help!!! Online tests show open ports [Resolved]

I know i’m gonna sound like a n00b but i’d rather ask and be secure then get hacked but i’ve took a few firewall tests and it found open ports and i dont know how to close them and make them 100% secure and i’m using the comodo firewall if that helps thanks to anyone who helps ._.

by the way the firewall version is 2.4 and also i took one firewall test that said proxy server detected? i dont know what to do and any help will be appreciated
and also this is a copy/paste of hackerwatch.org test results

Traffic Sent

Packets were successfully sent to your computer. You should be aware that we were able to get a response from the computer at the IP address your traffic is originating from.

This could be due to any of the following reasons:

* You are connecting to the Internet through a proxy server.  When we attempted to connect back to the IP address your web traffic came from we actually were communicating the proxy server, not your computer.
* You are behind a corporate firewall which is redirecting traffic in an unexpected manner.
* You are connecting to the Internet through a router behaving as a NAT (network address translator).  When we attempted to connect back to the IP address your web traffic came from we actually were communicating with the NAT, not your computer.
* Your firewall is not running.

A couple questions for you, Goose17 ~

  1. Are you behind a router (or even a modem - if modem, please provide Make & Model)?

  2. To your knowledge, are you using a proxy server, whether local or remote?

And just for grins, what browser are you using?

LM

PS: Welcome to the forums!

i am behind a linksys (wired) router and a DSL modem brand is paradyne and the model# is 6211-I1-200 that my ISP gave me and also i am on Firefox (alot faster then IE). and also i am not using any proxy stuff that i’m aware of and these are the results from hackerwater.org firewall test

Closed but Unsecure
21 (FTP)
This port is not being blocked, but there is no program currently accepting connections on this port.

Closed but Unsecure
23 (Telnet)
This port is not being blocked, but there is no program currently accepting connections on this port.

Closed but Unsecure
25 (SMTP Mail Server Port)
This port is not being blocked, but there is no program currently accepting connections on this port.

Closed but Unsecure
79 (Finger)
This port is not being blocked, but there is no program currently accepting connections on this port.

Open and Unsecure!
80 (HTTP)
If this computer is not supposed to be acting as a web server you should not have this port open.

Closed but Unsecure
110 (POP3 Mail Server Port)
This port is not being blocked, but there is no program currently accepting connections on this port.

Closed but Unsecure
139 (Net BIOS)
This port is not being blocked, but there is no program currently accepting connections on this port.

Closed but Unsecure
143 (IMAP)
This port is not being blocked, but there is no program currently accepting connections on this port.

Open and Unsecure!
443 (HTTPS)
If this computer is not supposed to be acting as a web server you should not have this port open.

Test complete.

Reachable ports were found. If these ports were not deliberately left open, there may be a problem with your firewall operation or configuration.

Okay, tnx for the info. I also saw the Hackerwatch info you added to your previous post. All of this explains a lot.

The online scans are not scanning your computer, or CFP firewall. They are scanning your router. This is why Hackerwatch says this:

Packets were successfully sent to your computer. You should be aware that we were able to get a response from the computer at the IP address your traffic is originating from.
They cannot determine by their scan what the recipient is; only that the packets were received.

As far as the proxy server scenario, that is just one possibility that they’ve given, as a reason for the stated results.

Really not a cause for concern. It wouldn’t hurt to check your router’s configuration to make sure things are as they should be there. Keep in mind that different online tests give different results; you might try some others like GRC Shields Up, PCFlank, etc. The best test for open ports is by checking the computer locally, using something like SuperScan.

It’s also possible that your modem has some routing capabilities as well; it could be being scanned by the online test. Sometimes, an ISP will have a physical security checkpoint on their end, that intercepts such things, to help provide protection for their customers. There are a lot of options, and decreases the reliability of online scans, while increasing the need for local/resident scans.

LM

do why would it say those ports are open? and do you think im secure now then?

The results it gives are based on what it physically scans. Unless the ports are open on your computer, you really don’t have anything to worry about. Ports should only be open unless if in use. This is why an application like SuperScan from Foundstone is good, because it will scan your localhost (ie, your computer) to make sure there are not any open ports.

Obviously, you want everything closed on your router or modem as well, but you may not have full control over that (especially the modem, given it’s from the ISP; even more especially if you’re on cable). The router should have come with instructions for accessing its configuration; this will allow you to make sure everything is good there.

LM

thank you for your help and also i decided to run my Anti Virus Avast! home edition and it detected a virus in a cache.file whatever that is and the system seems to of perked up afetr it found that… not sure if a virus would have anything to do with port stuff or the firewall but Thank you for your time and help :slight_smile:

Not a problem.

So, on the basis of having removed the virus, have you rescanned using HackerWatch (or any other)? If so, are the results any different?

And yes, depending on what it is, it is conceivable that some malware could open up ports on your computer. But probably not your router…

LM

after i removed the virus it still sad the ports were open so i decided to do a complete computer restore deleted everything reinstalled windows and it still says the prots are open but i’m gonna call my ISP and see what they think too. again thanks for the time :slight_smile:

i treid super scan and this is what it said
SuperScan Report - 07/29/07 01:43:58
Total hosts discovered 1
Total open TCP ports 0
Total open UDP ports 0

i know the 0 open ports is good but Total hosts discovered 1? not sure if thats good?

Yep, only 1 host. You are seeing what you’re supposed to, Goose17.

The “host” is your localhost, 127.0.0.1; basically this is the core/internal IP of your computer. This is before any traffic hits the network, and/or not otherwise associated with network traffic, unless you’re using it as a local proxy (which you won’t be by default or by accident).

So if you were showing more than 1 host, then I’d be concerned…

LM

I called my ISP this morning and asked them about the proxy stuff and they explained what it was and thats fine now but i told them about these open ports and they said that it was my firewall that had open ports but I have comodo updated and customized where no ports should be open. so once again i am confused.

Goose17,

Without making any disparaging remarks, your ISP doesn’t know what they’re talking about in regards to CFP… :wink:

Some firewalls do hold ports open; CFP does not. Even if you configure CFP’s Network Monitor to allow Inbound communication on certain ports, these ports are not held open by CFP; it only allows the traffic to pass thru, based on the existent rules. The application that would be receiving the traffic has to have an appropriate Application Monitor rule, and be actively listening on that port.

You have seen from the SuperScan results that you have no open ports on your computer; the firewall does not change that.

I hope this doesn’t confuse you with information you don’t want or need; I just want to make sure that I accurately describe what is happening.

However, I think what we’re back to is the fact that if you are behind any hardware like a router, that is what is being scanned. Not your computer! Your computer will never be scanned by any online scanner if you are behind a router, or a any router-like device.

LM

well #1 i know my ISP does NOT know what they are talking about :slight_smile: and #2 i’m behind a linksys wired router so it’s all good then oh and also i took the www.grc.com Shields up! firewall test and it said there were no ports open at all so. Thank you for your help and time and i’m finally happy this mess is over with it kinda had me worried at first (M) (S)

Glad your confidence level is back up, and your worry level is down! :smiley:

I’ll go ahead and mark the topic as closed; if you have more questions about this, or otherwise need it reopened, just PM a Moderator (please include a link back here) and we’ll be glad to do so.

LM