Page 3 of 3 FirstFirst 123
Results 21 to 29 of 29
  1. #21
    Untangler
    Join Date
    Feb 2011
    Posts
    69

    Default

    I just did a few scans with "shields up" and port 80 and port 443 are open otherwise it said I was extremely unusually well protected for a windows pc

    This is a report from from one of the scan guess untangle is doing it's business ?

    " ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion."

  2. #22
    Untangler
    Join Date
    Feb 2011
    Posts
    69

    Default

    And this


    ----------------------------------------------------------------------

    GRC Port Authority Report created on UTC: 2011-10-06 at 11:09:28

    Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
    119, 135, 139, 143, 389, 443, 445,
    1002, 1024-1030, 1720, 5000

    2 Ports Open
    1 Ports Closed
    23 Ports Stealth
    ---------------------
    26 Ports Tested

    Ports found to be OPEN were: 80, 443

    The port found to be CLOSED was: 22

    Other than what is listed above, all ports are STEALTH.

    TruStealth: FAILED - NOT all tested ports were STEALTH,
    - NO unsolicited packets were received,
    - A PING REPLY (ICMP Echo) WAS RECEIVED.

    ----------------------------------------------------------------------

  3. #23
    Master Untangler
    Join Date
    Dec 2010
    Location
    Echuca, Victoria, Australia
    Posts
    278

    Default

    Quote Originally Posted by untangleme View Post
    2 Ports Open
    1 Ports Closed
    23 Ports Stealth
    Ports found to be OPEN were: 80, 443
    The port found to be CLOSED was: 22
    Other than what is listed above, all ports are STEALTH.
    TruStealth: FAILED - NOT all tested ports were STEALTH,
    - NO unsolicited packets were received,
    - A PING REPLY (ICMP Echo) WAS RECEIVED.
    If your hosting a website, and a secure website, I would say this is am=lmost a perfect score. If you were really picky, you wouldn't have ping responding, but I like to have this so I know its working. Port 22 is SSH or FTP, but its closed so thats ok.

  4. #24
    Untangler
    Join Date
    Feb 2011
    Posts
    69

    Default

    Quote Originally Posted by sky-knight View Post
    I mean if you have TCP 80 exposed on "External" and you didn't configure it, and it's in router mode. Your installation is hosed, and it needs replaced.
    I just worried cause I installed untangle with port 80 open , now I don't connect or turn on the modem to after untangle installs and up to configuration screens then downloads, if that means anything ?

    Last report

    ----------------------------------------------------------------------

    GRC Port Authority Report created on UTC: 2011-10-06 at 11:49:20

    Results from scan of ports: 0-1055

    2 Ports Open
    1 Ports Closed
    1053 Ports Stealth
    ---------------------
    1056 Ports Tested

    Ports found to be OPEN were: 80, 443

    The port found to be CLOSED was: 22

    Other than what is listed above, all ports are STEALTH.

    TruStealth: FAILED - NOT all tested ports were STEALTH,
    - NO unsolicited packets were received,
    - A PING REPLY (ICMP Echo) WAS RECEIVED.

    ----------------------------------------------------------------------
    Last edited by untangleme; 10-06-2011 at 04:54 AM.

  5. #25
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,514

    Default

    Untangle by default, TCP 80 on the outside is stealth.

    Untangle with Lite Rack installed.

    TCP 443 is open (remote admin)
    UDP 1194 is open (OpenVPN)
    TCP 22 is closed (because SSH is stupid that way)

    If TCP 80 is "open" you've either port forwarded it to something that is responding. Or, you've gone into the packet filter and touched the wrong button.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #26
    Untangler
    Join Date
    Feb 2011
    Posts
    69

    Default

    Quote Originally Posted by sky-knight View Post
    Untangle by default, TCP 80 on the outside is stealth.

    Untangle with Lite Rack installed.

    TCP 443 is open (remote admin)
    UDP 1194 is open (OpenVPN)
    TCP 22 is closed (because SSH is stupid that way)

    If TCP 80 is "open" you've either port forwarded it to something that is responding. Or, you've gone into the packet filter and touched the wrong button.
    Hi sky
    You know I forgot, yes I have the server on 80 port forwarding

  7. #27
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,514

    Default

    Then the scan is correct, the port is open. And, any vulnerabilities detected on the HTTP server, aren't Untangle, but the web service you've exposed.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #28
    Newbie
    Join Date
    Dec 2008
    Posts
    12

    Default

    Quote Originally Posted by dsolutions1 View Post
    I am using all default settings. I am only forwarding RDP to a terminal server and allowing DNS.

    I was considering just blocking the ports they are saying are open:
    1) TCP 64156 - web server autoindex - enabled
    2) TCP:389 - Is Your LDAP Secure?
    3) TCP:80 - Is there a way to force https ONLY either from external or internet NIC
    4) It says the HTTP trace/track methods are allowed - I suppose I need to disable this
    5) TCP:64156 Apache ETag Heder Discloses Inode Numbers
    6) TCP/IP Sequence Prediction Blind Reset Spoofing DoS

    Before performed all of this, I wanted to make sure the Untangle gurus had a look.
    Thanks for the help everyone.

    The "BLOCK ALL LOCAL TRAFFIC" did the trick. It cleared up 1-6. I also setup Untangle to HTTPS only.

    Now the scan says TCP 1 is open. I will block TCP 1 from the external NIC and I should be good.

  9. #29
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,514

    Default

    Disabling HTTP admin doesn't close port 80, that doesn't make any sense. If it did, again you have a problem, because that means you've got it exposed, AND you didn't patch the bug in 9.0.2 that allows this to happen. This is a transitory situation, and the port will be open again once you upgrade to 9.1.

    Again, the only ports that are exposed unless you forwarded/played in the packet filter are: TCP 443 (Open for Remote Admin), TCP 22 (Closed unless SSH starts), and UDP 1194 (which I doubt their lame scanner is even checking UDP ports.

    If your box is reporting anything else... something is wrong! The PCI scan is a joke, it determines exactly nothing about your network security. But having an Untangle in the field that has random ports exposing themselves for an unknown reasons worries me, and it should be worrying you.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 3 of 3 FirstFirst 123

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2