Norton IS 2004 and Online Security check

talisair

I am connected through a University network as I am living in Halls; I have Norton Internet Security 2004 installed on my system which is running Windows XP Home Edition. My problem is, when I go to the Symantec online security check web page it scans my system for security threats and seems to find numerous ports open which it tells me should not be ... the solution it offers is for me to install a firewall program ... such as Norton Internet Security 2004!! If I have Symantec's own security program, the latest up-to-date version, why does thier security check show me as being vulnerable? Can anyone offer some insight??

talisair · Posted: Sat May 15, 2004 10:45 pm Post subject:

If it helps, here are the results of the security check; Norton says that ports will be either Open, Closed, or Stealth (Open being bad, closed bad but not so bad, and Stealth being good) The ports it tells me are open are:

ICMP Ping Ping. Ping is a network troubleshooting utility. It asks your computer to acknowledge its existence. If your computer responds positively to a ping, hackers are more likely to target your computer.

21 FTP (File Transfer Protocol). FTP is used to transfer files between your computer and other computers. Port 21 should be open only if you're running an FTP server.

22 SSH. TCP connections to this port might indicate a search for SSH, which has a few exploitable features. SSH is a secure replacement for Telnet. The most common uses of SSH are to securely login and copy files from a server.

23 Telnet. Telnet can be used to log into your computer from a terminal anywhere in the world. This port should be open only if you're running a Telnet server.

79 Finger. Finger is an Internet utility that allows someone to obtain information about you, including your full name, logon status, and other profile information.

80 HTTP (Hypertext Transfer Protocol). HTTP is used to transfer Web pages over the Internet. Port 80 should be open only if you're running a Web server.

... and the ports it tells me are Closed are:

25 SMTP (Simple Mail Transfer Protocol). A protocol for host-to-host mail transport. This port should be open only if you're running a mail server.

110 POP3 (Post Office Protocol). Internet mail servers and mail filter applications use this port. This port should be open only if you're running a mail server.

113 Ident / Authentication. This service is required by some mail, news, or relay chat servers to allow access. A stealth result on this port could cause performance problems.

119 NNTP (Network News Transfer Protocol). A service used by News servers to distribute Usenet articles to newsreader applications and between other servers.

135 Location service (loc-srv). This port is used to direct RPC (Remote Procedure Calls) services to the appropriate dynamically mapped ports. Hackers can use this to determine which port is used by several Windows services. This port should not be visible from the Internet.

139 NetBIOS. NetBIOS is used for Windows File & Print sharing. If port 139 is open, your computer is open to sharing files over the Internet. Other components of NetBIOS can expose your computer name, workgroup, user name, and other information. To learn more about preventing connections to your NetBIOS ports, see: NetBIOS Information and Configuration Instructions

143 IMAP (Internet Message Access Protocol). IMAP is a sophisticated protocol for electronic mail delivery. This port should be open only if you're running an IMAP server.

443 HTTP over TLS/SSL. A protocol for providing secure HTTP communication. It should be open only if you're running a Web server.

445 Windows NT / 2000 SMB. A standard used to exchange Server Message Blocks, and can be exploited in multiple ways, including gaining your passwords.

1080 SOCKS. This protocol allows computers access to the Internet through a firewall. It is used when one IP address is shared among several computers. Generally this protocol only allows access out to the Internet. However, it is frequently configured incorrectly to allow hackers to pass traffic inwards through the firewall.

1723 PPTP (Point-to-Point Tunneling Protocol). This service is used for virtual private networking connections.

5000 UPnP (Universal Plug and Play). This service is used to communicate with any UPnP devices attached to your network.

5631 pcAnywhere. This port is used by Symantec pcAnywhere when in host mode.


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 1027 pages served in previous 5 minutes. Page Rendered: 0.365 seconds.