GRC ShieldsUpRalph Shumaker wrote: > James G. Sack (jim) wrote: >> Ralph Shumaker wrote: ..
> > Well, according to GRC ShieldsUp, my ports 22 (ssh remote login > protocol) and 631 (internet printing protocol) are responding as > closed. (All other ports between 0 and 1055 are not even replying.) > Also, my IP address responds to a ping. According to Gibson, responding > to a ping and responding with "port closed" are security concerns > apparently because they essentially announce my presence to passing > pings and port scans and put me on the bad guys' radars. I'm afraid I don't picture where you are running this GRC program from -- is is run from somewhere on the internet outside your DSL modem? I also don't know precisely what GRC means by "closed". I'm a bit sleepy at the moment, so I may be missing something, but I would guess I might want to watch the ethernet wire (eg, with tcpdump) at the GRC end to see what's happening. Be careful about the difference between disabling ping and turning icmp off -- ping is just one message type within icmp. It is possible to turn it off without turning off the rest of icmp -- several parts of icmp are quite important to allowing other things to work correctly. Sorry I can't remember just which, at the moment. > > Due to previous discussions about this here on kplug tho, I don't know > if I should be concerned. If you mean about ping? I'm inclined to not worry about it provided I have some confidence in the firewall not letting connections be initiated from outside. .. >>>> Oh, that is not a private IP address, it is a public one (accessible >>>> from the internet), so you are right to avoid plastering it all around. >>>> It is visible in your email headers -- but there's not anything you can >>>> do about that, I believe. >>>> > > GRC ShieldsUp saw it in my browser also, tho I doubt that's an issue, > right? OK, now I ams guessuing that GRC ShieldsUp is something you connect to via browser, and it maps the IP you are connecting from? Um..., when you connect to someplace, they have to see your IP so they can reply! You weren't joking with me, now were you? .. >> inside your LAN. I would certainly be reluctant to change anything -- I >> expect it was all configured by an ISP technician? >> > > I got it from UPS (FedEx?), plugged it in, turned it on, and was > surfing. I don't think I had to do anything else. You bought it from a third party? Or dslextreme? I suppose the latter, and the technical settings either came preconfigured, or you had to configure with a windows setup operation? .. >> ..It does look >> like the checkboxes you show are allowing external access via HTTP, >> SNMP, TELNET, and TFTP protocols to your LAN (yikes on TELNET and TFTP). >> >> ==> I would recommend immediately turning all of them off (except the >> icmp, which you indicated cannot be changed, anyway). >> > > Whoops! Doing this broke my connection and ability to reconnect to the > DSL modem configuration. It says "The connection to the server was > reset while the page was loading." and "Try Again" just refreshes the > message. I think most of these modems, and residential gateways reboot when you do _anything_ that requires a "save". they usually take 30 to 60 secs to come alive again. If you cannot ever reconnect to 192.168.1.1, then I am dumfounded! (and apologetic). There is probably a hardware reset feature, but I wouldn't do that because it might mess up the preset dsl params (the strange bits in the advanced configuration pages). > > I'm still permitted to surf the web tho. So it didn't _completely_ > cripple me. I would feel better if you can reconnect to the administrative interface -- maybe you have to close and reopen your browser if you haven't done that since the reset. Regards, ..jim -- KPLUG-List@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
