.....und das geht z.B. hier. Die beiden großen, pinkfarbenen Buttons


Gruß,
Cassandra

@ Cassandra:
Wäre es nicht sinnvoller, statt mit GRC das erstmal lokal und dann ggf. beim LFD Niedersachsen zu prüfen? GRC ist so furchbar reißerisch und zweifelhaft in den Schlussfolgerungen.

Port
Service
Status Security Implications

21
FTP
Closed Your computer has responded that this port exists but is currently closed to connections.

23
Telnet
Closed Your computer has responded that this port exists but is currently closed to connections.

25
SMTP
Closed Your computer has responded that this port exists but is currently closed to connections.

79
Finger
Closed Your computer has responded that this port exists but is currently closed to connections.

80
HTTP
Closed Your computer has responded that this port exists but is currently closed to connections.

110
POP3
Closed Your computer has responded that this port exists but is currently closed to connections.

113
IDENT
Closed Your computer has responded that this port exists but is currently closed to connections.

135
RPC
Closed Your computer has responded that this port exists but is currently closed to connections.

139
Net
BIOS
OPEN! As you probably know by now, the NetBIOS File Sharing port is the single largest security hole for networked Windows machines. The payoff from finding open Windows shares is so big that many scanners have been written just to find open ports like this one. Closing it should be a priority for you!

143
IMAP
Closed Your computer has responded that this port exists but is currently closed to connections.

443
HTTPS
Closed Your computer has responded that this port exists but is currently closed to connections.

445
MSFT
DS
Closed Your computer has responded that this port exists but is currently closed to connections.

5000
UPnP
Closed Your computer has responded that this port exists but is currently closed to connections.


Note: Several of the "Service" names shown above link directly to items on the ShieldsUP! FAQ Page to provide specific discussion of ports and services. If the port status shown above concerns you, please read the general descriptions below, then click on the port's service name for specific discussion.


NanoProbe Port Probe was
placed online Oct. 17, 2001

If you have used ShieldsUP! in the past, you may have just noticed that the Port Probe system is much faster than ever before. This is the result of the emerging deployment of our much-anticipated NanoProbe Technology. It is finally becoming real.

Since MUCH more than speed will be coming soon, be sure to join our free, user-managed eMail system to be notified of new developments during the next few months. Click this link to learn more about our eMail system.



Demystifying Your System's Ports

This enhanced Port Probe facility is just the beginning.

I have some exciting "port awareness" innovations planned for the near future. So please be sure to add yourself to our eMail system so I can keep you in the loop and apprised of new developments.

(I only send a few pieces of eMail per year, and you can easily remove yourself from our eMail system at any time, so you need not worry about receiving a flood of self-serving commercial eMail from me. That will never happen.)


Port Status Descriptions:

Stealth!


If all of the tested ports were shown to have stealth status, then for all intents and purposes your computer doesn't exist to scanners on the Internet!

It means that either your computer is turned off or disconnected from the Net (which seems unlikely since you must be using it right now!) or an effective stealth firewall is blocking all unauthorized external contact with your computer. This means that it is completely opaque to random scans and direct assault. Even if this machine had previously been scanned and logged by a would-be intruder, a methodical return to this IP address will lead any attacker to believe that your machine is turned off, disconnected, or no longer exists. You couldn't ask for anything better.

There's one additional benefit: scanners are actually hurt by probing this machine! You may have noticed how slowly the probing proceeded. This was caused by your firewall! It was required, since your firewall is discarding the connection-attempt messages sent to your ports. A non-firewalled PC responds immediately that a connection is either refused or accepted, telling a scanner that it's found a live one ... and allowing it to get on with its scanning. But your firewall is acting like a black hole for TCP/IP packets! This means that it's necessary for a scanner to sit around and wait for the maximum round-trip time possible — across the entire Net, into your machine, and back again — before it can safely conclude that there's no computer at the other end. That's very cool.

NOTE: If your system did NOT show up as Stealth! but you wish that it could, you'll need to use one of the inexpensive (or FREE in the case of ZoneAlarm 2!) personal firewalls I've discovered. I will also be creating my own firewall which you can monitor and be informed of, by adding yourself to my eMailing System. But in the meantime . . . I'd advise you not to wait! (Especially since ZoneAlarm 2 is completely FREE for individual use!)



Closed


"Closed" is the best you can hope for without a stealth firewall in place.

Anyone scanning past your IP address will immediately detect your PC, but "closed" ports will quickly refuse connection attempts. Your computer might still be crashed or compromised through a number of known TCP/IP stack vulnerabilities. Also, since it's much faster for a scanner to re-scan a machine that's known to exist, the presence of your machine might be logged for further scrutiny at a later time — for example, when a new TCP/IP stack vulnerability is discovered.

You should stay current with updates from your operating system vendor since new "exploits" are being continually discovered and they are first applied upon known-to-exist machines . . . like this one!

AS NOTED ABOVE: If your system did NOT show up as Stealth! but you wish that it could, you will need to use one of the inexpensive personal firewalls I've discovered. If your system's security is a concern (as I'm afraid it needs to be in this day and age), I would advise you not to wait!



OPEN!


If one or more of your ports are shown as OPEN! then one of the following two situations must be true:


You have servers running on those open ports:

If your system is running Internet servers on the ports shown as OPEN, you should stay current with PC industry security bulletins. New security vulnerabilities are being found continually. When crackers learn of a new vulnerability, they quickly grab their scanner logs to search for systems that have been scanned in the past and are of the known-to-be-vulnerable type. This allows them to be attacking logged systems within moments of learning of a newly located security hole. It is therefore important for you to respond to any news of new vulnerabilities in your systems as quickly as possible. The crackers are hoping you'll take your time.


You DO NOT have servers running on those open ports:

If you are not actively offering Internet services through the ports shown as OPEN, something is very wrong with your system:


It is actively advertising its presence on the Internet and
soliciting the attention of ALL PASSING PORT SCANNERS!

Logs of open ports are maintained by crackers and used as points of attack.
Either a server has been started without your knowledge — as is done by Trojan horse programs like Back Orifice — or you may be running one of the many "Evil Port Monitors" which has altered your system's "open port profile" in order to monitor TCP/IP connections. Evil Port Monitors will tell you that a passing scanner has just successfully probed into your system . . . but the problem (for you) is that it was a successful scan probe and the existence of your system's wide open ports will have been noticed and logged!

Your system may be monitored for Internet attacks without alerting crackers to your presence by using a real personal firewall product — instead of one of the many evil port monitors. For the best monitoring and protection I recommend ZoneLab's FREE firewall: ZoneAlarm 2.x. (See the "Personal Firewalls" page for more information.)

Ok, jetzt wirds lächerlich. Kann mir das jemand übersetzen??

</font><blockquote>Zitat:</font><hr />Original erstellt von IRON:
@ Cassandra:
Wäre es nicht sinnvoller.....</font>[/QUOTE]Jo, wäre es wohl gewesen . Zu spät dran gedacht. Aber naja, grc liefert im Grunde ja auch nix Falsches...

@Christian: Anscheinend ist bei Dir nur Port 139 (Bestandteil der Datei- und Druckerfreigabe) offen. Das kannst Du schließen, indem Du in den Netzwerkeinstellungen die Datei- und Druckerfreigabe deinstallierst. Die brauchst Du nämlich bestenfalls dann, wenn Du ein lokales Netzwerk betreibst. Mach das mal, laß Deinen PC noch mal scannen, dann sollte eigentlich alles dicht sein. Viel Erfolg [img]smile.gif[/img] .


Gruß,
Cassandra

Wenn ich mich recht entsinne, hat bei mir der GRC-Scan selbst dann einen offenen Port 139 angezeigt, als ich weder ein LAN noch eine installierte Dateifreigabe besaß. Also nicht gerade sehr zuverlässig, das Ergebnis.
Nachtrag:
Beim LFD Niedersachsen wird übrigens zwischen NetBIOS-Unterstützung (also dem Vorhandensein eines Dienstes) und dem Status des Ports 139 unterschieden (sehr wichtig!!!). Mein Win98SE-PC mit Dateifreigabe im LAN wird korrekt eingeschätzt. KEINE NETBIOS-Unterstützung, wohl aber ein generell ansprechbarer Port 139, was aber keine Gefahr darstellt.

[ 28. April 2003, 18:45: Beitrag editiert von: IRON ]

Ich denk mal, dass normalerweise dieser Port schon geschlossen ist.
Ich kann auswählen:

- Anderen Benutzern soll der Zugriff auf meine Dateien ermöglicht werden
- Anderen Benutzern soll der Zugriff auf meine Drucker ermöglicht werden

Vielleicht hilft Dir die Anleitung von trojaner-info.de weiter:

http://www.trojaner-info.de/sicherhe...rts137-139.htm

Ich kann bei mir gar net "Protokoll" als Netzwerkkomponententyp bei mir auswählen.
Da steht nur
DFÜ-Adapter und
TCP/IP ??????????????

Hab jetzt grad den Portscann bei Niedersachsen gemacht. Der erkennt Mozilla als Browser. Mein Browser heisst aber IE. Hab Mozilla kurzzeitig drauf gehabt, dann aber wieder runtergeschmissen.

</font><blockquote>Zitat:</font><hr />Original erstellt von *Christian*:
Hab jetzt grad den Portscann bei Niedersachsen gemacht. Der erkennt Mozilla als Browser. Mein Browser heisst aber IE. Hab Mozilla kurzzeitig drauf gehabt, dann aber wieder runtergeschmissen. </font>[/QUOTE]Im User Agent (sowas wie ein Erkennungszeichen) vom IE kommt auch das Wort "Mozilla" vor. Lass Dich davon nicht irritieren.

OT: Warum hast Du Dich denn vom Mozilla getrennt?

Gruß [img]graemlins/daumenhoch.gif[/img]
Yopie

Sonst hat es mir bei anderen "Browser-Testern" immer den IE angezeigt.
Der Seitenaufbau war viel langsamer als beim IE.
Hab allerdings noch die alte 1.3 geladen.