Firewall question...

[Subsonic]

Subsonic you entered your router IP, I talked about you IP from ISP, you can check it eg here: Check and Map your Current IP address.

OK, now I get this. I'm sure its probably because I'm in a hotel and I don't control the router. Thanks for your help!

 

[Creer]

OK, now I get this. I'm sure its probably because I'm in a hotel and I don't control the router. Thanks for your help!

I'm not sure here but:
1. do you have UAC enabled?
2. during installation process of Nmap did you selected smth like: WinPcap to load when your system starts up?

 

[Subsonic]

I'm not sure here but:
1. do you have UAC enabled?
2. during installation process of Nmap did you selected smth like: WinPcap to load when your system starts up?

1. Yes
2. No

 

[Creer]

1. Yes
2. No

This may be the reason of this.
Look at this thread:
Nmap Development: Re: NMap 4.2 and Vista

 

[Subsonic]

This may be the reason of this.
Look at this thread:
Nmap Development: Re: NMap 4.2 and Vista

OK, that fixed it. But now I'm not sure how to interpret this. Here is NMap's output:

Starting Nmap 5.00 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2009-08-29 08:57 Eastern Daylight Time

NSE: Loaded 30 scripts for scanning.

Initiating Ping Scan at 08:57

Scanning 12.6.201.218 [8 ports]

Completed Ping Scan at 08:57, 0.19s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 08:57

Completed Parallel DNS resolution of 1 host. at 08:57, 0.03s elapsed

Initiating SYN Stealth Scan at 08:57

Scanning 12.6.201.218 [1000 ports]

Discovered open port 443/tcp on 12.6.201.218

Discovered open port 53/tcp on 12.6.201.218

Discovered open port 199/tcp on 12.6.201.218

Discovered open port 25/tcp on 12.6.201.218

Discovered open port 80/tcp on 12.6.201.218

Discovered open port 22/tcp on 12.6.201.218

Discovered open port 1455/tcp on 12.6.201.218

Discovered open port 1443/tcp on 12.6.201.218

Completed SYN Stealth Scan at 08:58, 7.81s elapsed (1000 total ports)

Initiating Service scan at 08:58

Scanning 8 services on 12.6.201.218

Completed Service scan at 09:00, 116.61s elapsed (8 services on 1 host)

Initiating OS detection (try #1) against 12.6.201.218

Retrying OS detection (try #2) against 12.6.201.218

Retrying OS detection (try #3) against 12.6.201.218

Retrying OS detection (try #4) against 12.6.201.218

Retrying OS detection (try #5) against 12.6.201.218

12.6.201.218: guessing hop distance at 1

Initiating Traceroute at 09:00

Completed Traceroute at 09:00, 0.02s elapsed

Initiating Parallel DNS resolution of 2 hosts. at 09:00

Completed Parallel DNS resolution of 2 hosts. at 09:00, 0.00s elapsed

NSE: Script scanning 12.6.201.218.

NSE: Starting runlevel 1 scan

Initiating NSE at 09:00

Completed NSE at 09:00, 1.33s elapsed

NSE: Script Scanning completed.

Host 12.6.201.218 is up (0.0033s latency).

Interesting ports on 12.6.201.218:

Not shown: 964 closed ports, 28 filtered ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 4.5p1 (FreeBSD 20061110; protocol 2.0)

|_ ssh-hostkey: 1024 1a:10:8a:e7:da:3f:72:9e:8e:68:3f:cf:cc:4b:9b:b3 (DSA)

25/tcp open smtp Sendmail 8.13.8/8.12.6

| smtp-commands: EHLO et-bos-14.site.stayonline.net Hello [192.168.57.137], pleased to meet you, ENHANCEDSTATUSCODES, PIPELINING, EXPN, VERB, 8BITMIME, SIZE 10000000, DSN, ETRN, DELIVERBY, HELP

|_ HELP 2.0.0 This is sendmail version 8.13.8 2.0.0 Topics: 2.0.0 HELO EHLO MAIL RCPT DATA 2.0.0 RSET NOOP QUIT HELP VRFY 2.0.0 EXPN VERB ETRN DSN AUTH 2.0.0 STARTTLS 2.0.0 For more info use "HELP <topic>". 2.0.0 To report bugs in the implementation see 2.0.0 Contact Us - Support - sendmail.org 2.0.0 For local information send email to Postmaster at your site. 2.0.0 End of HELP info

53/tcp open domain dnsmasq 2.33

80/tcp open http Apache httpd 1.3.37 ((Unix) mod_perl/1.29 mod_ssl/2.8.28 OpenSSL/0.9.7e-p1)

199/tcp open smux Linux SNMP multiplexer

443/tcp open ssl/http Apache httpd 1.3.37 ((Unix) mod_perl/1.29 mod_ssl/2.8.28 OpenSSL/0.9.7e-p1)

|_ sslv2: server still supports SSLv2

1443/tcp open http Apache httpd 1.3.37 ((Unix) mod_perl/1.29 mod_ssl/2.8.28 OpenSSL/0.9.7e-p1)

|_ html-title: 400 Bad Request

1455/tcp open esl-lm?

No exact OS matches for host (If you know what OS is running on it, see Nmap OS/Service Fingerprint and Correction Submission Page ).

TCP/IP fingerprint:

OS:SCAN(V=5.00%D=8/29%OT=22%CT=1%CU=31147%PV=N%DS=0%G=Y%TM=4A99266A%P=i686-

OSc-windows-windows)SEQ(SP=104%GCD=1%ISR=105%CI=I%TS=U)SEQ(SP=104%GCD=1%I

OS:SR=105%TS=U)SEQ(SP=104%GCD=1%ISR=104%TI=I%TS=U)OPS(O1=M5B4SLL%O2=M5B4SLL

OS:%O3=M5B4%O4=M5B4SLL%O5=M5B4SLL%O6=M5B4SLL)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4

OS:=FFFF%W5=FFFF%W6=FFFF)ECN(R=Y%DF=Y%T=40%W=FFFF%O=M5B4SLL%CC=N%Q=)ECN(R=N

OST1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T1(R=Y%DF=Y%T=40%S=O%A=O%F=AS%RD

OS:=0%Q=)T2(R=N)T3(R=Y%DF=Y%T=40%W=FFFF%S=O%A=S+%F=AS%O=M5B4SLL%RD=0%Q=)T3(

OS:R=Y%DF=Y%T=40%W=FFFF%S=O%A=O%F=AS%O=M5B4SLL%RD=0%Q=)T3(R=N)T4(R=Y%DF=Y%T

OS:=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T4(R=N)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR

OS:%O=%RD=0%Q=)T5(R=N)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T6(R=N)T7

OSR=Y%DF=Y%T=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T7(R=N)U1(R=Y%DF=N%T=40%IPL=3

OS:8%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=0%RUD=G)IE(R=N)



Network Distance: 0 hops

Service Info: Host: et-bos-14.site.stayonline.net; OSs: FreeBSD, Unix, Linux



TRACEROUTE (using port 993/tcp)

HOP RTT ADDRESS

1 0.00 12.6.201.218



Read data files from: d:\Nmap

OS and Service detection performed. Please report any incorrect results at Nmap OS/Service Fingerprint and Correction Submission Page .

Nmap done: 1 IP address (1 host up) scanned in 166.33 seconds

Raw packets sent: 1711 (83.712KB) | Rcvd: 1049 (42.480KB)

Yet GRC now show's me stealth on all ports! Only thing I can think of is that the Hotel router IP has open ports as reported by NMap but my firewall is stealthing everything on my computers IP. Does that sound right? Thanks again for your help. I don't think I'm worried about my security at this point but I'm enjoying this "teachable moment"!

Gil

 

[Creer]

Do this test again with using profile: "Intense scan, all TCP ports"

EDIT:
Also if you can go to the command line: Start>cmd
then in line write:
netstat -a

after that please attach screen.

 

[Subsonic]

Do this test again with using profile: "Intense scan, all TCP ports"

EDIT:
Also if you can go to the command line: Start>cmd
then in line write:
netstat -a

after that please attach screen.

OK. That one took a while! Here is the output:

Starting Nmap 5.00 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2009-08-29 10:12 Eastern Daylight Time

NSE: Loaded 30 scripts for scanning.

Initiating Ping Scan at 10:12

Scanning 12.6.201.106 [8 ports]

Completed Ping Scan at 10:12, 0.26s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 10:12

Completed Parallel DNS resolution of 1 host. at 10:12, 0.03s elapsed

Initiating SYN Stealth Scan at 10:12

Scanning 12.6.201.106 [65535 ports]

Discovered open port 199/tcp on 12.6.201.106

Discovered open port 443/tcp on 12.6.201.106

Discovered open port 53/tcp on 12.6.201.106

Discovered open port 25/tcp on 12.6.201.106

Discovered open port 80/tcp on 12.6.201.106

Discovered open port 22/tcp on 12.6.201.106

SYN Stealth Scan Timing: About 7.26% done; ETC: 10:19 (0:06:36 remaining)

Discovered open port 1455/tcp on 12.6.201.106

SYN Stealth Scan Timing: About 13.53% done; ETC: 10:21 (0:07:15 remaining)

SYN Stealth Scan Timing: About 14.02% done; ETC: 10:24 (0:10:01 remaining)

Increasing send delay for 12.6.201.106 from 0 to 5 due to max_successful_tryno increase to 5

SYN Stealth Scan Timing: About 22.90% done; ETC: 10:25 (0:09:22 remaining)

SYN Stealth Scan Timing: About 28.88% done; ETC: 10:25 (0:08:42 remaining)

SYN Stealth Scan Timing: About 35.75% done; ETC: 10:25 (0:08:03 remaining)

SYN Stealth Scan Timing: About 40.38% done; ETC: 10:25 (0:07:21 remaining)

SYN Stealth Scan Timing: About 45.01% done; ETC: 10:25 (0:06:42 remaining)

SYN Stealth Scan Timing: About 49.56% done; ETC: 10:24 (0:06:05 remaining)

Increasing send delay for 12.6.201.106 from 5 to 10 due to max_successful_tryno increase to 6

Warning: Giving up on port early because retransmission cap hit.

SYN Stealth Scan Timing: About 60.08% done; ETC: 10:26 (0:05:28 remaining)

SYN Stealth Scan Timing: About 67.19% done; ETC: 10:27 (0:04:47 remaining)

SYN Stealth Scan Timing: About 73.04% done; ETC: 10:27 (0:04:01 remaining)

SYN Stealth Scan Timing: About 78.51% done; ETC: 10:28 (0:03:16 remaining)

Discovered open port 1443/tcp on 12.6.201.106

SYN Stealth Scan Timing: About 84.11% done; ETC: 10:28 (0:02:29 remaining)

SYN Stealth Scan Timing: About 89.44% done; ETC: 10:28 (0:01:41 remaining)

SYN Stealth Scan Timing: About 94.82% done; ETC: 10:29 (0:00:51 remaining)

Completed SYN Stealth Scan at 10:29, 1001.55s elapsed (65535 total ports)

Initiating Service scan at 10:29

Scanning 8 services on 12.6.201.106

Completed Service scan at 10:33, 215.86s elapsed (8 services on 1 host)

Initiating OS detection (try #1) against 12.6.201.106

Retrying OS detection (try #2) against 12.6.201.106

Retrying OS detection (try #3) against 12.6.201.106

Retrying OS detection (try #4) against 12.6.201.106

12.6.201.106: guessing hop distance at 1

Initiating Traceroute at 10:33

Completed Traceroute at 10:33, 0.01s elapsed

Initiating Parallel DNS resolution of 2 hosts. at 10:33

Completed Parallel DNS resolution of 2 hosts. at 10:33, 0.00s elapsed

NSE: Script scanning 12.6.201.106.

NSE: Starting runlevel 1 scan

Initiating NSE at 10:33

Completed NSE at 10:33, 0.80s elapsed

NSE: Script Scanning completed.

Host 12.6.201.106 is up (0.029s latency).

Interesting ports on 12.6.201.106:

Not shown: 65508 closed ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 4.5p1 (FreeBSD 20061110; protocol 2.0)

|_ ssh-hostkey: 1024 1a:10:8a:e7:da:3f:72:9e:8e:68:3f:cf:cc:4b:9b:b3 (DSA)

25/tcp open smtp Sendmail 8.13.8/8.12.6

| smtp-commands: EHLO et-bos-14.site.stayonline.net Hello [192.168.57.45], pleased to meet you, ENHANCEDSTATUSCODES, PIPELINING, EXPN, VERB, 8BITMIME, SIZE 10000000, DSN, ETRN, DELIVERBY, HELP

|_ HELP 2.0.0 This is sendmail version 8.13.8 2.0.0 Topics: 2.0.0 HELO EHLO MAIL RCPT DATA 2.0.0 RSET NOOP QUIT HELP VRFY 2.0.0 EXPN VERB ETRN DSN AUTH 2.0.0 STARTTLS 2.0.0 For more info use "HELP <topic>". 2.0.0 To report bugs in the implementation see 2.0.0 Contact Us - Support - sendmail.org 2.0.0 For local information send email to Postmaster at your site. 2.0.0 End of HELP info

53/tcp open domain dnsmasq 2.33

80/tcp open http Apache httpd 1.3.37 ((Unix) mod_perl/1.29 mod_ssl/2.8.28 OpenSSL/0.9.7e-p1)

135/tcp filtered msrpc

137/tcp filtered netbios-ns

138/tcp filtered netbios-dgm

199/tcp open smux Linux SNMP multiplexer

443/tcp open ssl/http Apache httpd 1.3.37 ((Unix) mod_perl/1.29 mod_ssl/2.8.28 OpenSSL/0.9.7e-p1)

|_ sslv2: server still supports SSLv2

1443/tcp open http Apache httpd 1.3.37 ((Unix) mod_perl/1.29 mod_ssl/2.8.28 OpenSSL/0.9.7e-p1)

|_ html-title: 400 Bad Request

1455/tcp open esl-lm?

3134/tcp filtered unknown

4444/tcp filtered krb524

10934/tcp filtered unknown

13011/tcp filtered unknown

18420/tcp filtered unknown

19050/tcp filtered unknown

25144/tcp filtered unknown

26767/tcp filtered unknown

29717/tcp filtered unknown

36760/tcp filtered unknown

41140/tcp filtered unknown

41687/tcp filtered unknown

43794/tcp filtered unknown

53341/tcp filtered unknown

54606/tcp filtered unknown

62083/tcp filtered unknown

Device type: general purpose|firewall|storage-misc

Running (JUST GUESSING) : FreeBSD 6.X|5.X|5.x|7.X (97%), IronPort AsyncOS 6.X|4.X (95%), IBM AIX 5.X|6.X (93%), Apple Mac OS X 10.3.X (90%)

Aggressive OS guesses: FreeBSD 6.1-RELEASE (97%), FreeBSD 5.4-RELEASE (96%), FreeBSD 6.3-PRERELEASE (96%), IronPort C100 email security appliance (AsyncOS 6.01) (95%), FreeBSD 5.2.1-RC2 (95%), IBM AIX 5.3 - 6.1 (93%), FreeBSD 5.5-STABLE (92%), FreeBSD 5.2.1-RELEASE (92%), FreeBSD 5.4 or 5.5 (x86) (92%), FreeBSD 6.0-RELEASE (92%)

No exact OS matches for host (test conditions non-ideal).

Network Distance: 0 hops

Service Info: Host: et-bos-14.site.stayonline.net; OSs: FreeBSD, Unix, Linux



TRACEROUTE (using port 1720/tcp)

HOP RTT ADDRESS

1 4.00 12.6.201.106



Read data files from: d:\Nmap

OS and Service detection performed. Please report any incorrect results at Nmap OS/Service Fingerprint and Correction Submission Page .

Nmap done: 1 IP address (1 host up) scanned in 1268.85 seconds

Raw packets sent: 68006 (2.999MB) | Rcvd: 65620 (2.625MB)

 

[Jacee]

Are you at the Marriott?

 

[Subsonic]

Are you at the Marriott?

Yes.

 

[Creer]

Yes, it looks like you have few ports opened but I don't see them (as established/time-out/listening) on netstat report.
Ports which are open and they status are "listening" could be critical. All the other ones are not because you can connect only to the "listening" port, other ones are dated in this case.
Also the router in hotel could have some ports open because special services/administrator/etc...
So don't worry about this.

 

[Subsonic]

Ok, Thanks Creer. I'm home now and grc shows all ports stealthed. I think I'm OK. Just looks like it was differences in the hotels set up their routers.

 

[Creer]

Ok, Thanks Creer. I'm home now and grc shows all ports stealthed. I think I'm OK. Just looks like it was differences in the hotels set up their routers.

You are welcome.

 

[masterB]

Ok, Thanks Creer. I'm home now and grc shows all ports stealthed. I think I'm OK. Just looks like it was differences in the hotels set up their routers.

I always fire up Ubuntu at the hotel when I travel. Much safer.