concerned me, so I called my WISP and he assured me my system is safe. He said he needs certain ports open to service his equipment. He also said the equipment he installed (the antenna unit) has a built-in firewall. The E3000 has a firewall. Windows XP has a software firewall. So why do these ports show open? Should I be concerned?

My other questions are, where exactly does the internet connection IP come from? Is there a way to ping the individual computer's IP address that are on my LAN from outside the LAN? Is there a way to test or confirm the security of my LAN from internet threats? I have the E3000 configured to NOT return a ping, so why am I able to ping the internet connection IP?

Thanks for any help.
 
Your open ports are commonly used for:

21: FTP
22: SSH
23: telnet
80: HTTP

If you know your WAN address, you can always try accessing those ports from outside your network. go into your browser and put in:

http://<WAN IP ADDRESS>/

and see if anything is actually listening on port 80. You can also open a command prompt on a remote computer and type in:

telnet <WAN_IP_ADDRESS>

and see if anything is listening on port 23. try similar stuff with the other ports. i'm not sure why port 20 isn't open as that is also needed for FTP.
 

iliya1

Distinguished
Mar 3, 2009
10
0
18,510


So they HAVE to be open? I'm confused because when I do the same thing with my work LAN, which is comcast with a Motorola cable modem/router, *ALL* ports show "stealth." Why is that?

I forgot to mention. I did what you suggested and was unable to connect by typing my WAN IP into my browser. From the command prompt, I got: "could not open connection on port 23, connect failed.
 
No, they don't have to be open unless your WISP requires it to be. I just said they are open because you said GRC.com reported them open. The suggestions I listed earlier were just to see if there are any actual applications listening on those ports, which according to your test there doesn't appear to be any.

At work, they are showing up as stealth because the firewall you have at work is blocking or dropping data packets to those ports.

I can possibly see your WISP requiring port 22 (SSH) open. I don't see why he needs the other ports open, especially since it doesn't appear he has any software listening on those ports. Since there is nothing listening on those ports, I don't think it's a cause for concern. If you feel strongly about it, you can always go into your router and block those ports.
 

iliya1

Distinguished
Mar 3, 2009
10
0
18,510



I'm at work now so I can't do anything until I get home. I assumed my firewall would block ALL ports, otherwise, what's the point?
 

iliya1

Distinguished
Mar 3, 2009
10
0
18,510


Sorry, I assumed you would know what I meant, which was the firewall should close all ports to all inbound packets that were not initiated by my end, which according to the port scan done by GRC, is NOT the case.
 

iliya1

Distinguished
Mar 3, 2009
10
0
18,510


I don't understand. If my firewall is working, how can my WISP open and close the ports to my computer?
 


If they set up your router/antenna they can change the remote admin user name and password. That is all you need to configure the router. You even said he left certain ports open to service his equipment.