Open ports on firewall, How to close

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

AndyTDI

Thread Starter
Joined
Dec 30, 2005
Messages
38
Hi All

I have just run a scan from here http://www.auditmypc.com

and have a couple of concerns.

1, they have been able to find both my external IP address to the internet ( not such a big issue) but also my internal IP of my pc for the wireless network.:confused:

I am using a Netgear DG834G router with the firewall to block all incoming ( I think:rolleyes: )
and also run Sygate personal firewall.

2, they also reported that I have 1 port open to them :confused:

How can they have got to my internal IP ?

I am not to hot on internet security but thought I had it fairly tight.

Thanks for any advice.

Andy
 

AndyTDI

Thread Starter
Joined
Dec 30, 2005
Messages
38
Bump

Can anyone help ?
I am very concerned why it can find my internal I/P when I am behind the Netgear router and how can I stop it.

Thanks again

Andy
 
Joined
Oct 26, 2001
Messages
57,793
Run the ShieldsUP! test here.

https://www.grc.com/x/ne.dll?bh0bkyd2

I have Zone Alarm and a router too but it will tell you who your ISP is and give you a address like this here ?-??-?-???-???.hsd1.ca.comcast.net where I repleced thing with the ?

Do the Common Ports and All Ports test.

Your want to get a Stealth on all ports.
 

AndyTDI

Thread Starter
Joined
Dec 30, 2005
Messages
38
Hi and thanks for the reply.

I have run a scan with shields up and it shows full stealthed on all ports but I am still curious as to how they can obtain my internal IP.

They can all obtain my external internet IP as you describe ?-??-?-???-???.hsd1.ca.comcast.net as you describe, what I don't understand is how they can get my internal IP e.g. 150.150.5.3

I thought this would be behind the firewall and therefore not visible.

Thanks

Andy
 

awalker0878

Removed by request
Joined
Dec 16, 2005
Messages
407
Internal Ip (Private) Ranges:
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255

Are you sure that ip is not a public one given off by your ISP? No matter if you have a NAT in place there will always be one visable IP.

GRC is just reporting a Reverse DNS lookup on your hostname, so that is your public ip. It does not matter what computer you go on your network they will all state the same ip and hostname on the internet.
 

AndyTDI

Thread Starter
Joined
Dec 30, 2005
Messages
38
awalker0878 said:
Internal Ip (Private) Ranges:
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255

Are you sure that ip is not a public one given off by your ISP? No matter if you have a NAT in place there will always be one visable IP.

GRC is just reporting a Reverse DNS lookup on your hostname, so that is your public ip. It does not matter what computer you go on your network they will all state the same ip and hostname on the internet.
That IP was just an example I made up my actual IP and the one they can find in in the 192.168.***.*** range, sorry for not explaining that better.

Andy
 

awalker0878

Removed by request
Joined
Dec 16, 2005
Messages
407
Your ISP does not route INTERNAL IPs so there is no way to my knownledge Internal IP unless you are hacked and they get inside your network.

As for the open/close status of your ports the other scanner use used could have iniated the scan on your computer from your computer. GRC uses a computer on the internet which gives more accurate description of what hackers actually see. If a port status is stealth that means it does not respond to requests for a connection they have to be iniated by you first (that does not mean all ports are closed that just means there status is hidden from others on the internet)
 

AndyTDI

Thread Starter
Joined
Dec 30, 2005
Messages
38
Thanks again for the info, I have run a few more scans and have blocked any ports shown to be open now so they all show as stealthed.

Your ISP does not route INTERNAL IPs so there is no way to my knownledge Internal IP unless you are hacked and they get inside your network.
This is the bit that still concerns me.

Now that all ports show as stealth I have changed my Internal IP (the IP between my laptop and the Netgear router) and run another scan at the first site but have found they can still detect the new IP, so they are definitely getting the correct one from my PC some how:confused:


Andy
 

AndyTDI

Thread Starter
Joined
Dec 30, 2005
Messages
38
Just done another quick check and found a bit more info on the site.
I have edited my IP

Internal IP address
NATTED IP

Your external IP address (88.***.5*.**) is always exposed to the internet, if it wasn't, you wouldn't be able to visit sites. On the other hand, your internal IP address (192.***.**.***) should be protected and not be obtainable by websites.
Internal IP

This does not necessarily mean your firewall is malfunctioning or improperly configured. The method we used will sneak past most firewalls. Why? Because we use Java to grab the information and then pass it on to the server (Notice how everything ran without prompting you?)
Private IP - Why you're Vulnerable

We used your internal IP for this demonstration because it's harmless (for the most part). Java passes this information to the server were it can be collected. Many claim this is not possible and that only you can see this information, so to prove the point, we included the last 20 internal IP addresses that this server has seen. To verify this information, simply tell a friend your Private IP and have them visit this page shortly after you do - they'll see your IP included in the list.
Private IP - What is it?

Private IP addresses range from:
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
IP Privacy

A hypothetical example of using your internal IP address to track your activities is an internet service provider. Some cable companies charge you for each computer connected to your cable modem. By tracking your internal IP address, the cable company could see that you're running multiple computers on one router and bill you accordingly.
More to Security than a Firewall!

The whole point of this demonstration is to make you aware that there is more to security than just a firewall. A malicious website owner could use a similar method to grab a lot more than your internal IP address, and you wouldn't even know it!

Missing security patches also contribute to giving away your personal information. The best way to stay on top of this is with a patch management program that checks not only your OS for vulnerabilities, but all software for missing patches. Patch Management has resources you'll find helpful.

Last 20 Internal IP addresses are listed below. The last one listed is the most recent:

Andy
 
Joined
Oct 26, 2001
Messages
57,793
Go here to http://www.geobytes.com/IpLocator.htm and then look at "IP Address to locate" and your see a IP address in the box. If that is the IP address your seeing then it is nothing to worry about.
Like for me it is the IP loop I am on with my cable.
 
Joined
Oct 26, 2001
Messages
57,793
Ok your talking about your router address if your talking about another address.
192.168.1.1 is the router default address. You can change this in the router setting.
But even if you keep the default it does not mean they are seeing your PC. There are millions and millions of others out there with routers that have the default 192.168.1.1.
 

awalker0878

Removed by request
Joined
Dec 16, 2005
Messages
407
AndyTDI said:
Just done another quick check and found a bit more info on the site.
I have edited my IP



Andy
The only way the ISP would know if you have Internal IP scheme is to hack at your network with an IP scanner to prevent this just enable a firewall on all machines that will not respond to ICMP ping echo.

Also the only way they that app would now your internal ips is if the application is run from your computer not the internet which means it is not nessary visable on the internet.
 

AndyTDI

Thread Starter
Joined
Dec 30, 2005
Messages
38
hewee said:
Ok your talking about your router address if your talking about another address.
192.168.1.1 is the router default address. You can change this in the router setting.
But even if you keep the default it does not mean they are seeing your PC. There are millions and millions of others out there with routers that have the default 192.168.1.1.

Thanks again for the replys.

Hewee. The IP for my router is as default (192.168.0.1) they are not detecting this one.

The IP for my Laptop wifi network is 192.168.0.3, this is the IP they are finding as below.
The IP highlighted in Blue is my ISP external IP, this I expect thim to find and does not bother me.

But the section in Red is the part that is confusing to me, I don't understand how they can gain access to this IP address.

I have set my Sygate firewall to reject ICPM Ping echo and this has no effect.

Thanks for your patiance with me I understand PC and networking quite well but just cant seem to get my head round this one.

Firewall Test
Firewall Testing

Firewall Test 1 If you're new to computer security, then Firewall Test 1 is for you. It checks your system for commonly used ports. It also tests for ports commonly used by Viruses and Trojans. On average, your computer should not have any open ports.

Firewall Test 2 Advanced Firewall Testing. You can scan predefined ports from 1 to 65,535 or type in just the ports you wish checked. These firewall tests are broken up into blocks (modules) that helps prevent the possibility of 'Denial Of Service' issues that could otherwise occur during the firewall test.

We Found Private Information!
192.168.0.3 - Private IP
Full details found [here]


Some firewalls permanently block an IP address if it detects a scan. You'll want to temporarily disable this autoblock feature (not the firewall) or you'll receive incorrect results. Here's why: If we start to test your firewall for ports 1 to 1024 and your firewall blocks our IP address after port 5, then the remaining ports will appear closed to us when in fact they may actually be open.

This online security audit may cause an interruption in service on the system being audited (88.105.54.58 [not your IP?]) If you are running on a private network, you may be connected through a router, proxy, or firewall and the firewall test may by conducted on that device instead of your computer; if you are unsure, do not perform the audit! If you're being scanned and want it stopped, visit IP or leave us feedback. Your logs may show a scan originating from 198.64.140.152

You Agree, by using our service, to indemnify and hold AuditMyPC.com and our service provider harmless from any claim or damage resulting from your use of this firewall test. You also agree that you have read and understand the Terms of Service statement. Our Privacy Statement is also available for your review.
Network Security - Home ©AuditMyPC.com Data Replication
 
Joined
Oct 26, 2001
Messages
57,793
It is your router IP address still it is seeing so it is not seeing your PC.
192.168.0.3 is your router. So I guess you changed it from the default of 192.168.1.100
You can change the default router IP address from 192.168.0.0 - 192.168.255.255

Some scan site will only see your IP address of your ISP modem and others see pass that to your PC or just router and your scan is stopping at the router.
You even said you got "full stealthed on all ports" so your firewall and router are doing a great job of hiding your PC.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top