UltimateSilence

Ports will not close?

36 posts in this topic

I've tried to block the following ports via Windows Firewall in Windows 7 Ultimate: FTP (#21), SSH (#22), Telnet (#23) as per here, but the ports remain open. What am I doing wrong?

Thank you.

Edited by UltimateSilence
0

Share this post


Link to post
Share on other sites

They remain open as in you can still connect to them inbound to your computer from other machines on these ports, or they remain open in that you can make outbound connections on those ports to other machines?

0

Share this post


Link to post
Share on other sites

They remain open as in you can still connect to them inbound to your computer from other machines on these ports, or they remain open in that you can make outbound connections on those ports to other machines?

The latter.

0

Share this post


Link to post
Share on other sites

I can't get to that website. Are you adding a new rule to the Outbound Rules in the Windows Firewall with Advanced Security?

0

Share this post


Link to post
Share on other sites

I can't get to that website. Are you adding a new rule to the Outbound Rules in the Windows Firewall with Advanced Security?

Yes, sir.

Windows Firewall with Advanced Security -> Outbound Rules -> New Rule -> Port -> TCP Specific Ports (#21, #22, #23).

What action should be taken when a connection matches the specified conditions?

Block the connection.

-

When does this rule apply?

Domain, Private, Public.

Edited by UltimateSilence
0

Share this post


Link to post
Share on other sites

Did you try adding one for TCP or UDP? Try adding one of the other types and see if that makes a difference.

0

Share this post


Link to post
Share on other sites

If you're trying to block outgoing ssh, you'd be better blocking the program - but win7 doesn't come with one...

Likewise ftp will connect from a high random port number to the server port 21, so blocking outgoing port 21 isn't going to work either.

If you say what you're trying to achieve, people can probably suggest better approaches.

0

Share this post


Link to post
Share on other sites

I get it. :blushing:

Those ports 21-23 are destination ports. Blocking them would stop users from accepting connections for those protocols. For example, for FTP, if you block port 21, if an FTP server is being run on the machine, other systems won't be able to connect to it. If you want to stop users from sending files from that PC to an FTP server, you'd need to block ports 6000 and 6001. As for the other protocols, you'll need to look those up to find what outbound ports they use.

0

Share this post


Link to post
Share on other sites

I get it. :blushing:

Those ports 21-23 are destination ports. Blocking them would stop users from accepting connections for those protocols. For example, for FTP, if you block port 21, if an FTP server is being run on the machine, other systems won't be able to connect to it. If you want to stop users from sending files from that PC to an FTP server, you'd need to block ports 6000 and 6001. As for the other protocols, you'll need to look those up to find what outbound ports they use.

Tripredacus,

I'm sorry for the late reply. I just remembered about this topic tonight.

I have ports 21-23; 6000-6001 blocked, but according to GRC Shields Up! they remain open. :ph34r:

EDIT: Windows Firewall is configured to block the inbound and outbound connections of these ports.

Edited by UltimateSilence
0

Share this post


Link to post
Share on other sites

How does the computer connect to the internet? The reason I am asking is because that website would say I had ports open that I do not, simply because the interface it detects is not my computer, but our outbound interface which is the router. Ports would be open on the router, but any connections into my network would fail at the firewall which sits between the router and my computer. (Yes it is a separate device)

Instead of using that, since you say you have those FTP ports blocked, try to connect to an FTP site using a client (not a web browser) or even the command prompt. If you need a site to go to, you can connect to Clevo's website to see if you can get in:

ftp://usftp.clevo.com.tw/

0

Share this post


Link to post
Share on other sites

How does the computer connect to the internet? The reason I am asking is because that website would say I had ports open that I do not, simply because the interface it detects is not my computer, but our outbound interface which is the router. Ports would be open on the router, but any connections into my network would fail at the firewall which sits between the router and my computer. (Yes it is a separate device)

Instead of using that, since you say you have those FTP ports blocked, try to connect to an FTP site using a client (not a web browser) or even the command prompt. If you need a site to go to, you can connect to Clevo's website to see if you can get in:

ftp://usftp.clevo.com.tw/

I connect to the Internet using a wired DSL router.

I do not know how to connect via the command prompt... :unsure:

I know you said to connect using a client and not a web browser, but out of curiosity I tried using Internet Explorer 9, which triggered a Windows Firewall notification!

Edited by UltimateSilence
0

Share this post


Link to post
Share on other sites

I have ports 21-23; 6000-6001 blocked, but according to GRC Shields Up! they remain open. :ph34r:

They seem to be open indeed (not that I really put much faith in that website). A quick SYN stealth scan in nmap confirms it (your IP replaced by 1.2.3.4):

Discovered open port 23/tcp on 1.2.3.4

Discovered open port 21/tcp on 1.2.3.4

Discovered open port 22/tcp on 1.2.3.4

Discovered open port 80/tcp on 1.2.3.4

(the other 2 ports aren't scanned by that)

The ports are opened but they don't actually send any data. For example, connecting to your port 80, the TCP handshake goes over fine (SYN, SYN ACK, ACK), then the browser sends its "GET / HTTP/1.1" request, which it ACKs, then it resets the connection (RST, ACK) without sending a single byte. As for port 21 it's much of the same. Typical TCP handshake, but immediately after (before we even have the chance of making a request) you're already sending FIN ACK and RST. So it's not like there's something running on your PC serving data and your router forwarding traffic to it.

My best guess is that these ports are opened/in use by your DSL modem/router and not your PC. Those ports could also be used by your ISP to update/access the device (and not having the right IP it won't talk to me). They're the typical ports a Linux/Busybox router would have open too (ftp, ssh, telnet, http).

There's no need to panic, and it's not Windows' fault either :)

0

Share this post


Link to post
Share on other sites

I have ports 21-23; 6000-6001 blocked, but according to GRC Shields Up! they remain open. :ph34r:

They seem to be open indeed (not that I really put much faith in that website). A quick SYN stealth scan in nmap confirms it (your IP replaced by 1.2.3.4):

Discovered open port 23/tcp on 1.2.3.4

Discovered open port 21/tcp on 1.2.3.4

Discovered open port 22/tcp on 1.2.3.4

Discovered open port 80/tcp on 1.2.3.4

(the other 2 ports aren't scanned by that)

The ports are opened but they don't actually send any data. For example, connecting to your port 80, the TCP handshake goes over fine (SYN, SYN ACK, ACK), then the browser sends its "GET / HTTP/1.1" request, which it ACKs, then it resets the connection (RST, ACK) without sending a single byte. As for port 21 it's much of the same. Typical TCP handshake, but immediately after (before we even have the chance of making a request) you're already sending FIN ACK and RST. So it's not like there's something running on your PC serving data and your router forwarding traffic to it.

My best guess is that these ports are opened/in use by your DSL modem/router and not your PC. Those ports could also be used by your ISP to update/access the device (and not having the right IP it won't talk to me). They're the typical ports a Linux/Busybox router would have open too (ftp, ssh, telnet, http).

There's no need to panic, and it's not Windows' fault either :)

Thank you, CoffeeFiend!

You scanned the ports... I feel naked. :lol:

EDIT: Wait, CoffeeFiend! It's not my fault either, right? :unsure:

Edited by UltimateSilence
0

Share this post


Link to post
Share on other sites

ftp://usftp.clevo.com.tw/

I connect to the Internet using a wired DSL router.

I do not know how to connect via the command prompt... :unsure:

I know you said to connect using a client and not a web browser, but out of curiosity I tried using Internet Explorer 9, which triggered a Windows Firewall notification!

Open a command prompt (cmd). Using the username of 'Anonymous' and the password of your email address, you can attempt to connect. Here is my example I just did.

C:\windows\system32>ftp usftp.clevo.com.tw
Connected to usftp.clevo.com.tw.
220 Serv-U FTP Server v7.3 ready...
User (usftp.clevo.com.tw:(none)): Anonymous
331 User name okay, please send complete E-mail address as password.
Password:
230 User logged in, proceed.
ftp>

Of course, it won't show you what you are typing at the password prompt, so hope to not make a typo! :rolleyes:

You shouldn't even get to the prompt for the username if the port is blocked tho.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.