Help - Search - Members - Calendar
Full Version: Software Firewall and Public WIFI
Malwarebytes Forum > Computer Help > PC Help
calintexas
Oct 19 2009, 04:57 PM
I need an education on IP addresses and public to semi public wifi access. I’d appreciate being pointed to where to find out (or even better, someone who knows could tell me). Here’s my question:
I don’t travel much anymore (thank goodness), but recently stayed in a motel that offered free wireless access. After hooking up, I did a “Shields Up” test to make sure my firewall was working as it should since my computer is safely behind a NAT router firewall at home. The test failed, but listed a different IP address than the one the motel access point had assigned to my computer. It turned out that the motel across the street’s wireless signal was also available. I tested that connection, and it also failed, but with different results. The question is, was I testing the motels’ routers and whatever firewall setup they have, or was I actually testing my Norton 360 software firewall (which is supposed to be fully stealthed)? The Shields Up results follow:

First run. My motel:
Access point assigned IP (to my computer) = 10.52.1.103
IP tested per GRC = 207.155.2.210

GRC Port Authority Report created on UTC: 2009-10-18 at 03:24:48
Results from scan of ports: 0-1055

2 Ports Open
1054 Ports Closed
0 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be STEALTH.

Ports found to be OPEN were: 80, 443

Other than what is listed above, all ports are CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

Second run. Motel across the street:
Access point assigned IP (to my computer) = 192.168.3.129
IP tested per GRC = 71.40.79.27

GRC Port Authority Report created on UTC: 2009-10-18 at 03:33:32
Results from scan of ports: 0-1055

1 Ports Open
1 Ports Closed
1054 Ports Stealth
---------------------
1056 Ports Tested

The port found to be OPEN was: 443

The port found to be CLOSED was: 113

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.


I understand that public wifi is inherently less safe and always insecure as far as data transmission in concerned, but it does look like the motel across the street was doing a bit better job of protecting its customers than my motel.
yardbird
Oct 19 2009, 10:28 PM
You can enter a Port number here: http://www.grc.com/port_113.htm and see what comes up!

Ports 80 and 443 are for HTTP (web) and HTTPS (Secure http). Leave them open

Some like 1056 or 1054 I can't find any info on. Most WiFi hotspots Motels, Cafe's, ect.. that I have been at have linksys wireless routers. But your going to need someone with more know-how about this than me.
swagger
Oct 21 2009, 04:18 PM
1056 is the amount of ports Shields Up! is scanning... 1023 plus an additional 33 ports because Microsoft's security is so shady.

QUOTE
Why the first 1056 Ports?

Internet ports are numbered from 1 through 65535, but the first 1023 ports are special. By tradition, and some enforcement, ports 1 through 1023 are generally reserved for the acceptance of incoming connections by services running on the receiving system. Internet services "listen" on various standard low-numbered ports so that clients wishing to have access to those services know where they may be found. Web servers traditionally listen on port 80, eMail servers listen on ports 25 and 110, FTP servers listen on port 21 and Telnet servers listen on port 23. And the list goes on. Here's the official Internet Assigned Numbers Authority (IANA) port assignment list.

Although it is possible to have higher-numbered ports listening for incoming connections, our scan of the entire "service port range" will detect all standard services running and listening on the standard service ports.

Due to the insecure behavior of Microsoft's Windows operating systems, we have added an additional 33 ports to these first 1023 ports, bringing the total to 1056. Windows has a tendency to establish globally available listening services on the first few ports in the "client port" range which begins just past 1023. If you are not running a personal firewall, or you are allowing ShieldsUP! probes into your network, you may discover one or more additional open ports at, or just above, 1024.


Both of those IPs you mentioned that Shield's Up! are scanning are the forward facing public IP which would be the IP address from the wireless router to the ISP so that's why it doesn't show your private IP address that the router assigns you. It's really testing the router's firewall, not your computer's firewall since that is a NAT router.

QUOTE
ShieldsUP! automatically tests your NAT router's WAN-side security because the router's WAN IP is the single public IP that connects your internal private network to the public Internet. When a test is initiated by any system behind a NAT router, we are testing the public-side security of the router itself and not the security of the individual machines which are located behind and protected by the router.
calintexas
Oct 21 2009, 05:42 PM
Thanks for the responses. That's what I thought (regarding testing the motels' NAT firewalls).
yardbird
Oct 22 2009, 12:36 AM
A Port List for reference: http://www.iss.net/security_center/advice/...rts/default.htm Of course you can Google Ports 7 different ways, and see the results... FWIW everytime I go public wi-fi, I also check Shield Up.. it always says I'm in Stealth on all ports... maybe its the settings in Trend Micro IS that I have.... for public wi-fi? As you can see TM give's you a choice in the pic below...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.