Big, nasty security holes

Discussion in 'Computer Security' started by tripwire45, Oct 20, 2003.

  1. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    180
    287
    So I've downloaded and installed Zone Alarm and think I'm safe. The control panel currently displays something like:

    "Blocked Intrusions: 10569 have been blocked since install
    60 of those have been high rated"

    (High rated...what's that mean?)

    So I decide to test this out and go to the Sygate Online Services Security Scan site at http://scan.sygatetech.com to test things out. Here's the results and they are scary:

    FTP DATA 20 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    FTP 21 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    SSH 22 OPEN Secure Shell, a encrypted type of Telnet. If misconfigured it can allow for brute-force attacks on your administration account.
    TELNET 23 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    SMTP 25 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    DNS 53 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    DCC 59 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    FINGER 79 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    WEB 80 OPEN HTTP web services publish web pages. A misconfigured web server can not only offer an attacker needed information about his target, but it can allow for various security breaches.
    POP3 110 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    IDENT 113 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    Location Service 135 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
    NetBIOS 139 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
    HTTPS 443 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    Server Message Block 445 BLOCKED This port has not responded to any of our probes. It appears to be completely stealthed.
    SOCKS PROXY 1080 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    UPnP 5000 OPEN This is the port used by Universal Plug and Play (UPnP). If this port is open anyone on the Internet may be able to use your computer and run any malicious code on your computer.
    WEB PROXY 8080 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    Trojan 1243 CLOSED This port has responded to our probes. This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.
    Trojan 1999 same
    Trojan 6776 same
    Trojan 7789 same
    Trojan 12345 same
    Trojan 31337 same
    Trojan 54320 same
    Trojan 54321 same
    ICMP 8 OPEN An ICMP ping request is usually used to test Internet access. However, an attacker can use it to determine if your computer is available and what OS you are running. This gives him valuable information when he is determining what type of attack to use against you.

    Sorry to run this all together but I thought it would best demonstrate my plight. So now...how do I deal with this using Zone Alarm as my tool? :eek:
     
    Certifications: A+ and Network+
  2. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,924
    74
    229
    First advice is set your Internet Zone security to High - that should "Stealth" all your ports, thus rendering your machine invisible on the Net.

    Set your Trusted Zone to Medium or Off for machines on your own Network - if you want to use ICS among your machines, then it'll have to be set at Off (same as Low, I believe).

    I find Medium for the Internet zone lets me do most day- to day stuff fine, and I barely receive any nuisance alerts, dut that's only my opinion.

    HTH :)
     
    Certifications: MCP, A+, Network+
    WIP: Clarity

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.