cancel
Showing results for 
Search instead for 
Did you mean: 

Warning!!!!! Possable Dumb Question

N/A

Warning!!!!! Possable Dumb Question

Hi

If your computer/s connect to the internet via router with firewall,and you go to a computer security test site such as "grc" or "PCflank",what actually gets tested the router or the computer?

The reason for my asking is that irrespective of if the firewalls on the computers are turned off or not the two above sites return the same results.

If it is the router that is in actual fact being tested and gets a cleans "bill of health" are software firewalls on the computers needed?

Thanks

Ian & Linda Jordan
15 REPLIES
N/A

Warning!!!!! Possable Dumb Question

Its the settings on the router. The router marks the boundary between public ip address (84.92.x.x) and your private network (192.168.x.x). Try using the sites the results should the same on both pcs. The tronjan test only show the router results, this means you might have trojans on your pcs. Try downloading avg 6, its free , and spybot search and destroy, also free, and testing your pcs.
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Warning!!!!! Possable Dumb Question

It depends on how your router is configued. If it has NAT (Network Address Translation) enabled then the router is tested. If it has NAT disabled or is in bridging mode your PC will be tested as the router will effectively be transparent.

You can tell which you have by your PCs IP address. If it is something like 192.168.X.X then your router is in NAT mode. If it's something line 81.X.X.X or 212.159.X.X (i.e. the static IP address of your ADSL line as shown in the portal) then your PC is being tested.

Router firewalls are primarily designed to stop people trying to connect into your network but are often completely open to any connection attempts going out from your PC. A software firewall will protect your PC from trying to make outgoing connections - which is what most viruses and spyware try to do and a hardware firewall will not stop these occuring. Just get yourself a copy of the Zonealarm Free firewall and install it on all your PCs.
N/A

Warning!!!!! Possable Dumb Question

Quote

Router firewalls are primarily designed to stop people trying to connect into your network but are often completely open to any connection attempts going out from your PC. A software firewall will protect your PC from trying to make


Actually I had not given much thought to outgoing stuff, as I must admit I was of the "if you stop the baddies getting in then they can't send anything out" school of thought but you both make viable points.

I think I have the wifes Win XP computer covered, by Kerio with a set of rules a mile long, including 5 Microsoft ones that need to be turned off before she can download updates, because if they are not turned off her computer does not seem to send the information to MS for it to determine what updates are needed.So I am hoping that Kerio blocks anything unaurthorised from going out.

My "Mac" however: I am not sure about I know everyone goes on about how secure they are regarding virus etc but your comments started me thinking about outgoing stuff.

So to try and establish what if anything unauthorised was going out of my machine I went to a diiferent test site namely http://scan.sygatetech.com which does a "pre-scan" prior to the proper tests and the result is below

"We have determined that your IP address is 212.159.**.*** (Plusnet fixed IP)
This is the public IP address that is visible to the internet.
Note: this may not be your IP address if you are connecting through a router, proxy or firewall."

"Trying to gather information from your web browser..."
Operating System = Macintosh PowerPC Mac OS X
Browser = AppleWebKit 125.5
"Trying to find out your computer name..."
Unable to determine your computer name!
"Trying to find out what services you are running..."
Unable to detect any running services!

So in your opinion based on that result would you consider my computer secure as regards outgoing information or should I be giving serious thought to the purchase of a software firewall.

Your thoughts would be appreciated as unlike Windows (someone may know different here) I don't think there are any good free firewalls for O S X.Not that I have any worries about paying for one provided it is justified, and that I am not going to waste money on something I don't need.

But thanks folks for your replies they certainly started me thinking :-)

Ian & Linda Jordan
N/A

Warning!!!!! Possable Dumb Question

The test that ran on the Mac probably got stopped by your firewall rather than by your Mac. I don’t know off a free firewall for Mac but then I don’t know of any Trojans that affect Macs. Try using google to find adware or spyware checkers and Mac firewalls. Try looking at the security centre at Norton antivirus to see if there are any reported. There are not that many Mac about in comparison to PCs so they do not get attacked as often so you have a fair bet of being safe just behind your router firewall. Plus the os is writen better so there are not the same number of holes in security. You must try and get the pcs firewall to work with windows update. I don't know Kerio but try their site to find help.
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Warning!!!!! Possable Dumb Question

This is where things can be a bit complex. External testing from the likes of grc or sygate check for any open ports on your IP address. Open ports usually signify there is some software listening for connections on that port - in some cases if you are infected with a vrus it will be running on your PC and listening on certain ports which the virus sender may be trying to connect to, to gain access to your PC. So an open port is a bad sign.

If the scan reports all ports stealthed then this means the scanner could not detect any evidence of a port on that IP address - i.e. it tried to connect to a port and got nothing back. If the scan reports the port as closed, it means the port exists (and thus the IP may be valid) and the connection attempt was rejected - i.e. your PC refused the connection attempt by sending back a reply saying you can't connect.

Now a stealthed port is much better than a closed one and if all your ports are reported as stealthed then the likelyhood is your IP address is not in use - for someone scanning IP addresses this may mean they will ignore your IP for future scans. If any of your ports are reported as open or closed, this means your IP address is valid so any person scanning your IP will now it is valid and may then continue scanning your IP to see if they can break in.

Now back to your sygate scan report... It does look like you are in effect stealthed to the outside world i.e. your router's firewall is doing it's job. But to stop any possible virus infecting your PC from say an email (this is rare on a Mac but there are some Mac viruses around), you should still look to see if their is a software firewall you can use. I am not familiar with OS.X so can't help with any recommendations.

The info related to your browser is actually reported by your browser and not extracted from your PC somehow so is not really a security risk..
N/A

Warning!!!!! Possable Dumb Question

Quote
You must try and get the pcs firewall to work with windows update. I don't know Kerio but try their site to find help.


Please do not get me wrong, as I do not consider that to be a problem:and merely put that into to give some idea as to how comprehensive the ruleset is.

I know it is a little inconvenient each time when wishing to get an update having to go into the rueset to enable the machine to talk to MS to download and install them; but once that is finished and I lock the firewall down again I can virtually rest easy knowing that not much is going to get out without our knowing.A prefered situation to me as both of us like to know what is going on all the time.

Thanks for the reply

Ian & Linda Jordan
N/A

Warning!!!!! Possable Dumb Question

Quote
If the scan reports the port as closed, it means the port exists (and thus the IP may be valid) and the connection attempt was rejected - i.e. your PC refused the connection attempt by sending back a reply saying you can't connect.


That is one aspect I found particularly interesting.Over the last few days I have been testing various firewall on Linda's machine, and they have all come back with something that had me puzzled for a while.Every port has been shown as "stealthed" except 80 and 113.

Now I know that 80 has something to do with the browser, but a bit of research was needed in the case of 113 mosy of which went way over my head, but I think the jist of it is that the "closed" option for that port is used to fool programmes like IRC when they send (I forget the name of the process) the signal to see if you can log onto the server or not....... shows how long it's been since I used IRC :-)

All in all this subjects of ports and firewalls is becoming a fascinating subject.....now I know things are relatively safe here,

I did do the prescan at "Sygate" on Linda's machine and got exactly the same report back with of course "Windows XP" and "Firefox" as OS and browser.

Am now in the process of looking for a firewall for my "Mac"

That was a very clear and consise explaination of a complex subject for which I thank you.

Ian & Linda Jordan
N/A

Warning!!!!! Possable Dumb Question

Port 80 is http and needs to be open on the pc firewall as for port 113 I think thats sercure dns update, if it is I would close it. Anyone else Know?
N/A

Warning!!!!! Possable Dumb Question

I have managed to find something about port 113 at http://www.grc.com/port_113.htm.

It may as well be written in ancient Sanskrit for all the sense it makes to me:but you maybe able to work out what it's all about :-)

Ian & Linda Jordan
N/A

Warning!!!!! Possable Dumb Question

Just looked it up. Port 113 is probably redundant, there may be a few things about that use it. Unless you are connecting to some very old hardware running unix e.g office network , it is probably safe to close it.
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Warning!!!!! Possable Dumb Question

Port 80 should only be open outgoing, not incoming - i.e. the firewall will pass any outgoing connections on port 80 (from yur PC's browser) but should block any incoming connections on port 80. If port 80 is open then you need to investigate why as it is not normal (unless you are running a web server on your IP address and have port forwarded port 80 to a local PC's IP address (which I'm sure is not happening in this case)).

One thing to check is you have not enabled remote administration / remote connection on your router. If you did, it means your router is listening on port 80 for remote connections, and if it see's an attempt to connect on port 80 it will respond by showing your routers admin screen and ask for you to login. You don't want others on the Internet to access you routers admin pages.

Port 113 is normally used for the IDENT service. This is a service that responds to requests for identifying yourself to others (IRC uses this). This is not needed so it should be closed or stealthed. Again this could possibly be your router but it is unusual if it is. Not sure what to suggest for this one.

[append]

If you say what your router is I can probably work out what to do to stealth port 113 and possible 80 if it's not your router listening.
N/A

Warning!!!!! Possable Dumb Question

Quote
Port 113 is normally used for the IDENT service. This is a service that responds to requests for identifying yourself to others (IRC uses this). This is not needed so it should be closed or stealthed. Again this could possibly be your router but it is unusual if it is. Not sure what to suggest for this one.


Port 113 is showing as closed on both Mac and Wiindows machines as is 80

My router is a D-Link DI614+

Ian & Linda Jordan
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Warning!!!!! Possable Dumb Question

In that case you don't need to do anything.
N/A

Warning!!!!! Possable Dumb Question

Ok Thanks very much Peter this has been a very educational evening :-)

Ian & Linda Jordan