Re: Not sure if firewall is OT
Re: Not sure if firewall is OT
On Mon, 11 Aug 2008 22:46:35 -0700, Dan wrote:
> "N. Miller" wrote:
>> On Mon, 11 Aug 2008 19:30:18 -0700, Dan wrote:
>>> "N. Miller" wrote:
>>>> On Sun, 10 Aug 2008 23:00:51 -0700, DaffyD® wrote:
>>>>> How safe is it to browse without a firewall? I know of a newsgroup that is
>>>>> devoted to firewalls but I feel answers may be more impartial here. I'm
>>>>> still running W98SE and IE6 SP1 and believe me, I'd upgrade to a newer OS if
>>>>> I could. I was using ZoneAlarm but it's a resource hog for my system. I just
>>>>> finished a scan of the first 1056 ports at GRC.com and there are 2 open
>>>>> ports, four stealth, and the rest are closed. Should I use firewall
>>>>> software?
>>
>>>> I will concur with Michael Jennings about Kerio Personal Firewall on a
>>>> Windows 98SE box.
>>> It is dangerous to have any ports open.
>> I like living dangerously...
>>
>>| ----------------------------------------------------------------------
>>|
>>| GRC Port Authority Report created on UTC: 2008-08-12 at 05:18:06
>>|
>>| Results from scan of ports: 0-1055
>>|
>>| 2 Ports Open
>>| 0 Ports Closed
>>| 1054 Ports Stealth
>>| ---------------------
>>| 1056 Ports Tested
>>|
>>| NO PORTS were found to be CLOSED.
>>|
>>| Ports found to be OPEN were: 25, 80
>>|
>>| Other than what is listed above, all ports are STEALTH.
>>|
>>| TruStealth: FAILED - NOT all tested ports were STEALTH,
>>| - NO unsolicited packets were received,
>>| - A PING REPLY (ICMP Echo) WAS RECEIVED.
>>|
>>| ----------------------------------------------------------------------
>>
>>> All ports should be closed...
>>
>> Damned hard to run servers with "closed", or "stealthed" ports.
>>
>>> ...or ideally stealthed.
>>
>> A "closed" port is no more vulnerable than a "stealthed" port.
>>
>>> I would like a utility to scan the complete port matrix
>>> of Windows computers. I think there are over 65000 but I am not sure and
>>> will let someone correct me and also let me know if there is any tool or
>>> software that scans all your ports completely.
>>
>> 65,535 TCP ports, to be exact, and another 65,535 UDP ports.
>>
>> Any number of utilities should be found in a Google search. Try "angry
>> scanner", and "nmap" as keywords. Be advised that scanning other systems
>> than your own, without the owner's permission, is probably a violation of
>> your ISP's TOS, and, in any case, very rude.
> Ah, we are dealing in networking. My bad and apologies -- I thought we were
> talking about individual computers -- you are all correct of course
I set up a computer for my cousin's daughter. It is not networked, but an
"individual" computer. I could open every single TCP and UDP port on that
computer safely.
On networked computers, to include Internet connected computers (the
Internet is the "Mother of all Networks"!), you only want to open those
ports as necessary for the services you want to run. If you don't want to
run any services, you don't need to open any ports; indeed, you should not
open any ports. However, you do need to open ports in order to run services.
In which case, as the operator of a service, it is incumbent upon you to
ensure that your server application is secure. Keep it patched, and current,
and you should not have any problems with malicious actors.
On smaller, private networks, it is entirely possible to open ports to that
private network which appear closed to the Internet. The issue of open ports
is complex, and not easily discussed in simplistic terms.
--
Norman
~Shine, bright morning light,
~now in the air the spring is coming.
~Sweet, blowing wind,
~singing down the hills and valleys.