Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Firewall question...

29 Aug 2009   #41
Subsonic

Windows7 x64 7600 16385
 
 

Quote   Quote: Originally Posted by Creer View Post
Subsonic you entered your router IP, I talked about you IP from ISP, you can check it eg here: Check and Map your Current IP address.
OK, now I get this. I'm sure its probably because I'm in a hotel and I don't control the router. Thanks for your help!




Attached Images
Firewall question...-capture.jpg 
My System SpecsSystem Spec
.
29 Aug 2009   #42
Creer

Windows 7 Home Premium x32 SP1
 
 

Quote   Quote: Originally Posted by Subsonic View Post
OK, now I get this. I'm sure its probably because I'm in a hotel and I don't control the router. Thanks for your help!
I'm not sure here but:
1. do you have UAC enabled?
2. during installation process of Nmap did you selected smth like: WinPcap to load when your system starts up?
My System SpecsSystem Spec
29 Aug 2009   #43
Subsonic

Windows7 x64 7600 16385
 
 

Quote   Quote: Originally Posted by Creer View Post
I'm not sure here but:
1. do you have UAC enabled?
2. during installation process of Nmap did you selected smth like: WinPcap to load when your system starts up?
1. Yes
2. No
My System SpecsSystem Spec
.

29 Aug 2009   #44
Creer

Windows 7 Home Premium x32 SP1
 
 

Quote   Quote: Originally Posted by Subsonic View Post
1. Yes
2. No
This may be the reason of this.
Look at this thread:
Nmap Development: Re: NMap 4.2 and Vista
My System SpecsSystem Spec
29 Aug 2009   #45
Subsonic

Windows7 x64 7600 16385
 
 

Quote   Quote: Originally Posted by Creer View Post
This may be the reason of this.
Look at this thread:
Nmap Development: Re: NMap 4.2 and Vista
OK, that fixed it. But now I'm not sure how to interpret this. Here is NMap's output:

Starting Nmap 5.00 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2009-08-29 08:57 Eastern Daylight Time

NSE: Loaded 30 scripts for scanning.

Initiating Ping Scan at 08:57

Scanning 12.6.201.218 [8 ports]

Completed Ping Scan at 08:57, 0.19s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 08:57

Completed Parallel DNS resolution of 1 host. at 08:57, 0.03s elapsed

Initiating SYN Stealth Scan at 08:57

Scanning 12.6.201.218 [1000 ports]

Discovered open port 443/tcp on 12.6.201.218

Discovered open port 53/tcp on 12.6.201.218

Discovered open port 199/tcp on 12.6.201.218

Discovered open port 25/tcp on 12.6.201.218

Discovered open port 80/tcp on 12.6.201.218

Discovered open port 22/tcp on 12.6.201.218

Discovered open port 1455/tcp on 12.6.201.218

Discovered open port 1443/tcp on 12.6.201.218

Completed SYN Stealth Scan at 08:58, 7.81s elapsed (1000 total ports)

Initiating Service scan at 08:58

Scanning 8 services on 12.6.201.218

Completed Service scan at 09:00, 116.61s elapsed (8 services on 1 host)

Initiating OS detection (try #1) against 12.6.201.218

Retrying OS detection (try #2) against 12.6.201.218

Retrying OS detection (try #3) against 12.6.201.218

Retrying OS detection (try #4) against 12.6.201.218

Retrying OS detection (try #5) against 12.6.201.218

12.6.201.218: guessing hop distance at 1

Initiating Traceroute at 09:00

Completed Traceroute at 09:00, 0.02s elapsed

Initiating Parallel DNS resolution of 2 hosts. at 09:00

Completed Parallel DNS resolution of 2 hosts. at 09:00, 0.00s elapsed

NSE: Script scanning 12.6.201.218.

NSE: Starting runlevel 1 scan

Initiating NSE at 09:00

Completed NSE at 09:00, 1.33s elapsed

NSE: Script Scanning completed.

Host 12.6.201.218 is up (0.0033s latency).

Interesting ports on 12.6.201.218:

Not shown: 964 closed ports, 28 filtered ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 4.5p1 (FreeBSD 20061110; protocol 2.0)

|_ ssh-hostkey: 1024 1a:10:8a:e7:da:3f:72:9e:8e:68:3f:cf:cc:4b:9b:b3 (DSA)

25/tcp open smtp Sendmail 8.13.8/8.12.6

| smtp-commands: EHLO et-bos-14.site.stayonline.net Hello [192.168.57.137], pleased to meet you, ENHANCEDSTATUSCODES, PIPELINING, EXPN, VERB, 8BITMIME, SIZE 10000000, DSN, ETRN, DELIVERBY, HELP

|_ HELP 2.0.0 This is sendmail version 8.13.8 2.0.0 Topics: 2.0.0 HELO EHLO MAIL RCPT DATA 2.0.0 RSET NOOP QUIT HELP VRFY 2.0.0 EXPN VERB ETRN DSN AUTH 2.0.0 STARTTLS 2.0.0 For more info use "HELP <topic>". 2.0.0 To report bugs in the implementation see 2.0.0 Contact Us - Support - sendmail.org 2.0.0 For local information send email to Postmaster at your site. 2.0.0 End of HELP info

53/tcp open domain dnsmasq 2.33

80/tcp open http Apache httpd 1.3.37 ((Unix) mod_perl/1.29 mod_ssl/2.8.28 OpenSSL/0.9.7e-p1)

199/tcp open smux Linux SNMP multiplexer

443/tcp open ssl/http Apache httpd 1.3.37 ((Unix) mod_perl/1.29 mod_ssl/2.8.28 OpenSSL/0.9.7e-p1)

|_ sslv2: server still supports SSLv2

1443/tcp open http Apache httpd 1.3.37 ((Unix) mod_perl/1.29 mod_ssl/2.8.28 OpenSSL/0.9.7e-p1)

|_ html-title: 400 Bad Request

1455/tcp open esl-lm?

No exact OS matches for host (If you know what OS is running on it, see Nmap OS/Service Fingerprint and Correction Submission Page ).

TCP/IP fingerprint:

OS:SCAN(V=5.00%D=8/29%OT=22%CT=1%CU=31147%PV=N%DS=0%G=Y%TM=4A99266A%P=i686-

OSc-windows-windows)SEQ(SP=104%GCD=1%ISR=105%CI=I%TS=U)SEQ(SP=104%GCD=1%I

OS:SR=105%TS=U)SEQ(SP=104%GCD=1%ISR=104%TI=I%TS=U)OPS(O1=M5B4SLL%O2=M5B4SLL

OS:%O3=M5B4%O4=M5B4SLL%O5=M5B4SLL%O6=M5B4SLL)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4

OS:=FFFF%W5=FFFF%W6=FFFF)ECN(R=Y%DF=Y%T=40%W=FFFF%O=M5B4SLL%CC=N%Q=)ECN(R=N

OST1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T1(R=Y%DF=Y%T=40%S=O%A=O%F=AS%RD

OS:=0%Q=)T2(R=N)T3(R=Y%DF=Y%T=40%W=FFFF%S=O%A=S+%F=AS%O=M5B4SLL%RD=0%Q=)T3(

OS:R=Y%DF=Y%T=40%W=FFFF%S=O%A=O%F=AS%O=M5B4SLL%RD=0%Q=)T3(R=N)T4(R=Y%DF=Y%T

OS:=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T4(R=N)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR

OS:%O=%RD=0%Q=)T5(R=N)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T6(R=N)T7

OSR=Y%DF=Y%T=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T7(R=N)U1(R=Y%DF=N%T=40%IPL=3

OS:8%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=0%RUD=G)IE(R=N)



Network Distance: 0 hops

Service Info: Host: et-bos-14.site.stayonline.net; OSs: FreeBSD, Unix, Linux



TRACEROUTE (using port 993/tcp)

HOP RTT ADDRESS

1 0.00 12.6.201.218



Read data files from: d:\Nmap

OS and Service detection performed. Please report any incorrect results at Nmap OS/Service Fingerprint and Correction Submission Page .

Nmap done: 1 IP address (1 host up) scanned in 166.33 seconds

Raw packets sent: 1711 (83.712KB) | Rcvd: 1049 (42.480KB)

Yet GRC now show's me stealth on all ports! Only thing I can think of is that the Hotel router IP has open ports as reported by NMap but my firewall is stealthing everything on my computers IP. Does that sound right? Thanks again for your help. I don't think I'm worried about my security at this point but I'm enjoying this "teachable moment"!

Gil


Attached Thumbnails
Firewall question...-capture.jpg  
My System SpecsSystem Spec
29 Aug 2009   #46
Creer

Windows 7 Home Premium x32 SP1
 
 

Do this test again with using profile: "Intense scan, all TCP ports"

EDIT:
Also if you can go to the command line: Start>cmd
then in line write:
netstat -a

after that please attach screen.
My System SpecsSystem Spec
29 Aug 2009   #47
Subsonic

Windows7 x64 7600 16385
 
 

Quote   Quote: Originally Posted by Creer View Post
Do this test again with using profile: "Intense scan, all TCP ports"

EDIT:
Also if you can go to the command line: Start>cmd
then in line write:
netstat -a

after that please attach screen.
OK. That one took a while! Here is the output:

Starting Nmap 5.00 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2009-08-29 10:12 Eastern Daylight Time

NSE: Loaded 30 scripts for scanning.

Initiating Ping Scan at 10:12

Scanning 12.6.201.106 [8 ports]

Completed Ping Scan at 10:12, 0.26s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 10:12

Completed Parallel DNS resolution of 1 host. at 10:12, 0.03s elapsed

Initiating SYN Stealth Scan at 10:12

Scanning 12.6.201.106 [65535 ports]

Discovered open port 199/tcp on 12.6.201.106

Discovered open port 443/tcp on 12.6.201.106

Discovered open port 53/tcp on 12.6.201.106

Discovered open port 25/tcp on 12.6.201.106

Discovered open port 80/tcp on 12.6.201.106

Discovered open port 22/tcp on 12.6.201.106

SYN Stealth Scan Timing: About 7.26% done; ETC: 10:19 (0:06:36 remaining)

Discovered open port 1455/tcp on 12.6.201.106

SYN Stealth Scan Timing: About 13.53% done; ETC: 10:21 (0:07:15 remaining)

SYN Stealth Scan Timing: About 14.02% done; ETC: 10:24 (0:10:01 remaining)

Increasing send delay for 12.6.201.106 from 0 to 5 due to max_successful_tryno increase to 5

SYN Stealth Scan Timing: About 22.90% done; ETC: 10:25 (0:09:22 remaining)

SYN Stealth Scan Timing: About 28.88% done; ETC: 10:25 (0:08:42 remaining)

SYN Stealth Scan Timing: About 35.75% done; ETC: 10:25 (0:08:03 remaining)

SYN Stealth Scan Timing: About 40.38% done; ETC: 10:25 (0:07:21 remaining)

SYN Stealth Scan Timing: About 45.01% done; ETC: 10:25 (0:06:42 remaining)

SYN Stealth Scan Timing: About 49.56% done; ETC: 10:24 (0:06:05 remaining)

Increasing send delay for 12.6.201.106 from 5 to 10 due to max_successful_tryno increase to 6

Warning: Giving up on port early because retransmission cap hit.

SYN Stealth Scan Timing: About 60.08% done; ETC: 10:26 (0:05:28 remaining)

SYN Stealth Scan Timing: About 67.19% done; ETC: 10:27 (0:04:47 remaining)

SYN Stealth Scan Timing: About 73.04% done; ETC: 10:27 (0:04:01 remaining)

SYN Stealth Scan Timing: About 78.51% done; ETC: 10:28 (0:03:16 remaining)

Discovered open port 1443/tcp on 12.6.201.106

SYN Stealth Scan Timing: About 84.11% done; ETC: 10:28 (0:02:29 remaining)

SYN Stealth Scan Timing: About 89.44% done; ETC: 10:28 (0:01:41 remaining)

SYN Stealth Scan Timing: About 94.82% done; ETC: 10:29 (0:00:51 remaining)

Completed SYN Stealth Scan at 10:29, 1001.55s elapsed (65535 total ports)

Initiating Service scan at 10:29

Scanning 8 services on 12.6.201.106

Completed Service scan at 10:33, 215.86s elapsed (8 services on 1 host)

Initiating OS detection (try #1) against 12.6.201.106

Retrying OS detection (try #2) against 12.6.201.106

Retrying OS detection (try #3) against 12.6.201.106

Retrying OS detection (try #4) against 12.6.201.106

12.6.201.106: guessing hop distance at 1

Initiating Traceroute at 10:33

Completed Traceroute at 10:33, 0.01s elapsed

Initiating Parallel DNS resolution of 2 hosts. at 10:33

Completed Parallel DNS resolution of 2 hosts. at 10:33, 0.00s elapsed

NSE: Script scanning 12.6.201.106.

NSE: Starting runlevel 1 scan

Initiating NSE at 10:33

Completed NSE at 10:33, 0.80s elapsed

NSE: Script Scanning completed.

Host 12.6.201.106 is up (0.029s latency).

Interesting ports on 12.6.201.106:

Not shown: 65508 closed ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 4.5p1 (FreeBSD 20061110; protocol 2.0)

|_ ssh-hostkey: 1024 1a:10:8a:e7:da:3f:72:9e:8e:68:3f:cf:cc:4b:9b:b3 (DSA)

25/tcp open smtp Sendmail 8.13.8/8.12.6

| smtp-commands: EHLO et-bos-14.site.stayonline.net Hello [192.168.57.45], pleased to meet you, ENHANCEDSTATUSCODES, PIPELINING, EXPN, VERB, 8BITMIME, SIZE 10000000, DSN, ETRN, DELIVERBY, HELP

|_ HELP 2.0.0 This is sendmail version 8.13.8 2.0.0 Topics: 2.0.0 HELO EHLO MAIL RCPT DATA 2.0.0 RSET NOOP QUIT HELP VRFY 2.0.0 EXPN VERB ETRN DSN AUTH 2.0.0 STARTTLS 2.0.0 For more info use "HELP <topic>". 2.0.0 To report bugs in the implementation see 2.0.0 Contact Us - Support - sendmail.org 2.0.0 For local information send email to Postmaster at your site. 2.0.0 End of HELP info

53/tcp open domain dnsmasq 2.33

80/tcp open http Apache httpd 1.3.37 ((Unix) mod_perl/1.29 mod_ssl/2.8.28 OpenSSL/0.9.7e-p1)

135/tcp filtered msrpc

137/tcp filtered netbios-ns

138/tcp filtered netbios-dgm

199/tcp open smux Linux SNMP multiplexer

443/tcp open ssl/http Apache httpd 1.3.37 ((Unix) mod_perl/1.29 mod_ssl/2.8.28 OpenSSL/0.9.7e-p1)

|_ sslv2: server still supports SSLv2

1443/tcp open http Apache httpd 1.3.37 ((Unix) mod_perl/1.29 mod_ssl/2.8.28 OpenSSL/0.9.7e-p1)

|_ html-title: 400 Bad Request

1455/tcp open esl-lm?

3134/tcp filtered unknown

4444/tcp filtered krb524

10934/tcp filtered unknown

13011/tcp filtered unknown

18420/tcp filtered unknown

19050/tcp filtered unknown

25144/tcp filtered unknown

26767/tcp filtered unknown

29717/tcp filtered unknown

36760/tcp filtered unknown

41140/tcp filtered unknown

41687/tcp filtered unknown

43794/tcp filtered unknown

53341/tcp filtered unknown

54606/tcp filtered unknown

62083/tcp filtered unknown

Device type: general purpose|firewall|storage-misc

Running (JUST GUESSING) : FreeBSD 6.X|5.X|5.x|7.X (97%), IronPort AsyncOS 6.X|4.X (95%), IBM AIX 5.X|6.X (93%), Apple Mac OS X 10.3.X (90%)

Aggressive OS guesses: FreeBSD 6.1-RELEASE (97%), FreeBSD 5.4-RELEASE (96%), FreeBSD 6.3-PRERELEASE (96%), IronPort C100 email security appliance (AsyncOS 6.01) (95%), FreeBSD 5.2.1-RC2 (95%), IBM AIX 5.3 - 6.1 (93%), FreeBSD 5.5-STABLE (92%), FreeBSD 5.2.1-RELEASE (92%), FreeBSD 5.4 or 5.5 (x86) (92%), FreeBSD 6.0-RELEASE (92%)

No exact OS matches for host (test conditions non-ideal).

Network Distance: 0 hops

Service Info: Host: et-bos-14.site.stayonline.net; OSs: FreeBSD, Unix, Linux



TRACEROUTE (using port 1720/tcp)

HOP RTT ADDRESS

1 4.00 12.6.201.106



Read data files from: d:\Nmap

OS and Service detection performed. Please report any incorrect results at Nmap OS/Service Fingerprint and Correction Submission Page .

Nmap done: 1 IP address (1 host up) scanned in 1268.85 seconds

Raw packets sent: 68006 (2.999MB) | Rcvd: 65620 (2.625MB)


Attached Images
Firewall question...-capture.jpg 
My System SpecsSystem Spec
29 Aug 2009   #48
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Are you at the Marriott?
My System SpecsSystem Spec
29 Aug 2009   #49
Subsonic

Windows7 x64 7600 16385
 
 

Quote   Quote: Originally Posted by Jacee View Post
Are you at the Marriott?
Yes.
My System SpecsSystem Spec
29 Aug 2009   #50
Creer

Windows 7 Home Premium x32 SP1
 
 

Yes, it looks like you have few ports opened but I don't see them (as established/time-out/listening) on netstat report.
Ports which are open and they status are "listening" could be critical. All the other ones are not because you can connect only to the "listening" port, other ones are dated in this case.
Also the router in hotel could have some ports open because special services/administrator/etc...
So don't worry about this.
My System SpecsSystem Spec
Reply

 Firewall question...




Thread Tools




Similar help and support threads
Thread Forum
Firewall question.
Hello guys, is it really needed to have firewall on my computer, my router has a firewall option which is enabled. if yes, can you guys recommend me a free good firewall that works which theese antiviruses: Avast! Free 9, Malwarebytes Pro. Thanks
System Security
Comodo Firewall question
Just giving this firewall a test at work. I want to set it so that all computers on my local LAN can connect to my testbox (running Comodo) via remote desktop. Under Firewall, Network Security Policy, I created a global rule that I thought would do it, allowing access to port 3389. ...
System Security
windows firewall question
If i add a new rule in advanced firewall options, that says that adobe photoshop.exe is not allowed to connect to thje internet. Would that stop all files in that program accessing the internet? Or just the .exe file? Thanks in Advance Is this the right forum for Firewall questions?
System Security
Question about Comodo Firewall and Windows Firewall
Hi and thanks for viewing this thread. I hope you can help me! :) I have a few questions which I will number and I hope you can answer them in detail, as it would be much appreciated. (I am using W7 64-Bit) 1. Is Comodo Firewall reccomended? (I am using it currently but am unsure, as I have...
System Security
One question about Windows Firewall
I don't understand one thing about custom rules in Windows Firewall. I'm having a hard time articulating this in my head, so bear with me. When creating a custom rule, one has the option to specify a program. Say I specified the correct program and port. But then, in the services section,...
System Security
Router Firewall Question
I have a Linksys router. Do I want to check "filter Nat redirection" or not?
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 08:15.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App