koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
| For Those With High Ping Time's!!!
1stSubject | 
2ndSubject |
This Might Make A Good Site Faq.
Maybee the slow ping times and others that say there speed seems slower when they are using a 2Wire Modem.
See Pic the Portals send out a constant packet going to serching for these ports 139 445 you will also get packets for this port range also
Related Ports:
1024, 1025, 1027, 1028, 1029, 1030
»www.grc.com/port_135.htm
»www.grc.com/port_139.htm
»www.grc.com/port_445.htm
»www.grc.com/port_1024.htm
»www.grc.com/port_1025.htm
»www.grc.com/port_1026.htm
»www.grc.com/port_1027.htm
»www.grc.com/port_1028.htm
»www.grc.com/port_1029.htm
»www.grc.com/port_1030.htm
read for your self and you decide.
TCP NetBIOS connections are made over this port, usually with Windows machines but also with any other system running Samba (SMB). These TCP connections form "NetBIOS sessions" to support connection oriented file sharing activities.
Ports 139 and 445 are for file sharing and networking.
And for security reasons it is safer to do your own Port forewarding if you need to do any kind of file sharing.
It sends these packets pretty much every second so;
For the Technicaly Advanced One could see how this would;
Could And Can Lag You.
These packets should not be enabled by default.
All it does is Lag your Connection and Computer especialy;
If you do not have any File Shareing Enabled
Oh by the way this Opera Browser Rocks!!!!!!!!!
So this needs to bee incorperated in to A new Firware Version Available to EveryOne Reguardless Of ISP!!!!
--
† Koma †If YOu Don't Think It's Possable!! It's Acually A Reality!! The best way to predict the future is to invent it. Alan Kay
ku^uipo_keleneka ® |
|
Spank123
join:2005-03-16
Dexter, MO | only ports open here is
135,139,445,1025
so i should close these ports?
and if so how do you close these ports?
i didnt see how you disable the ports |
|
IPTV
Premium
join:2005-03-25
Plano, TX
| reply to koma3504
Koma,
I don't doubt what you report, but standard 2Wire configs do NOT have those ports open.
I've checked against my own config, and I only have port 22 (SSH) and port 443 (HTTPS web remote access) enabled. Nothing else. Both of these services I am aware of, and I set up.
Please would you check under your firewall settings that you have not enabled any inbound netbios, windows file sharing services, and that you have configured "stealth mode" and optionally "block ping"
You should also have NetBios disabled for outbound to prevent it punching pinholes through the firewall.
My firewall and system logs show all connection attempts to the usual MS suspect ports (137,139,1027 etc) being dropped.
If yours is doing something different, it is because of a config that you have changed.
Please stop being an alarmist.
IPTV. |
|
koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
| said by IPTV  :Koma, I don't doubt what you report, but standard 2Wire configs do NOT have those ports open. I've checked against my own config, and I only have port 22 (SSH) and port 443 (HTTPS web remote access) enabled. Nothing else. Both of these services I am aware of, and I set up. Please would you check under your firewall settings that you have not enabled any inbound netbios, windows file sharing services, and that you have configured "stealth mode" and optionally "block ping" You should also have NetBios disabled for outbound to prevent it punching pinholes through the firewall. My firewall and system logs show all connection attempts to the usual MS suspect ports (137,139,1027 etc) being dropped. If yours is doing something different, it is because of a config that you have changed. Please stop being an alarmist. IPTV. OK first of all im not being a alarmist!!!
2nd Ido not have a config errer.
Please see pics.
Have only one other pinhole open and its none of those ports.
Have one other 2 other ports for somthing else Agian None of those Ports.
Standerd 2wireConfigs are not Set to What Is in the Picture.
Excuse My set up.
But do you Run Only a 2Wire Hooked directly to Machine?
Or Do you Have A router Behind it??
Thanks Again.
--
† Koma †If YOu Don't Think It's Possable!! It's Acually A Reality!! The best way to predict the future is to invent it. Alan Kay
ku^uipo_keleneka ® |
|
IPTV
Premium
join:2005-03-25
Plano, TX
| reply to IPTV
I have a 2wire running my entire home network. I have a VPN box behind the 2wire (which is a router) but it affects a single ethernet jack in my home, and provides an encrypted link for a VoIP phone that cascades into a work PC.
NONE of those ports you are worried about are open on my system.
If you test from somewhere like »www.auditmypc.com, and post the results it would be helpful.
IPTV. |
|
Spank123
join:2005-03-16
Dexter, MO | reply to koma3504
hmm lol my lan light wont come on it stays a solid orange color :s
but this modem works |
|
IPTV
Premium
join:2005-03-25
Plano, TX | Are you bridging your WAN connection onto your LAN ?
i.e. under "Home Network", Advanced Settings do you have either of public network or bridge network enabled ?
IPTV. |
|
Spank123
join:2005-03-16
Dexter, MO | o nvm i just reinstalled it and it works now  |
|
koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
| reply to IPTV
said by IPTV :I have a 2wire running my entire home network. I have a VPN box behind the 2wire (which is a router) but it affects a single ethernet jack in my home, and provides an encrypted link for a VoIP phone that cascades into a work PC. NONE of those ports you are worried about are open on my system. If you test from somewhere like » www.auditmypc.com, and post the results it would be helpful. IPTV. Type Port Services, Programs and Trojans that are commonly found to be running on this port.
tcp 21 This is the FTP service control port. Firewall rules focus on this port; then open port 20 only when required for a data transfer. Security Concerns with FTP: Cleartext; re-usable passwords. - Portal for user account grinding. - FTP Bounce; where attacker uses ftp's "port" command to redirect the FTP transfer to a port & IP other than default port 20 on the FTP server. Attacks can include "bouncing" internal network scans; email forging/flooding; etc. CERT Advisories: CA-97.16; CA-99.13. Disable this service on non-FTP servers. Open at perimeter only with static route to internal FTP server(s).
--------------------------------------------------------------------------------
Trojans or Viruses known to use this port are: Back Construction. BladeRunner. Cattivik FTP Server. CC Invader. Dark FTP. Doly Trojan. Fore. FreddyK. Invisible FTP. Juggernaut 42. Larva. MotIv FTP. Net Administrator. Ramen. RTB 666. Senna Spy FTP server. The Flu. Traitor 21. WebEx. WinCrash.
tcp 25 Simple Mail Transfer. Used by mail servers to receive inbound email. Security Concerns: Email servers are complex engines; often run as root; and required open at most network perimeters. Thus are popular for attackers and new DOS or intrusion hacks always being found. Disable on non-mail server hosts. Open at perimeter only with static route to internal mail server.
--------------------------------------------------------------------------------
Trojans or Viruses known to use this port are: Ajan. Antigen. Barok. BSE. Email Password Sender - EPS. EPS II. Gip. Gris. Happy99. Hpteam mail. Hybris. I love you. Kuang2. Magic Horse. MBT (Mail Bombing Trojan). Moscow Email trojan. Naebi. NewApt worm. ProMail trojan. Shtirlitz. Stealth. Stukach. Tapiras. Terminator. WinPC. WinSpy.
tcp 110 Post Office Protocol - Version 3. Most widely used client email protocol. Used by mail clients to collect mail off server. Security Concerns: Re-usable cleartext password. - No auditing of connections & attempts; thus subject to grinding. - Some POP3 server versions have had buffer overflow problems. CERT Advisories: CA-97.09.
--------------------------------------------------------------------------------
Trojans or Viruses known to use this port are: ProMail trojan.
--
† Koma †If YOu Don't Think It's Possable!! It's Acually A Reality!! The best way to predict the future is to invent it. Alan Kay
ku^uipo_keleneka ® |
|
IPTV
Premium
join:2005-03-25
Plano, TX
1 edit | You have SMTP and POP3 mail open and FTP. If you are not intentionally running any of those, it is further evidence of infected machines behind your 2wire.
IPTV. |
|
koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
1 edit | acually the other ports are ssh and webmin on a no gui sushi box.
And not on those ports. |
|
IPTV
Premium
join:2005-03-25
Plano, TX
2 edits | reply to koma3504
You really can't be stupid enough to run these on ports 25 and 110 ?
EVERY HACKER AND SPAMMER ON THE FACE OF THE PLANET is looking for systems with open 25 or 110.
I give up, you've moved into my ignore list.
port 21 is ftp.
port 25 is SMTP
port 110 is POP3
ON EVERY SYSTEM ON THE INTERNET EXCEPT YOURS ????
IPTV. |
|
koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
1 edit | said by IPTV :You really can't be stupid enough to run these on ports 25 and 110 ? EVERY HACKER AND SPAMMER ON THE FACE OF THE PLANET is looking for systems with open 25 or 110. I give up, you've moved into my ignore list. port 21 is ftp. port 25 is SMTP port 110 is POP3 ON EVERY SYSTEM ON THE INTERNET EXCEPT YOURS ???? IPTV. No im not That stupid maybee some one will tell you.
Since im on your Ignore List.
There on MY user defined POrts..
Hacker that dont know the ports. Has to find it.
Oh Yea Port 25 And 110 Could Be Being USed Standerd For Any Email So you mean to tell Me That you Block That port And never Use Email.
Well Of Course Less Its Webmail.
This Is What Ill Do Ill Drop The Suse Box Behind Another.
Snort INtusion BOx And Let It Sniff What IS Going ON.
Last Comint Is NO comment. It would be a Rant And Frankley I dont have the time Right NOw.
Thanks And Ill think About This While I have A Smirnoff.
Want One.
--
† Koma †
If YOu Don't Think It's Possable!! It's Acually A Reality!! The best way to predict the future is to invent it. Alan Kay
ku^uipo_keleneka ® |
|
koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
| reply to Spank123
Take This As A Rant Or The Plain And Simple
TRUTH
OK i have thaught about it and this tread was not about.
Whether or not i have POrt 21 25 110. open or not open.
This post is about the high ping times.
That users Experince.
Using A 2 Wire Modem/Router.
[user=koma3504]
Maybee the slow ping times and others
that say there speed seems slower
when they are using a 2Wire Modem.
See Pic the Portals send out a
constant packet.
going to serching for these
<b>ports 139 445 you will also get.
packets for this port range also
Related Ports:
1024, 1025, 1027, 1028, 1029, 1030 </b>
These packets should not be enabled by default.
All it does is Lag your
Connection and Computer especialy;
If you do not have any File Shareing Enabled
Oh by the way this Opera Browser Rocks!!!!!!!!!
So this needs to bee incorperated in to
A new Firware Version Available to
EveryOne Reguardless Of ISP!!!!
If You will take the time to hook
somthing else up behind the Portal
That Is not 2wire you will see the
same above results in my first post
To this Thread.
Labeled 1StSubject 2ndSubject.
And as one can see i do not even
have netbios enabled anywhere.
Further more The tcp Stack has been
Stripped of every thing.
Besides what I need to connect
And browse the internet.
I will further more say to the statements.
Oh no the 2wire can not be comporomised.
Well to this All i got to say about this is;
BS It is a webserver hosting a
freebsd operating system.
Running a dhcp server.
With back door capabilities.
This makes it NO diffrent form
any other OS like linnx,Unix
Windows etc....
I have had 3 of these type
units Compromised.
[user=IPTV]
I've checked against my own config,
and I only have port 22 (SSH).
To this i say that you would not
be runnning a standerd
KeyCode on you Portal.
With that said why dont you log in
to your Portal on port 22 ssh
And try running netstat on it
to see how often it calls home
or what your live connections are.
As a rule I do nothing without
netstat open.
Now this is not to say somthing
could not be hidden.
For Example
somthing could hide from netstat -n 8
But may not hide from
netstat -ano 8 or netstat 8 .
I stand by this comment.
Ports 139 and 445 are for file
<b>sharing and networking.</b>
And for security reasons it is
safer to do your own Port forewarding
if you need to do any kind of file sharing.
It sends these packets pretty much every second so;
For the Technicaly Advanced One could see how this would;
Could And Can Lag You.
These packets should not be enabled by default.
All it does is Lag your
Connection and Computer especialy;
If you do not have any
<b>File Shareing Enabled</b>
Oh by the way this Opera Browser Rocks!!!!!!!!!
So this needs to bee incorperated in to
A new Firware Version Available to;
<b>EveryOne Reguardless Of ISP!!!!</b>
This Little War of what ISP is going to;
Provide over the other one.
Persay Enhanced Fetures.
It totaly BS and i will stand behind;
This the Goverment needs to step.
in and say <b>enough already.
What is allowed for one is allowed for all.</b>
Its like Discrimination Cause you use said ISP.
Like the 5100b has a intrusion detection;
system built right in to it but is is;
disabled by SBC and other ISP's.
This is there reasoning Well if we;
let you have the <b>Xtra fetures</b>
To make you more Secure we would have
to charge you more.
And provide Tech Support for it.
So they dont.
When you can Free help here at this Great Site.
Speed Streams Site. 2wire Site all for free.
The enhanced Fetures in the;
2wire if SBC Or any Other Isp;
Is not going to dilly up and offer them.
Then 2wire needs to make available;
on there website.
The Ability to purchase said Fetures.
Which Should be enabled.
By defalt for every one.
The Parental control.
This Is for All the parents;
That want to do the responsible;
thing and limit their Teens;
what they can and can not see;
on the internet; or can and cannot do.
They may not be as litterate as some;
but if they can atleast lock it down;
at that level.
Just maybee perhaps there wouldn't;
be so many teen age script kiddies;
out there. wrecking haveick on the internet.
Lets speculate on this.
Sbc says oh but you have the
Parental controls in your
Sbc/Yahoo browser that breaks apps.
OK so if one dont use that web browser your Scre***
If the manufacture of most
Products for the Avarage user.
Has Enhanced Fetures On there Products.
Just Cause the ISP either does;
Not want to support it;
or Just plain and simple does not;
understand how do to support.
Does not mean their is not support out there.
This should have a;
Regulation against this type of Regulation.
There are so many Users.
Out there Say Non savy computer users.
Grandma Grandpa Aunt UNcle.
<b>the list goes on and on.</b>
That go out and buy the grap;
that most computer manufacures produce.
That install all kinds of adware force;
products on them.
Thats a back door in to the systems it self.
They plug and play these Computers.
When they start to run <b>SLOW</b>
Well they dont know why for one.
And most PC repair shops will gouge;
you in one way or another.
Computers are no longer Plug and all play.
Its Just like a car!!!
If you dont keep the maintence up.
It wont last.
If you dont lock it up!!
like you do your car or home etc..
It will be
<b>Owened/Compromised</b>
Used by others besides your self.
This brings me to this.
ISP Tech support will tell you.
You do not need to run a <b>software firewall</b>
On your machine.
Since you have a 2wire it is a firewall.
So goes The <b>Average User</b>
Either turns it off totaly;
UNistalls Said Firewall.
Making them more Vurnable.
Their Should be a regulation Against this as well.
You get
Hacked or Compromised by what;
you over look to lock down.
The minute you think you are;
unhackable then you will be Hackable.
Disclamer:
THIS IS NOT AGAINST ANY INPARTICULAR ISP!!!
THIS IS NOT AGAINST ANY INPARTICULAR COMPUTER MANUFACTURER.
--
† Koma †If YOu Don't Think It's Possable!! It's Acually A Reality!! The best way to predict the future is to invent it. Alan Kay
ku^uipo_keleneka ® |
|
