Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Firewall test

0 views
Skip to first unread message

Mark G

unread,
Jan 14, 2005, 3:31:08 AM1/14/05
to
Hi All,
I ran the 'ShieldsUp!' firewall test from www.grc.com. How can I tell if the
test has reached my PC's ports itself but my ISP? I'm connected to internet
via Zyxel adsl router. Test performed show most ports as 'closed' state,
three ports as 'stealth', HTTP and FTP ports are 'open'.
Using XP SP2 Home Ed. since 2002, Win Firewall enabled. No trojan or virus
infection before. Thanks.

SimonH

unread,
Jan 14, 2005, 5:19:00 AM1/14/05
to
Hello Mark,

Shields up will use the IP address that it detects when looking at your http
request headers i think.

This will more than likely be that of your modem or router.

This is typically what you want. However, if you want to make sure, look
at the IP address shields up says it is probing and then compare it to the
IP address of your modem or router.

I'm pretty sure youre getting the correct results. The IP scanned will be
"yours" even if it was assigned to you dynamically when you connected to
your isp

Simon

N. Miller

unread,
Jan 14, 2005, 5:35:13 AM1/14/05
to
In article <49B13DED-C253-4936...@microsoft.com>, =?Utf-8?B?
TWFyayBH?= says...

There are two steps to take. Step one is to check your Zyxel configuration
page to see what IP address it is getting from your ISP. Step two is to
check the GRC web page when you run the test; what IP address does it say
that it is testing? If the two are the same, Shields Up! is testing your
router.

If your router is being tested, you want to double check the remote
administration setting. That should be disabled in most cases; that HTTP and
FTP are showing open suggests that your Zyxel is open to configuration from
the Internet side of the router (if, indeed, it is the router that Shields
Up! has probed). But those could also be the result of your ISP running a
caching proxy; so do the checks to see which IP address is being probed.

The GRC site operates news groups similar to this one; but you can't access
them with a web browser, as you have done here. How do I know you used a
browser? By checking your posting headers:

X-Newsreader: Microsoft CDO for Windows 2000

For GRC, fire up MS Outlook Express (unless you have a preferred news
client; I prefer Super Gravity) and set up an account. Use "news. grc.com"
for the server name. For the user name and password, use the exact same
string, preferably 12 characters, or more. Alphanumeric mix; something like:

User Name: xYzZy1zN7Aw0R6
Password: xYzZy1zN7Aw0R6

There is a reason for that, as explained here:

http://www.imilly.com/noregrets.htm

After your client connects to the server, you will be presented with a list
of groups. For this problem you should choose, "grc.shieldsup". You will
find a lot of helpful people on that site, and most will be more
knowledgeable than the average in this group.

Also, did you know that you can access these groups with a news client? Just
set the server name as, "msnews.microsoft.com". No user name and password
combination is needed on the MSFT NNTP servers. Once connected you will be
presented with a humongous list of groups. For this group you would
subscribe, "microsoft.public.security".

You can have multiple NNTP server accounts in most news clients; even in MS
Outlook Express.

It is recommended that you not use your normal email address for the email
address entry for news posts; spammers and viruses scan posting headers to
pull email addresses for their own ends. I recommend something with an RFC
2606 reserved domain, such as: <don't.s...@me.invalid>. For the MSFT groups
I just use the same default that MSFT puts in place on the web site. If you
like, you can set a "Reply-To:" email address, but even there, use a
disposable email account, not your main email account. You can test mine by
using the "Reply to author" button (or whatever it may be labeled). Oh, and
mine is not to be altered; what you see works, making any changes breaks it.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint

Karl Levinson, mvp

unread,
Jan 14, 2005, 7:29:48 AM1/14/05
to
Enable logging of blocked and/or accepted packets on your firewall and/or
router and watch the log.


"Mark G" <Ma...@discussions.microsoft.com> wrote in message
news:49B13DED-C253-4936...@microsoft.com...

Mark G

unread,
Jan 14, 2005, 3:13:05 PM1/14/05
to
Thanks Simon, Norman and Karl.
I really appreciate your help.

Mark G

unread,
Jan 17, 2005, 3:01:04 PM1/17/05
to
According with the results from IP2 small program
(http://www.keir.net/ip2.html thanks to Robert Wycoff), Shields Up!
is testing my dsl Zyxel router since my LAN address is not the same as my
WAN one (which changes every time I turn my router on). I can't change
router's configuration due to can't access to it (my ISP manages the
password access) so I guess HTTP, Telnet and FTP ports are opened in the
router by default.
This suggest I'm protected behind a NAT router, question is, do
I still need to install one third party firewall for complete security? Am I
vulnerable to attacks from outside?

Thanks

0 new messages