General discussion

Locked

Firewall Not Doing its Job.

By Maydaynh ·
Hi, Everyone:

I need some help! ;-)

I was working at a Compaq computer with Win 98 SE. Norton Firewall was installed about a year ago and appeared to be working as a message would come up every so often about blocking entry. However, I decided to run Shield?s Up, and discovered that it was not secure! Only Ports 0, 161 and 162 are in stealth mode. Ports 23 and 80 are Open. All other show as closed.

Symantec?s Automated Support Assistant found that the Scheduling Agent was disabled and that the computer was in Audit mode. I believe I corrected those issues as we now get a clean bill of health from the Support Assistant. However, despite uninstalling and reinstalling Norton Firewall on several occasions, the security check remains the same. I have installed Zone Alarm ? but get same results. Same with no Firewall running.
It would seem that there is some setting on the computer (in the Registry?) that is prohibiting the correct installation of a firewall.

Norton had me restore the default General and Trojan firewall rules through a small download that appeared to do nothing. (service1.symantec.com/support/nip.nsf/docid/200309261?Open&src=w). That document also gave manual reset steps, but the Firewall gave the message that I did not have sufficient privileges? There is only one sign-on/password for the computer.

At some point I got (Windows) message that ?Your Windows configuration is invalid. Run the Windows Setup program again to correct this problem.? If we could find the Windows setup program, is there a way to run it to repair the OS without loosing all our info?

Unfortunately, I?m not at that computer now so cannot give further system information.

Any suggestions would be greatly appreciated.

Thanks.

MaydayNH

This conversation is currently closed to new comments.

13 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to Firewall Not Doing its Jo ...

well, if the only ports open were 80 and 23 thats not bad. port 23 is telnet which by default install of the O/S is running. Port 80 would be open as you were on the internet running shield up. 0, 161,162 being stealth is good. closed ports are the best ports.

I would say that Norton Personal Firewall was doing its job. To get port 23 closed, change the telnet service startup to stopped or manual start up. No other changes are needed except maybe get XP in lieu of W9X.

Collapse -

by CG IT In reply to

symantec has its own online security scan. instead of shields up try using theirs. http://security.symantec.com/sscv6/default.asp?productid=NSW2003&langid=ie&venid=sym

Collapse -

by Maydaynh In reply to

Thanks so much for the information. However, it seems that our understanding of firewalls are at odds with each other.

You might well be correct, but my understanding is that Stealth mode is the best - better than closed ports. And I believe the point of Shields up is to check that hackers can't get into your computer. Try running the utility and take a look. Generally, all ports (except 113 which will show as closed if you have a router/network setup) if the firewall is working correctly, hiding your computer from others.

I would say that Norton Personal Firewall is NOT doing its job if there are ports that are wide open to web wanderers.

I will try closing Port 23 as suggested, but still am not showing that service on my XP machine. Services in alpha order go from TCP/IP Net BIOS to Telephony to Terminal Services. No TelNet to be found.

Collapse -

by Blackcurrant In reply to Firewall Not Doing its Jo ...

Hi

If you are getting an error message stating that your Windows configuration is invalid, you should try to repair (not reinstall) the installation. You will not lose any data.

Also, if you are getting a 'insufficient priviledges' message, and you have administrative rights, you will need to completely uninstall then reinstall Norton Firewall, as the installation is corrupt. There are comprehensive instructions on Symantec's web site. Please note, though, that you need to follow them to the letter.

Good luck

Collapse -

by Maydaynh In reply to

Poster rated this answer.

Collapse -

by grbeckmeyer In reply to Firewall Not Doing its Jo ...

Just to clarify something...if you are running the 'ShieldsUP' test at www.grc.com, closed ports are NOT the best. Ideally, everything should be stealth, meaning nobody even knows you are there, versus closed, meaning 'I see you, but the door is locked'.

Anyway, I think the issue here is a router. The fact that you get the same results with Norton and Zonealarm firewalls and even with no firewall makes me think you are behind some sort of NAT device, either a router or possibly another Windows box sharing the internet connection. The test results you are seeing are scans of your router, not scans of your actual PC.

Collapse -

by Maydaynh In reply to

Poster rated this answer.

It was indeed the router. The DSL provider purposely open certain ports so they have access!

Problem solved (long ago now) - poser deficient and apologetic that I did not respond earlier.

Many thanks grbeckmeyer!

Collapse -

by CG IT In reply to Firewall Not Doing its Jo ...

Can't argue points of difference. Symantec says stealth ports are best because its a selling feature for their firewall. closed ports mean closed. closed to any form of traffc inbound and outbound. listening ports are open ports waiting for traffic, open ports are that open and visible to others. Stealth ports just make ports not visible to a probe but do not close ports. Any hacker will probe a port even if on an initial scan he cant see it because he knows current firewalls hide ports but does not necessarily close them. Therefore if hes got your IP address, he'll send attacks across all well known ports to your IP address in the hopes he gets lucky that a person didn't disable a service that usually listens [an open but stealthed port]. Applications don't always close a port when its finished, rather they leave the connection open and listening [programmers are notorious for doing this. The best firewall dynamically opens and then closes a port at all layers of the communications stack. Data link, transport, application etc. That way not matter what a hacker does, he meets a closed and locked port [door]. Thats why I say a closed port is the best port. run the netstat command from the command line to view port status, then connect to the internet and run it again, see which ports the browser actually opens. Many applications open multiple ports, not just a main port. Messenger services, IMs use multiple ports and don't always close when you quit the program.

Collapse -

by CG IT In reply to

as far as disabling telnet service on Windows XP, if you double click the admin tools Icon in control panel, double click the services Icon, you'll find telnet between telephony and Terminal Services [which you should probably disable as well].

Collapse -

by Maydaynh In reply to

Poster rated this answer.

Back to Desktop Forum
13 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums