What is blocking my ports?

So your PC can find the Tivo box. Why did you claim it cannot?

Did your check device manager for rest of drivers? It's pretty hard to repair networking functionality being broken due to having installed Norton products. Better flatten and rebuild.

Very very bad.

Hm... install a network sniffer? What does the netstat command tell you? What about a port scan with Nmap?

No. Ports are numbers.

I don't either, because you didn't active comprehensive logging or used a serious 'netstat' alternative. What about TcpView?

I hope you meant 'svchost'...

Well, According to Tivo support, the error I receive when trying to get Tivo sw on the PC to 'talk to' the DVR ('there was an error while attempting to retrieve data') is an indication the required open ports are blocked. When I said the PC can't find the DVR I was obviously wording it incorrectly. The PC can find the DVR but the sw can not find open ports.

Don't know what you are suggesting here. If I read you correctly, when I uninstalled Norton, it may have left behind some drivers. I checked a number of device Manager listings and didn't see any reference to Norton. Any particular place to look?

Yeah, I figure. Looking now at Kerio. Seems to get good reviews.

Apparently doing something wrong with netstat. I run it, I see the command screen for 1-2 seconds with some kind of text, but it closes far too fast for me to read it. Nmap? That's new to me. I'll have to find it. I suppose a web search will turn it up?

TcpView. For example, if I understand what it is showing me, TivoBeacon.exe:1124 TCP HomeComputer:8200 HomeComputer:0 Listening I suppose 'listening ' is good and the port isn't blocked. A number of ports I need open (8080-8089) don't appear on TcpView. And the above data is with Windows firewall disabled.

yup.

"*sym*","*nis*" and "*npf*"

Except by serious security experts. Well, "personal" "firewalls" are all the same shit.

D'oh! What about opening a command prompt window first?

Yes.

If it doesn't appear on TcpView (or netstat), then there's no server listening locally and no client trying to connect (TcpView highlights new connection attempts). Hm, I guess Nmap would give a better clue here.

OK Sebastian, I'll be a few days running through all the devices and eliminating Norton drivers. And I'll be a day or two working on Ntap. I am seeing a pattern here FWIW. With no firewall, no antivirus, and Tivo open, I have run PortQryUI, netstat, and tcpview. PortQryUI shows the following ports TCP 37 Filtered 443 Listening 2190 Listening 4430 Filtered 7287 Filtered 7288 Filtered 8000 Filtered 8100 Filtered system idle process 8200 Filtered 8080-8089 Filtered UDP 123 Filtered or listening svchost 2190 Filtered or listening

netstat -a only shows 8100 and 8200 listening TcpView shows only 2190 8100 8200 listening

I am presum> J Lunis wrote:

It sounds like a wireless problem to me if you have dropped the PFW(s) and no success.

You can confirm this by using a wire connection with the machine in question. You can turn on the PFW(s) too and if it still works, then you should look at the wireless.

Duane :)

You really have an attitude problem. I've been using Kerio PFs for years and have *never* had any problems with Win2K.

Except being vulnerable to certain remote DoS conditions, breaking some network functionality and RFC-conformirty, and opening a privilege escalation path.

Hint: I've been running Win2K without any PFWs and never had any problems (well, except due to dying hardware). Why exactly should I increase the system's complexity (reducing its security) for achieving nothing except more errors and vulnerabilities?

What about serious host-based packet filters?

Just to add for fun: Kerio PFW is based on the same kernel as Kerio WinRoute. Kerio WinRoute has been ISCA-certied under the "basic firewall" profile. The link on the Kerio website is broken, but you can still find it at ICSA's website. Read it, understand it, and cry - their implementation is so lousy that they didn't pass the test in first place and hardly passed at all with only some fast-and-dirty patches for the most serious problems.

More errors and vulnerabilities? Get it through your thick head that what I said was that I've experienced no infections at all. The fact that you are not using a PFW simply means that perhaps you are more 'expert' in these matters, luckier or just trolling.

This is what your claim. Judging from your experience of auditing packet filter vulnerabilities and security concepts you don't have the experience to such such a thing either. Most likely you just didn't notice anything.

And even if nothing happened, one can safely conclude that this was not due to the PFW.

Mind you, PFWs are exactly not suitable for non-experts.

If you had vulnerabilities, this did not enforce infections, but made them possible.

If you had infections, this did not enforce you to notice that, but made it possible.

At least one of the above did not happen.

Yours, VB.

And the fact (assuming it actually is a fact) that you personally have not experienced any infections while using a personal firewall doesn't mean anything at all. It's a fact that a personal firewall may increase one's exposure due to flaws in the personal firewall software regardless of your personal experience with them.

cu

Checked all Device Manager entries. None in use with "*sym*","*nis*" and "*npf*"

This appears somewhat controversial as the thread continues. What PFW for an intermittent non-expert would you suggest?

OK, can't get NMap 4.03 to run. Hate to tell you this but it appears to complex for me. How would I, for example, check port TCP 1000?

You calling me a liar?

True

Had no infections

Your point?

You calling me a liar too?

firewall doesn't

I beg to differ. Before I had a pf I had lots of infections.

True

So what's your point?

No, I'm calling you unable to make observations to draw such conclusions. And I'm calling your argument totally defective.

Then you have a serious problem in your non-existent security concept. If your host is vulnerable without a packet filter, then it also is with such one.

Exactly: none

A packer filter will only give you security if you have in-depth knowledge about networks, TCP/IP and firewalls. As a non-expert you have none, so you'll just achieve misconfiguration, insecurity and messages you don't understand (and therefore cannot make any qualified decisions).

What about disabling unnecessary services? It's kinda trivial to get an empty netstat output (freshly after reboot) even on Windows. There's no need to harass with packet filtering, and security is pretty much based on reducing unnecessary complexity.

For a detailed view:

nmap -sS -p1000 -O $yourIP nmap -sS -p1000 -O -f $yourIP nmap -sA -p1000 -O $yourIP nmap -sF -p1000 -O $yourIP nmap -sN -p1000 -O $yourIP nmap -sX -p1000 -O $yourIP nmap -sM -p1000 -O $yourIP nmap -sW -p1000 -O $yourIP

OK, tried every NMap line you gave me on several ports. Tried each line on the IP for my laptop, PDA, and Tivo DVR. Tried each line with the firewall enabled and disabled. In every case, I received the same messge >>

"NOTE: Host seems down. If it is really up, but blocking our ping probes, try -P0 (can't see the rest of this line)." "NMap finished: 1 IP address (0 hosts up) scanned in 4.813 seconds." what have I learned?