Port 22...can I close it?

Vampire666

I post here since I couldn't find a "Network" section.

After a Internet port scanning, it appears that my port 22 is open. How can I close it?
I have a D-Link 504T Router.

Thanks.

bkf

Do a port scan using Gibson Research. If it finds a problem they usually offer a solution

http://www.grc.com/intro.htm

Shields up is what your looking for, down the page a bit.

The other thing you could do right away is forward the port 22 to a fake address like 192.168.1.10. Then it talks to empty space.

Attached Images

View/download attachments and remove advertisements by registering now! (it's easy, free and takes less than a minute)

To view attachments in this forum your post count must be 2 or greater. You currently have 0 posts.

JoeDuncan

Not sure what this has to do with CD/DVDs, but port 22 being open is an indicator that you are running some form of Secure Shell (SSH) server.

What OS are you using?

It should basically just be a matter of shutting down your SSH service for your OS. You could also always open up your router admin page and block incoming access to port 22.

Vampire666

Thanks. It was with the "Common Ports" test of Shields up that I've found out of the opened 22 port .

I have to find out how to do this.

bkf

.

Attached Images

View/download attachments and remove advertisements by registering now! (it's easy, free and takes less than a minute)

To view attachments in this forum your post count must be 2 or greater. You currently have 0 posts.

Vampire666

I have Windows Xp with SP2.
I have to find out how to do that too .

bkf

router user manual, OS has nothing to do with it

Vampire666

Vampire666

I tried this and the "Common Port" test reports that the 22 port it's now in Stealth mode, but strangely the complete test Failed (even if the other port were closed or in stealth )

Vampire666

Even the "All Service Ports" gave me a Failed!

Attached Images

View/download attachments and remove advertisements by registering now! (it's easy, free and takes less than a minute)

To view attachments in this forum your post count must be 2 or greater. You currently have 0 posts.

bkf

Then you got something still open in the first 1056 ports, 113 closed?

Don't do commen, do all

Vampire666

Look previous post .

Vampire666

The TEXT SUMMARY:

GRC Port Authority Report created on UTC: 2006-05-19 at 16:33:19

Results from scan of ports: 0-1055

0 Ports Open
850 Ports Closed
206 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be STEALTH were: 2, 6, 15, 20, 22, 24, 25, 26,
32, 39, 43, 48, 51, 56, 60,
64, 70, 75, 78, 83, 88, 91,
96, 103, 110, 111, 116, 119,
124, 134, 135, 138, 139, 143,
144, 147, 156, 159, 171, 172,
174, 179, 182, 187, 192, 198,
201, 206, 210, 215, 218, 227,
234, 241, 247, 250, 255, 265,
270, 273, 276, 279, 287, 291,
295, 306, 310, 313, 319, 321,
329, 332, 338, 342, 345, 355,
366, 369, 374, 378, 387, 397,
400, 406, 409, 416, 421, 432,
442, 445, 446, 450, 456, 459,
462, 467, 474, 486, 490, 495,
501, 505, 506, 510, 520, 524,
529, 533, 538, 543, 552, 556,
560, 563, 567, 569, 578, 584,
587, 592, 593, 599, 608, 615,
620, 624, 628, 631, 646, 649,
654, 660, 667, 671, 678, 681,
687, 692, 696, 700, 704, 710,
715, 719, 722, 724, 736, 740,
746, 749, 758, 762, 768, 769,
777, 779, 783, 796, 807, 809,
812, 819, 823, 831, 837, 840,
844, 855, 859, 862, 866, 874,
878, 882, 887, 891, 895, 901,
903, 908, 915, 923, 927, 933,
936, 940, 951, 955, 959, 963,
970, 978, 982, 986, 991, 997,
1005, 1010, 1018, 1023, 1028,
1035, 1041, 1046, 1050, 1055

Other than what is listed above, all ports are CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

Strange.

bkf

your showing alot of closed ports, not stealth but dead to the rest of the world

Attached Images

View/download attachments and remove advertisements by registering now! (it's easy, free and takes less than a minute)

To view attachments in this forum your post count must be 2 or greater. You currently have 0 posts.

JoeDuncan

Goto "Control Panel==>Admin Tools=>Services"

Disable any service called "SSH" or "Remote Login".

To close port 22 completely you will have to check in your router manual on how to close ports. It should be fairly straight forward.

By redirecting port 22 to a non-existant machine, you have effectively "stealthed" that port.

I am a little concerned at the *huge* number of stealthed ports being reported for your machine. You should only ever have a handful at most. I would immediately close down all unknown incoming ports on your router (unless you are running a server, shutdown everything), disconnect your PC from the net and run a full virus and spyware scan. After that, hook it back up and re-open ports on your router as you need them.

Also installing a personal firewall like Kerio or ZoneAlarm would be a good idea.

bkf

Yep that is an ugly scan

Vampire666

*OFF Topic*
Did I imagined the Huston phrase? I'm being six hours on the PC and I'm afraid I'm imagining things .

bkf

Has to be the drugs

Vampire666

*Off Topic*

Or a combination of the two .
P.S. I'm just kidding...

Vampire666

Freaking strange!
I've stopped all the "useless" programs and look at the results...even more stealth ports .

Every night I scan my PC with Ad-Aware SE Professional and Spybot - Search & Destroy (both up to date).

Attached Images

View/download attachments and remove advertisements by registering now! (it's easy, free and takes less than a minute)

To view attachments in this forum your post count must be 2 or greater. You currently have 0 posts.

Vampire666

GRC Port Authority Report created on UTC: 2006-05-19 at 16:54:48

Results from scan of ports: 0-1055

0 Ports Open
827 Ports Closed
229 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be STEALTH were: 0, 7, 12, 16, 20, 22, 24, 25,
29, 33, 39, 43, 48, 52, 61,
64, 71, 75, 79, 84, 88, 92,
97, 103, 107, 110, 111, 116,
120, 124, 128, 134, 135, 139,
140, 143, 144, 151, 156, 160,
166, 171, 175, 184, 187, 192,
197, 202, 207, 215, 219, 230,
234, 239, 242, 247, 251, 255,
262, 266, 271, 274, 279, 283,
287, 294, 298, 302, 306, 311,
319, 326, 329, 334, 338, 342,
351, 355, 361, 366, 374, 379,
383, 387, 393, 397, 402, 406,
410, 418, 425, 429, 434, 438,
442, 445, 447, 452, 457, 461,
465, 470, 474, 478, 484, 489,
493, 497, 502, 505, 510, 516,
520, 525, 529, 533, 537, 542,
548, 552, 557, 560, 565, 569,
573, 580, 584, 588, 592, 593,
597, 601, 605, 612, 615, 620,
624, 628, 633, 637, 641, 648,
652, 655, 660, 665, 668, 673,
679, 683, 688, 692, 696, 701,
704, 711, 715, 720, 724, 728,
732, 736, 743, 747, 751, 756,
760, 764, 768, 775, 779, 783,
788, 791, 796, 800, 807, 810,
815, 820, 823, 828, 832, 838,
843, 847, 851, 855, 860, 864,
870, 875, 878, 883, 887, 891,
896, 902, 906, 910, 915, 919,
923, 933, 938, 942, 946, 951,
955, 959, 965, 970, 974, 978,
987, 991, 998, 1001, 1006, 1010,
1014, 1019, 1023, 1029, 1033,
1038, 1046, 1051, 1054

Other than what is listed above, all ports are CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

Vampire666

At this page http://www.speedguide.net/portscan.php it looks that a Stealth port is even better than a Closed one, because it "appears" invisible, instead a close port is detected.

Open: Open ports offer services that are potentialy vulnerable to attacks! All ports should be closed or filtered, unless you specifically require some open (and know exactly what they are).

Closed: Ports in this category respond to our scan, however appear to be closed. This state offers medium security. It still reveals that your system is up, and might provide some additional fingerprinting information to potential intruders.

Filtered: Filtered ports do not respond to a portscan at all, they don't appear to exist. This is the best security level for your ports, as it provides no information about your system or its existence (a.k.a. black hole).

Filtered?: Filtered UDP ports do not respond to a scan as well. However, the UDP protocol is not lossless, and does not respond to all requests by definition. Therefore, the lack of response does not guarantee that a port is being filtered. We have send a few requests without response, and it is reasonable to believe the ports are filtered.

Vampire666

This Closed VS Filtered port does sense to me. Imagine if the ports were external door of a mansion (the PC), if the doors are hidden (stealth mode) you don’t know the existence of them, so you won’t even think of try to enter trough them. A closed door (closed port) instead reveals its presents…if there’s a capable thief (hacker) it could open the door with a look pick (hacking software).

.....the bad thing is if the stealth port is somehow revealed (through adware)...letting even inexperienced hackers to enter.

bkf

Vamp it sure sounds like a router issue. A router blocks all on it's own. You got the latest firmware?

Nemesys

By default all router ports should be closed.
If your system does not respond to external Internet requests then the port is listed as Stealth.
If the system responds but indicates that the port is closed then the port is listed as such.

Routers themselves should be set to ignore WAN requests or Block Anonymous Internet Requests. By doing this, they do not respond and would be listed as Stealth.

Some router manufacturers had problems with Port 113. The routers would always respond that the port is closed instead of simply not responding. Manufacturers like Linksys have addressed this issue with firmware upgrades for the affected router models.

It appears that the Service Filtering on the routers Firewall Configuration is improperly set.

__________________
Case: Cooler Master HAF 932 Full Tower Motherboard: ASUS P8P67 Deluxe CPU: Intel Core i7-2600K 3.4GHz @ 4.8GHz (Cooler Master V8 CPU Cooling) RAM: 8GB Corsair Dominator DDR3 PC12800 Video Card: EVGA GTX460 1GB Sound Card: Creative X-Fi Xtreme Audio Monitor: HP 2711x (27” LED) Audio System: MASSIVE PSU: Silverstone Strider Plus 1000W
DVD-RAM: Lite-On iHAS524
DVD-RAM: Lite-On LH-20A1L BL06
Hard Drive (Internal Storage): Seagate Barracuda 1TB SATA II File Storage
Hard Drive (Removables): ICY DOCK MB877SK SATA Screw-Less Mobile Rack
Drive #1. 128GB OCZ Vertex 4 SSD Win 8 Professional
Drive #2. 90GB OCZ Vertex 2 SSD WIN 7 Ultimate
Drive #3. Seagate Barracuda 250GB SATA II WIN XP x64 Professional
Drive #4. Seagate Barracuda 320GB SATA II Testing