Port 113 is closed

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

Praxiteles Democritus <no@email.here> wrote:
> I mean blocking, sorry. Here's what someone posted in this group
> recently and I thought I would take their advice. Is it not good
> advice?
> "As always, I suggest blocking both TCP and UDP ports 135 ~ 139 and
> 445 on *any* SOHO Router."

I think, this is not meant for masquerading/NAT setups.

You can filter any packages away, which are intended for those ports.
This is not harmful.

But, usually with masquerading and filtering anything away on the outside
interface, which seems to be coming from inside, is enough.

I don't know any NAT device, which can be tricked to route TCP sockets
to the SMB ports from outside.

Anyone else?

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

In the Usenet newsgroup comp.security.firewalls, in article
<u9prh1ltdobsi21lgj1o2g1ag6ub03lhm5@4ax.com>, Praxiteles Democritus wrote:

>Yes, I forwarded them to a dummy IP. Is that not how to do it? If it's
>not then someone please enlighten me.

Go to a friend's house (or try it from work/school if you think you can
get away with it) and use any connectivity tool to try to connect to your
system - and while doing so, use a packet sniffer like Ethereal, sniffit,
or tcpdump. Poke one of the ports you know is "stealthed", and you should
see no response. Poke some random port number between 1030 and 65530 and
see that you also get no response back. Then poke the port that you
have forwarded to the dummy IP. You should see an ICMP Type 3 Code 1
response - but pay attention to the address that is replying. In most
cases, this will be your address - the one that you wish to be stealthed.
So, here we have a "Host does not exist" packet, coming from the host
that doesn't exist. Yeah, nobody would _ever_ notice that.

Most people who use "stealth" don't have any understanding of what is
happening at the packet level, and thus make glaring errors that show
this. Stealth itself is one of those errors, as anyone who actually
understood how traceroute (or windoze broken 'TRACERT') works would
be able to tell.

>These ports. This is what someelse posted here and I'm just following
>their advice.
>
>"As always, I suggest blocking both TCP and UDP ports 135 ~ 139 and
>445 on *any* SOHO Router."

So, by just blocking those six TCP and six UDP ports, everything is fine,
and you can ignore the other 65529 ports of each type - and the other 130
odd other valid protocols, like BGP, or IPv6 (and the other 120 odd that
haven't been assigned).

Old guy
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

On Tue, 06 Sep 2005 20:57:08 -0500, optikl <optikl@invalid.net> wrote:


>
>That is how you do it.

Thanks.
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

Praxiteles Democritus <no@email.here> wrote:
> I also have port 1025
> listening. What's that port used for?

Which operating system do you have?

With Windows XP, you can find out that with:

netstat -ano

With Linux or UNIX, perhaps you can have a lsof command like:

lsof -i

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

On 7 Sep 2005 21:23:37 +0200, Volker Birk <bumens@dingens.org> wrote:


>Which operating system do you have?

XP

>With Windows XP, you can find out that with:
>
>netstat -ano

It just says PID 1428. What's that mean? Using a port monitor it is
tied to alg.exe.
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

Praxiteles Democritus <no@email.here> wrote:
> >With Windows XP, you can find out that with:
> >netstat -ano
> It just says PID 1428. What's that mean?

It's the process ID of the process, which opens this socket. You can find
out which process this is either with the tasklist command or with the task-
manager.

> Using a port monitor it is
> tied to alg.exe.

This is part of the Windows firewall. Let it be.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

On 8 Sep 2005 08:15:10 +0200, Volker Birk <bumens@dingens.org> wrote:

>Praxiteles Democritus <no@email.here> wrote:

>It's the process ID of the process, which opens this socket. You can find
>out which process this is either with the tasklist command or with the task-
>manager.

OK, thx.

>> Using a port monitor it is
>> tied to alg.exe.
>
>This is part of the Windows firewall. Let it be.
>
>Yours,
>VB.

Yea, I looked up alg.exe and found out it is the XP firewall.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom