Sign in with
Sign up | Sign in
Your question

Outpost blocks everything

Last response: in Networking
Share
Anonymous
a b 8 Security
August 30, 2005 12:51:18 PM

Archived from groups: comp.security.firewalls (More info?)

I used to use Outpost(Free) on W98se, but when I install it on XPpro SP2 it
just blocks everything even if I tell it to trust email/news/browser etc.
Does it not work with XP?
--
Jim
Tyneside UK

More about : outpost blocks

Anonymous
a b 8 Security
August 30, 2005 2:58:50 PM

Archived from groups: comp.security.firewalls (More info?)

Jim Scott <mr.jimscott@xvirgin.net> wrote:
> I used to use Outpost(Free) on W98se, but when I install it on XPpro SP2 it
> just blocks everything even if I tell it to trust email/news/browser etc.
> Does it not work with XP?

You don't need Outpost. Just use the Windows-Firewall.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
August 30, 2005 2:58:51 PM

Archived from groups: comp.security.firewalls (More info?)

On 30 Aug 2005 10:58:50 +0200, Volker Birk wrote:

> Jim Scott <mr.jimscott@xvirgin.net> wrote:
>> I used to use Outpost(Free) on W98se, but when I install it on XPpro SP2 it
>> just blocks everything even if I tell it to trust email/news/browser etc.
>> Does it not work with XP?
>
> You don't need Outpost. Just use the Windows-Firewall.
>
> Yours,
> VB.

That's what I have been doing, but SOME firewall checkers indicate port not
stealthed. Does that matter. Outpost always indicated all were invisible.
--
Jim
Tyneside UK
Related resources
Anonymous
a b 8 Security
August 30, 2005 2:58:51 PM

Archived from groups: comp.security.firewalls (More info?)

Jim Scott <mr.jimscott@Xvirgin.net> wrote:

> That's what I have been doing, but SOME firewall checkers indicate
> port not stealthed.

So? Unless a port is OPEN, nothing can happen to you. "Stealth" is an
invention of some crazy marketing people, it doesn't have anything to
do with network security.

Juergen Nieveler
--
Is "puppy love" bestiality?
Anonymous
a b 8 Security
August 30, 2005 2:58:52 PM

Archived from groups: comp.security.firewalls (More info?)

>
> That's what I have been doing, but SOME firewall checkers indicate
> port not stealthed. Does that matter. Outpost always indicated all
> were invisible.

No, I don't think it matters. What counts is that the port is closed. The
stealth thing is a personal FW term that's hyped up. I myself would much
rather have the port closed and an response sent back that the port is
closed and have a scan move on as opposed stealthed and closed with
nothing sent back, which to me is also and indication that something is
there due to the non response. I don't think stealth buys you anything.
And some clueless hacker may try to lock on and hammer instead of getting
the response back all ports are closed and just moves on.

You want the machine to be stealthed, put the machine behind a packet
filtering FW router -- then it's stealthed as unsolicited inbound traffic
never reaches the machine for it to respond.

The only thing that the XP FW cannot do is stop outbound traffic but you
can stop inbound or outbound by port, protocol or IP with IPsec to
supplement the XP FW.

http://www.petri.co.il/block_ping_traffic_with_ipsec.ht...
http://support.microsoft.com/?id=813878
http://www.analogx.com/contents/articles/ipsec.htm

Duane :) 
Anonymous
a b 8 Security
August 30, 2005 2:58:52 PM

Archived from groups: comp.security.firewalls (More info?)

>
> That's what I have been doing, but SOME firewall checkers indicate
> port not stealthed. Does that matter. Outpost always indicated all
> were invisible.

No, I don't think it matters. What counts is that the port is closed. The
stealth thing is a personal FW term that's hyped up. I myself would much
rather have the port closed and an response sent back that the port is
closed and have a scan move on as opposed stealthed and closed with
nothing sent back, which to me is also and indication that something is
there due to the non response. I don't think stealth buys you anything.
And some clueless hacker may try to lock on and hammer instead of getting
the response back all ports are closed and just moves on.

You want the machine to be stealthed, put the machine behind a packet
filtering FW router -- then it's stealthed as unsolicited inbound traffic
never reaches the machine for it to respond.

The only thing that the XP FW cannot do is stop outbound traffic but you
can stop inbound or outbound by port, protocol or IP with IPsec to
supplement the XP FW.

http://www.petri.co.il/block_ping_traffic_with_ipsec.ht...
http://support.microsoft.com/?id=813878
http://www.analogx.com/contents/articles/ipsec.htm

Duane :) 
Anonymous
a b 8 Security
August 30, 2005 3:33:13 PM

Archived from groups: comp.security.firewalls (More info?)

On Tue, 30 Aug 2005 12:14:32 +0100, Spack wrote:

>> The only thing that bothers me is that http://www.hackerwatch.org/probe/
>> tells me that port 80 is open and insecure as does a-squared while others
>> including Shields-Up tell me all is fine.
>> I am on ADSL broadband if that has any bearing.
>
>
> Does your ISP force you through a proxy? If so, then the checks are done
> against the proxy, not your PC/router/modem/etc., and so will likely show
> port 80 open. What you need to do is check that the IP that is shown on
> these online tests really is your currently allocated IP address. It doesn't
> help that HackerWatch doesn't appear to tell you the IP that it's running
> the tests against.

It would seem it does. I don't use a proxy, but 'auditmypc' tells me there
is one.
PCflank says it cannot determine my IP address, while Shields-Up seems to
find one ok and gives it a clean bill of health (including no mention of
open port 80)
a-squared (I do NOT shutdown my XP firewall as it suggests) comes up with
open ports at 8080, 80, 53, 22, 3128, none of which are mentioned in any
other scan. Nor does it mention a proxy.
Sygate Online clears the ports that a-squared says are open. Oh and it
comes up with an IP address (same as Shields-up)

Confused? You bet!
--
Jim
Tyneside UK
Anonymous
a b 8 Security
August 30, 2005 5:17:12 PM

Archived from groups: comp.security.firewalls (More info?)

Jim Scott <mr.jimscott@Xvirgin.net> wrote:

> PCflank says it cannot determine my IP address, while Shields-Up seems
> to find one ok and gives it a clean bill of health (including no
> mention of open port 80)

ShieldsUp uses a HTTPS-session to check your IP - transparent proxies
usually ignore HTTPS as there's nothing to proxy.

If the other sites report the wrong IP, they probably only check your
HTTP-request - which will show the proxy.

Juergen Nieveler
--
Can you import the garbage. He will die next week which means CIO will
be caught in the rain.
Anonymous
a b 8 Security
August 30, 2005 5:20:52 PM

Archived from groups: comp.security.firewalls (More info?)

On 30 Aug 2005 13:17:12 GMT, Juergen Nieveler wrote:

> Jim Scott <mr.jimscott@Xvirgin.net> wrote:
>
>> PCflank says it cannot determine my IP address, while Shields-Up seems
>> to find one ok and gives it a clean bill of health (including no
>> mention of open port 80)
>
> ShieldsUp uses a HTTPS-session to check your IP - transparent proxies
> usually ignore HTTPS as there's nothing to proxy.
>
> If the other sites report the wrong IP, they probably only check your
> HTTP-request - which will show the proxy.
>
> Juergen Nieveler

If my ISP is taking me through a proxy then won't they be using a firewall
on it?
--
Jim
Tyneside UK
Anonymous
a b 8 Security
August 30, 2005 6:27:21 PM

Archived from groups: comp.security.firewalls (More info?)

Jim Scott <mr.jimscott@xvirgin.net> wrote:
> That's what I have been doing, but SOME firewall checkers indicate port not
> stealthed. Does that matter.

No, not at all.

It's impossible to "stealth" a computer in the Internet. This is just an
advertizing gimmick.

Surprising?

Why this is, I explained in <43088aac@news.uni-ulm.de>.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
August 30, 2005 6:36:15 PM

Archived from groups: comp.security.firewalls (More info?)

Jim Scott <mr.jimscott@xvirgin.net> wrote:
> The only thing that bothers me is that http://www.hackerwatch.org/probe/
> tells me that port 80 is open and insecure as does a-squared while others
> including Shields-Up tell me all is fine.

http://www.hackerwatch.org/probe/ tell me:

--------------------------------- snip ------------------------------------
Closed but Unsecure
21 (FTP)

This port is not being blocked, but there is no program currently accepting
connections on this port.

Secure
23 (Telnet)

This port is completely invisible to the outside world.

Secure
25 (SMTP Mail Server Port)

This port is completely invisible to the outside world.

Secure
79 (Finger)

This port is completely invisible to the outside world.

Secure
80 (HTTP)

This port is completely invisible to the outside world.

Secure
110 (POP3 Mail Server Port)

This port is completely invisible to the outside world.

Secure
139 (Net BIOS)

This port is completely invisible to the outside world.

Secure
143 (IMAP)

This port is completely invisible to the outside world.

Secure
443 (HTTPS)

This port is completely invisible to the outside world.

Test complete.

Reachable ports were found. If these ports were not deliberately left open,
there may be a problem with your firewall operation or configuration.
--------------------------------- snap ------------------------------------

This is complete nonsense.

I'm running Debian GNU/Linux on an Apple Powerbook for this test.
Nothing is filtered or dropped, but no network service is offered on
any port on the NIC but the DHCP client:

--------------------------------- snip ------------------------------------
parametium:~ # lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
dhclient 2260 root 5u IPv4 2542 UDP *:bootpc
master 2614 root 11u IPv4 3127 TCP localhost:smtp (LISTEN)
pmud 2822 root 7u IPv4 3445 TCP localhost:879 (LISTEN)
ssh 3128 vb 3u IPv4 4182 TCP 192.168.1.65:35353->wallaby:ssh (ESTABLISHED)
ssh 3131 vb 3u IPv4 4641 TCP 192.168.1.65:55264->wega.rz.uni:ssh (ESTABLISHED)
mutt 3173 vb 3u IPv4 4674 TCP 192.168.1.65:48961->mail.logix:imaps (ESTABLISHED)
ssh 3222 vb 3u IPv4 4653 TCP 192.168.1.65:32794->sifter.ath.cx:ssh (ESTABLISHED)
ssh 3222 vb 4u IPv4 4676 TCP localhost:5000 (LISTEN)
ssh 3222 vb 5u IPv4 4699 TCP localhost:5000->localhost:32769 (ESTABLISHED)
vtund 3236 root 4u IPv4 4698 TCP localhost:32769->localhost:5000 (ESTABLISHED)
ssh 3250 vb 3u IPv4 4720 TCP 10.23.3.10:57009->slater:ssh (ESTABLISHED)
firefox-b 3256 vb 26u IPv4 4843 TCP 192.168.1.65:42919->www.hackerwatch.org:www (ESTABLISHED)
firefox-b 3256 vb 29u IPv4 5018 TCP 192.168.1.65:58439->www.hackerwatch.org:www (ESTABLISHED)
firefox-b 3256 vb 38u IPv4 4848 TCP 192.168.1.65:49988->probe.hackerwatch.org:www (ESTABLISHED)
parametium:~ #
--------------------------------- snap ------------------------------------

What they're telling you, is just for the trashbin.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
August 30, 2005 6:38:14 PM

Archived from groups: comp.security.firewalls (More info?)

Jim Scott <mr.jimscott@xvirgin.net> wrote:
> PCflank says it cannot determine my IP address, while Shields-Up seems to
> find one ok and gives it a clean bill of health (including no mention of
> open port 80)
> a-squared (I do NOT shutdown my XP firewall as it suggests) comes up with
> open ports at 8080, 80, 53, 22, 3128, none of which are mentioned in any
> other scan. Nor does it mention a proxy.
> Sygate Online clears the ports that a-squared says are open. Oh and it
> comes up with an IP address (same as Shields-up)

Please tell me, what operating system you're driving on this box.
Usually, there is an OS command to see what's really goin' on.

With Windows and most of the *NIXes, this command is:

netstat -a

With Windows XP, you could use

netstat -ao

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
August 30, 2005 6:38:15 PM

Archived from groups: comp.security.firewalls (More info?)

On 30 Aug 2005 14:38:14 +0200, Volker Birk wrote:

> Jim Scott <mr.jimscott@xvirgin.net> wrote:
>> PCflank says it cannot determine my IP address, while Shields-Up seems to
>> find one ok and gives it a clean bill of health (including no mention of
>> open port 80)
>> a-squared (I do NOT shutdown my XP firewall as it suggests) comes up with
>> open ports at 8080, 80, 53, 22, 3128, none of which are mentioned in any
>> other scan. Nor does it mention a proxy.
>> Sygate Online clears the ports that a-squared says are open. Oh and it
>> comes up with an IP address (same as Shields-up)
>
> Please tell me, what operating system you're driving on this box.
> Usually, there is an OS command to see what's really goin' on.
>
> With Windows and most of the *NIXes, this command is:
>
> netstat -a
>
> With Windows XP, you could use
>
> netstat -ao
>
> Yours,
> VB.

If I 'run' that from here XP SP2 a dos box pops up and vanishes before O
have time to blick.
--
Jim
Tyneside UK
Anonymous
a b 8 Security
August 30, 2005 6:38:16 PM

Archived from groups: comp.security.firewalls (More info?)

Jim Scott <mr.jimscott@Xvirgin.net> wrote in
news:1cr942phs370v$.dlg@ID-104726.news.individual.net:

> On 30 Aug 2005 14:38:14 +0200, Volker Birk wrote:
>
>> Jim Scott <mr.jimscott@xvirgin.net> wrote:
>>> PCflank says it cannot determine my IP address, while Shields-Up
>>> seems to find one ok and gives it a clean bill of health (including
>>> no mention of open port 80)
>>> a-squared (I do NOT shutdown my XP firewall as it suggests) comes up
>>> with open ports at 8080, 80, 53, 22, 3128, none of which are
>>> mentioned in any other scan. Nor does it mention a proxy.
>>> Sygate Online clears the ports that a-squared says are open. Oh and
>>> it comes up with an IP address (same as Shields-up)
>>
>> Please tell me, what operating system you're driving on this box.
>> Usually, there is an OS command to see what's really goin' on.
>>
>> With Windows and most of the *NIXes, this command is:
>>
>> netstat -a
>>
>> With Windows XP, you could use
>>
>> netstat -ao
>>
>> Yours,
>> VB.
>
> If I 'run' that from here XP SP2 a dos box pops up and vanishes before
> O have time to blick.

You enter CMD in the Run box that takes you to DOS Command Prompt and then
you enter the command.

You should hold off on IPsec :) 

Duane :) 
Anonymous
a b 8 Security
August 30, 2005 6:47:49 PM

Archived from groups: comp.security.firewalls (More info?)

Jim wrote on Tue, 30 Aug 2005 13:20:52 GMT:

> On 30 Aug 2005 13:17:12 GMT, Juergen Nieveler wrote:
>
>> Jim Scott <mr.jimscott@Xvirgin.net> wrote:
>>
>>> PCflank says it cannot determine my IP address, while Shields-Up seems
>>> to find one ok and gives it a clean bill of health (including no
>>> mention of open port 80)
>>
>> ShieldsUp uses a HTTPS-session to check your IP - transparent proxies
>> usually ignore HTTPS as there's nothing to proxy.
>>
>> If the other sites report the wrong IP, they probably only check your
>> HTTP-request - which will show the proxy.
>>
>> Juergen Nieveler
>
> If my ISP is taking me through a proxy then won't they be using a firewall
> on it?


Maybe. But there will be ports open - 8080 or 1080 commonly used for the
proxies, 80 for a web server (ISPs often run a proxy on the same server that
runs at least one of their websites), 53 for DNS (they also use them as DNS
servers), and maybe a few other ports (25 for SMTP or SMTP Relay, 110 for
POP3, 22 for SSH, 21 for FTP, etc). All of these ports are open because the
server is doing multiple jobs. It might not be ideal, but many ISPs cut
corners to save costs.

Dan
Anonymous
a b 8 Security
August 30, 2005 7:23:36 PM

Archived from groups: comp.security.firewalls (More info?)

Jim Scott <mr.jimscott@xvirgin.net> wrote:
> > netstat -a
> > With Windows XP, you could use
> > netstat -ao
> If I 'run' that from here XP SP2 a dos box pops up and vanishes before O
> have time to blick.

You should enter this into the NT command processor. Please run cmd.exe
first, and enter the command there.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
August 30, 2005 7:26:48 PM

Archived from groups: comp.security.firewalls (More info?)

Jim Scott <mr.jimscott@xvirgin.net> wrote:
> This works fine and gives me this but what am I looking for?

Everything, which is in State LISTENING and is not listening on
localhost, is a service, which is offered.

Your box is offering many services. You should stop that (i.e. using
http://www.ntsvcfg.de/ntsvcfg_eng.html or you can use the Windows-Firewall
to filter access to those services from the Internet.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
August 30, 2005 7:35:24 PM

Archived from groups: comp.security.firewalls (More info?)

Jim Scott <mr.jimscott@xvirgin.net> wrote:
> If my ISP is taking me through a proxy then won't they be using a firewall
> on it?

You could ask them.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
a b 8 Security
August 30, 2005 7:35:25 PM

Archived from groups: comp.security.firewalls (More info?)

On 30 Aug 2005 15:35:24 +0200, Volker Birk wrote:

> Jim Scott <mr.jimscott@xvirgin.net> wrote:
>> If my ISP is taking me through a proxy then won't they be using a firewall
>> on it?
>
> You could ask them.
>
> Yours,
> VB.

I will :o )
--
Jim
Tyneside UK
Anonymous
a b 8 Security
August 30, 2005 11:32:40 PM

Archived from groups: comp.security.firewalls (More info?)

Jim Scott wrote:

> On 30 Aug 2005 15:35:24 +0200, Volker Birk wrote:
>
>> Jim Scott <mr.jimscott@xvirgin.net> wrote:
>>> If my ISP is taking me through a proxy then won't they be using a
>>> firewall on it?
>>
>> You could ask them.

> I will :o )

Better don't do that but try to find out by yourself why your question
hardly makes sense to people who configure such setups.

Wolfgang
Anonymous
a b 8 Security
August 30, 2005 11:32:41 PM

Archived from groups: comp.security.firewalls (More info?)

On Tue, 30 Aug 2005 19:32:40 +0200, Wolfgang Kueter wrote:

> Jim Scott wrote:
>
>> On 30 Aug 2005 15:35:24 +0200, Volker Birk wrote:
>>
>>> Jim Scott <mr.jimscott@xvirgin.net> wrote:
>>>> If my ISP is taking me through a proxy then won't they be using a
>>>> firewall on it?
>>>
>>> You could ask them.
>
>> I will :o )
>
> Better don't do that but try to find out by yourself why your question
> hardly makes sense to people who configure such setups.
>
> Wolfgang

Too late. They say not.
--
Jim
Tyneside UK
Anonymous
a b 8 Security
August 31, 2005 12:12:53 PM

Archived from groups: comp.security.firewalls (More info?)

"Spack" <news@worldofspack.co.uk> wrote:

>> If my ISP is taking me through a proxy then won't they be using a
>> firewall on it?
>
>
> Maybe. But there will be ports open - 8080 or 1080 commonly used for
> the proxies, 80 for a web server (ISPs often run a proxy on the same
> server that runs at least one of their websites), 53 for DNS (they
> also use them as DNS servers), and maybe a few other ports (25 for
> SMTP or SMTP Relay, 110 for POP3, 22 for SSH, 21 for FTP, etc). All of
> these ports are open because the server is doing multiple jobs. It
> might not be ideal, but many ISPs cut corners to save costs.

But many ISPs are smart enough to restrict access to those ports to IP
addresses belonging to their own network, so that only their own
customers can use them.

Juergen Nieveler
--
the FRU is visiting the dentist thus, the fox finds his hole therefore
Frodo Z steals CALCM,blackjack and Platform.
Anonymous
a b 8 Security
August 31, 2005 1:48:30 PM

Archived from groups: comp.security.firewalls (More info?)

Juergen wrote on 31 Aug 2005 08:12:53 GMT:

> "Spack" <news@worldofspack.co.uk> wrote:
>
>>> If my ISP is taking me through a proxy then won't they be using a
>>> firewall on it?
>>
>> Maybe. But there will be ports open - 8080 or 1080 commonly used for
>> the proxies, 80 for a web server (ISPs often run a proxy on the same
>> server that runs at least one of their websites), 53 for DNS (they
>> also use them as DNS servers), and maybe a few other ports (25 for
>> SMTP or SMTP Relay, 110 for POP3, 22 for SSH, 21 for FTP, etc). All of
>> these ports are open because the server is doing multiple jobs. It
>> might not be ideal, but many ISPs cut corners to save costs.
>
> But many ISPs are smart enough to restrict access to those ports to IP
> addresses belonging to their own network, so that only their own
> customers can use them.

And yet others are not. DNS tends not be restricted because it's used for
resolving ISPs hosts. And proxies are often not locked down so that roaming
users don't have problems when using a different ISP on the move - however,
these normally require authorisation in the form of username + password, but
this will still show the port as open in a "security test" because the
service has to respond so the remote user's PC then knows to send the
authorisation info.

I know of at least one major UK ISP that even has all of it's PIX firewalls
at it's head office allowing everything in and out (so it's basically acting
as a router with no restrictions) because they consider it too much hassle
to have to open ports when they add new services, even to the point of
developers there running test web servers on their own PCs and them being
accessible to the internet. They had a hell of a time clearing up when
someone used one of their FTP servers to host GBs of porn and games and had
changed the passwords on the server, but it didn't change their security
policies - they just rebuilt the server and gave it a different password!

There are plenty of ISPs who are loathe to implement decent security because
of the additional cost involved, both in hardware and in man hours
maintaining it. They seem to think it's cheaper to clean up after there's a
problem - in this day though it only takes one serious breach to bring an
end to a company, or at least seriously cripple it, but many either don't
care or are too blinkered to realise.

Dan
!