suspicious open ports (By default) on my new sagem f@st 2504 Sky router

[mark.h]

Hey all.
This is my first time to post a thread, so I hope I'm going about it the right way??

I have been with sky about a month now and I have noticed that by default I have open ports on my sagem f@st 2504 router. I'm also not sure whether it is a good idea to list these open ports on this forum?? and these seem to be open by default.???
I would like to know if this is indeed a security issue??
I am using ubuntu hardy 8.04 O/S and firestarter as my firewall. So I know all my ports are closed on my actual PC. But when I use sheildsUp by GRC to scan all open ports (including router) This is the output it gave me:::

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

After I looked into this I found that it was my router that was accepting the PING requests.
I would also like to know why are these ports open and who these ports are open too.
Also is there a way to close these ports manually???

I hope I have made my issue clear enough to get a reply?

Cheers for know

Mark...

[Netgeezer]

If you are worried about the open ports then check out Gibson Research's Shields Up at https://www.grc.com/x/ne.dll?bh0bkyd2 where you can run a test against your router and internal devices to see what the security threat to you really is.

What ports do you have open on the Sagem then? There is no security weakness telling us on here - unless you share your IP address also Besides which, if you have any vulnerabilities they will have been discovered by now. The average time to get scanned and exploited on the Internet is mere minutes from initial connection.

When you run Shields Up this is what you are aiming for

Quote:

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

[mark.h]

WOW thank's for the rapid reply.

I realised i made a bit of an error on my last post after I posted it I ran a port scan on my PC own static IP address and it gave me the same open ports as when I run a scan on my routers ip address!!
(Sorry).
The open ports that are listed are::
21 ftp
23 telnet
53 domain
80 www
1863 msnp
1864 unknown
4443 unknown
5190 aol
5431 unknown
5566 unknown
30005 unknown

I actually ended up re-installing my O/S because these open ports where bothering me so much, especially the unknown ones.

As I mentioned earlier these ports show uo on my router and PC IP address.

Should I be worried???

[Netgeezer]

Cant sleep

It looks like AOL has left some chaff behind in your system if that 5190 is anything to go by.

I'd suggest a visit to **Home of Gibson Research Corporation** and go to the Shields Up page - let them probe you for your weaknesses. There are also a few utilities on there which will help you shut down some of the nastier open port weaknesses.

Unless you have a reason to have "server" ports open such as 21, 23 and 80 I would tend to shut those off. The safest is all ports shut or in stealth mode (not responding) but that is not always easy to do with Windows own firewall.

But give Shields Up a go to find out your weaknesses first. The results give tons of good explanation also.

[mark.h]

Yep. Cant sleep.
I used shield up to scan my system it tells me that all my ports are shut but my Rouetr is accepting PING requests. GRC shieldsUp is how this whole malarky started for me.....,
I have searched through thier site but i cant seem to find a way to close the ports down on my router which is where the problem lies...

[mark.h]

Im not using windows im using ubuntu hardy 8.04 and im also using ubuntu's recomended firestarer as my firewall.
even if I use my firewall to close down the open ports (which I have NOT discovered how to close using my firewall yet!!)
I would still be left with my initial problem because it is my router also that is showin the same open ports!!
I have looked into my Sagem f@st 2504 Sky configuration and it's own firewall config, but I can't find an option to open or close pots or even disable PING aceptence etc

[mark.h]

This is the output I get form GRC's ShieldsUP::

True Stealth Analysis FAILED

Solicited TCP Packets: PASSED — No TCP packets were received from your system as a direct result of our attempts to elicit some response from any of the ports listed below — they are all either fully stealthed or blocked by your ISP. However . . .



Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)



Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

It tells me all my actual computers ports are closed but it fails the ShieldsUp scan because it is my router NOT my PC which is accepting the PING requests and also is showing open ports the ones listed above....

[Saturday]

You have no "open" ports just ping replies which is entirely normal. You are extremely well protected just by the inherent NAT of the router. On top of that the router has a firewall. On top of that you are using a personal firewall.

What do you have on your computer that anyone would try to get past that lot! Even GCHQ would struggle to get through those defences.

Despite GRC's rather over the top hyperbole, responding to pings isn't a very great security risk at all. If you are worried about the ping response, turn it off. I don't have the Sagem but I'd be surprised if there isn't an option in the router admin pages - look for "respond to ping internet/WAN" or some such.

[john13729]

Go into routers "advanced" tab and untick "Respond to Ping on Internet WAN Port" box.

[Netgeezer]

Quote:

Originally Posted by Saturday

Despite GRC's rather over the top hyperbole, responding to pings isn't a very great security risk at all.

@mark.h - I think that at GRC there is an element of "security through obscurity" thinking on the go. That you can essentially be invisible to anyone out on the Internet is desirable it is by no means vital or essential as Saturday says. Its just nice to have.