Firewall not successfully blocking Ports.

[Thelps]

Specified a port to block with my Firewall. Created a rule specifying that port on both Inbound and Outbound directions.

However, when I portscan my network and router I find that port is still listed as 'open' and 'unfiltered'.

Any ideas what I'm doing wrong and why those ports haven't been closed?

 

[bill001g]

So how is your stuff cabled and are you running a program on your pc to scan or are you running from a service on the internet.

In general traffic going lan-lan will not be filtered by most firewalls so scanning internal devices with a pc will not pass the firewall. You would have to have the firewall between the devices that your want to protect.

Traffic the originates on the internet does not really need a firewall to block it. The NAT will prevent any traffic from passing the router unless you used port forwarding or DMZ. This makes me think you are not scanning from the outside because most routers do not have any open ports other than something like icmp/ping.

 

[Thelps]

Surely a Software Firewall would interface with the NIC drivers and block traffic at the source (as far as the CPU understands it)?

A firewall internal to the property's LAN would perform exactly the same function.

I guess what seems to be happening is a whole bunch of people have rebuilt a computer over and over and consequently the end-user has no control whatsoever over what data passes across their network.

Regardless, that doesn't explain why my firewall can't prevent the execution of data that doesn't meet its rules or contravenes some of them, especially when the portscan is executed from the machine that has those rules specifically configured as per my original post.

Perhaps the portscanning software itself is coded in such a way as to defeat the firewall? Maybe it's a relic of sales-staff engineering a Mac vs. PC debate from 15 years ago? The end result could only be one person drowning in tech they can't use. Only a complete imbecile could be defeated by such a Chimera.

 

[The Paladin]

port scanning from a web site (like most people do it) port scans your router not your pc.
So either you configure your router with the port rules (a pain to do) or better yet if you want a firewall, get a computer (Linux preferably using port management and iptables) between modem and router, properly managing the firewall only then your "rules" will apply to your network, otherwise your windows "firewall rules" only ( and barely at that) apply to your individual computer

 

[JalYt_Justin]

MERGED QUESTION
Question from Thelps : "Despite blocking ports with Firewall Portscan shows ports as still Open."

Blocked a number of ports using my Software Firewall.

However, after a portscan using the Loopback address and then the Router's address the ports are still listed as open on both devices.

Can anyone explain what I'm doing wrong and how to ensure the ports are closed and/or blocked/filtered effectively so as to prevent unwanted data-transfer on those virtual interfaces?

Appreciated.

Why would you not do this through your router instead of using a software? Also, you never specifically mentioned what firewall you were using to block ports.

 

[rgd1101]

Please stick with 1 thread and don't spam the forum

 

[Thelps]

port scanning from a web site (like most people do it) port scans your router not your pc.
So either you configure your router with the port rules (a pain to do) or better yet if you want a firewall, get a computer (Linux preferably using port management and iptables) between modem and router, properly managing the firewall only then your "rules" will apply to your network, otherwise your windows "firewall rules" only ( and barely at that) apply to your individual computer

MERGED QUESTION
Question from Thelps : "Despite blocking ports with Firewall Portscan shows ports as still Open."

Blocked a number of ports using my Software Firewall.

However, after a portscan using the Loopback address and then the Router's address the ports are still listed as open on both devices.

Can anyone explain what I'm doing wrong and how to ensure the ports are closed and/or blocked/filtered effectively so as to prevent unwanted data-transfer on those virtual interfaces?

Appreciated.

Why would you not do this through your router instead of using a software? Also, you never specifically mentioned what firewall you were using to block ports.

I've specified the ports to be blocked on both the Computer and the Router. I've followed an exact guide on how to do so but this specific Router cannot have Firmware updates (at least, ordered by the end-user) and has a particularly narrow feature-set as it was supplied by my ISP. I'm considering and researching alternate devices.

Regardless, to stay on topic, all Portscans I launch are from within my network and terminate at my network's limit. That's deliberately to prevent triggering a warning system on a machine not owned by myself.

The portscans indicate that the ports specified to be blocked are still listed as open. Ordinarily it reports such ports as 'closed' or 'filtered' if they are effectively Firewalled.

I don't have the luxury of switching to Linux due to work I'm doing on this machine requiring a Windows environment.

 

[bill001g]

What are you scanning. You can't scan the computer itself from the same computer you put the firewall rules on you must do it from a different device. The router firewall only filters traffic that crosses between lan/wan. You can not block the ports the router has open on its lan interfaces with the router you would need different firmware to even attempt it. The router will also not block any traffic going between lan devices. This is just a limitation of consumer routers.

You should be able to block the traffic between pc on the lan to some extent with the windows firewall...BUT you must test correctly. You would need to put all the rules on say machine A and then scan it with machine B. In general outbound rules are not effective on windows machines because the OS itself or any other task running authorized can bypass them. Still you really only care about inbound rules since even if the machine would send traffic the response to it would be blocked.

 

[Thelps]

I assumed that was the purpose of the Loopback Address: to simulate an external communication on the Network Interface Card.

Anyway, the computer is still behaving extremely erratically: Almost as if someone else is logged into it at all times. They're no-doubt reading this thread as I write it. As justified as it would be to try to extract money from a hacker, it would be infinitely nicer to be completely immune to unauthorised remote access.

 

[Thelps]

New development:

Turns out one of the open ports is associated with some form of conferencing software.

It was most likely applied to a USB stick and then added 'virally' to the computer over a decade ago.

The firewall is also, almost certainly, still not effectively blocking the connection.

This culture of employers considering themselves justified in observing employees' usage of their home computers is something I still can't support.

I don't ever seem to get lucky online.

 

[Thelps]

Seems my UDP portscans are now taking way too long to complete.

Someone's desperately trying to cover their tracks.

Really strange, since surely there's an automated system to catch these kinds of people before it gets this bad.