Telnet and ICMP


Recommended Posts

Hi all,

Just recently I ran 3 online security checks (sygate, GRC, and Symantec) and they all said all my ports where stealthed.

However just today I ran the Symantec Security check, and it came up as saying that Both ICMP-Ping, and Telnet where open.

I checked my firewall settings (Norton's Personal Firewall) and both Default Inbound ICMP, and Default Outbound ICMP where Permitted, while "default block Inbound and Outbound ICMP" was blocked (dont ask me the diference between the two sets, but they are listed in the firewall rules). So I blocked the two first ones, and The check still says the ports are open.

Normally, I didnt have the Windows Firewall turned on, because I had my own firewall, so I didn't see the need. So I thought I'd turn that on, and see if it fixed the "problem" but to no avail, as the Security check still came back with open (even though in the Windows firewall it specificlly allows you to turn on/off the ICMP protocol).

Can anyone offer any assistance with my problem in regards to ICMP protocols, should I worry as they are only message related. What about the telnet service. (I dont run a telnet server, and I checked with my ISP, they dont need it to run, thought id check, im on cable) Thankyou in advance everyone, im more then willing to offer more info if required. Cheers.

Link to comment
Share on other sites

ICMP is just for pinging. There isn't any real danger by being pingable, except that someone can tell that the IP address is being used. The telnet service being open on the other hand I would be VERY concerned about! I'd be about ready to yank that network cable out if its Open and not Closed or stealthed... :/ If Telnet isn't enabled in services.msc (if you are using 2000 or XP) then you may have a virus/trojan. Try this on your machine:

Open up a command prompt and type

telnet localhost

Post what you get...

Link to comment
Share on other sites

Hi

connecting to localhost...could not open connection to the host , on port 23 connect failed.

After posting my first message I read symantecs help section on their website. I determined that The security check may of determined my IP wrong, and the Ip it is using could be my ISP, which is why telnet is open???

And btw, i double checked, it does seem to be the wrong ip it is using, so maybe i answered my own question.

Still, I then cant use that security check?

Link to comment
Share on other sites

Nope, if its seeing the wrong IP address then it can't check yours :) If you got a Connection failed on your telnet port you're good. Chances are you don't really need to run loads of security checks on your machine.

Link to comment
Share on other sites

Thank's for the confirmation. Its just it freaked me out when I first saw that two of my ports where open, but when i actually did some investigative work, I found it that its my isp's ip, not mine, and indeed al my ports are blocked, as per other tests/firewall. Anyone know if its o.k to run both windows and personal firewall?

Link to comment
Share on other sites

if you are behind NAT then ip you see is different from the ip that rest of the internet sees.

it is bad idea to run 2 firewalls at once becuase it will be hard to pinpoint what's cuasing your network problems.

it's possible that those scanners are seeing telnet service not on your computer, but on your router/modem. they often come with unsecured administration interfaces.

Link to comment
Share on other sites

Connecting to localhost to test if telnet is running won't always work unless the service is bound to that ip address. Do a "netstat -na | findstr 23" (without quotes) to see if anything is listening on port 23. Many ISPs are also known to intercept and reject/block incoming requests to known ports such as 25/tcp (sendmail), 23/tcp (telnet) and a few others, to stop people from running servers. So even if you drop all packets to that port by running firewall software, some online scanners might think it's still open, eventho it isn't, which could explain what you are seeing.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.