Which firewall for WIN XP Pro

Who configured it or who can take a look at the configuration? Are there other machines behind that router? If yes, what kind of machines? Is one or more them running services like ftp, smtp, pop3 and imap? Are portforwardings configured on the router pointing to those machines?

Sorry, but you really make helping you a bit complicated because one needs several questions before you provide the nessessary information about your setup.

Wolfgang

Check the status page of the router. Connect to http://192.168.1.1/Click on the Status tab. The router should show you the IP address for its internet connection. Is that the same IP address you see on grc or pages like

?

If it is not the same IP address grc does not even scan your router but something else unrelated with your LAN.

Gerald

Oh, come on! Which model? Firmware revision? Have you checked its configuration? Is it running any services? If so: which? And why? Are any port-forwardings configured? If so: whereto? And why?

Be verbose. As Wolfgang already said: it's really tiresome to have to wrest every single bit of information from you.

cu

59cobalt

Oh, you have a Linksys router. The test you're doing at GRC is worthless and bogus. The ports on the router are closed by default.

The purpose of the router is to protect the Services on the NT based O/S. The services cannot be attacked, because the router is setting in front of it.

It would only mean something if the computer was directly connected to the modem and therefore, directly connected to the Internet is when you would need to make sure services were disabled and protected, which would be the router is not setting between the modem and the computer.

You didn't even have to remove Client for MS network or File and Print Sharing off of the NIC, because the computer is behind the router and is protected from the Internet.

If the router is in its default configuration out of the box state else and you have not manually opened ports on the router, then by default, the ports are closed and everything behind the router is protected.

Whatever else you're trying to do here with the computer is a moot point with that router in play.

The only thing you should be concerned with is that the user-id and psw on the router are changed and are not the defaults everyone else knows about.

And that you have enabled logging on the Linksys router so that you can use Wallwatcher to watch traffic to and from the router by possible dubious remote connections by the computers behind the router.

The security link for the XP O/S that was posted to you where it talks about disabling certain user-id(s) along with other things in that link is where you need to concentrate on.

Think about this. The computer is setting behind the router, unsolicited inbound traffic that the router is stopping cannot reach the computer, therefore, the computer cannot react to traffic one way or the other in some kind of *stealth* tests.

The computer is *stealthed* because it's behind the router.

This is correct! THe same ip address.

The router is: Linksys Cable/DSL Router 4port switch model# BEFSR41 V3 Firmware V 1.05.00

Std out of the box settings. This is the router that was on my win2K system until last week when i replaced it with a new Win XP Cpu unit. THis was secure until the new XP cpu.

If it is the same IP address on the scans and on the status page of the router then your router has probably port forwardings configured for those open ports. Check the settings in the router if there are any. Also make sure to turn off UPnP support in the router. You don't want some software in your LAN open ports on the router automatically.

You should verify the scans with other internet port scanners.

Gerald

Seems to be the latest Firmware. Good.

*sigh*

Look, "out of the box" can mean just about anything. Why don't you go and find out what the actual settings are and then answer my questions? Would that make things too easy for us?

BTW: Have you cross-checked the results from grc.com with another port scanner (like the one I mentioned previously)? Does the router allow for configuration via UPnP?

XP is an operating system, not a CPU.

cu

59cobalt

and Steve Gibson is a moron...

This has already been mentioned by several people in this thread (including myself).

cu

59cobalt

Disabled for the UPnp

Yes, I did! Starting nmap 3.77 (

) at 2007-05-11 00:01 CEST Initiating Connect() Scan against 65.170.232.173 [1663 ports] at 00:01 Discovered open port 21/tcp on 65.170.232.173 Discovered open port 25/tcp on 65.170.232.173 Discovered open port 110/tcp on 65.170.232.173 Discovered open port 143/tcp on 65.170.232.173 The Connect() Scan took 48.60s to scan 1663 total ports. Host 65.170.232.173 appears to be up ... good. Interesting ports on 65.170.232.173: (The 1659 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE

21/tcp open ftp 25/tcp open smtp 110/tcp open pop3 143/tcp open imap

Nmap run completed -- 1 IP address (1 host up) scanned in 49.169 seconds

Once again, you are correct!

Hope this helps.

So nmap reports them as open, too, and since I can connect to them there's definitely something listening there. Whatever it is doesn't seem to be a mail or FTP server, though.

I'd suggest to check the router's configuration. Another thing you could try is resetting the router to defaults and then re-create your custom settings. Make sure you have all required data (credentials for your internet connection, etc.) at hand before doing this.

If the ports ar still shown as open after that I'd check back with Linksys.

cu

59cobalt

Thank you! I will try this.