Ottawa PC Users' Group, Inc.
 Software Reviews


Guard your ports!
by Chris Taylor

Bad guy Recent issues of the Ottawa PC News have included reviews of software designed to protect your computer from the bad guys on the Internet. I have written about how, if someone wants to connect to your machine (for any purpose, good or bad), your computer must be running some software that opens a port.

The trouble is, it is not easy to tell if you have open ports on your machine. There are some nasty trojan programs out there, such as Back Orifice, that will open a particular port. There are people on the Internet scanning for that open port. If they discover you are running Back Orifice, they can gain complete control of your machine.

The absence of a trojan does not mean you have no open ports. For example, if you enable file and print sharing on your computer, you may be offering full access to your files to everyone on the Internet whenever you are on-line. This is because enabling file and print sharing opens port 139. There are programs that will search for computers with an open port 139 and enumerate the shares on those machines. Then, with a simple NET USE command, someone could map a drive letter to your open shares and access your files.

I wrote about a couple of Internet Web sites that will run port scans on your computer, looking for open ports. Probably the most famous of these is the Shields Up site run by Steve Gibson at http://www.grc.com. Unfortunately, Gibson's site only scans for a few of the most common ports.

However, there is software available that you can run on your own computer to check for open ports. If you are not running any sort of firewall, you can use this type of software against your own machine and get a pretty good picture of what a hacker might see if they were to run a port scan on you. If you are running a firewall, you might get a friend to run a port scan on your machine while you are both connected to the Internet.

Now to finally get around to the title of this article! SuperScan v2.06 is a free port scanner you can download from PUB II's file area 35 - Internet, as sscan206.zip. There is no installation routine. Simply unzip the files into a directory and run scanner.exe.

There are lots of options, but to do a simple scan looking for any open port on your machine, you can just enter localhost in the "Hostname Lookup" box and click the "Lookup" button. Then, in the "Scan Type" section, select the last option, "All ports from" and enter 1 to 65535 in the boxes next to it. Then click the "Start" button. The results box will show any open ports. You can click the "Expand all" button to see additional details.

SuperScan screen shot

If you are behind a firewall or want to be certain about what is seen from the hackers' perspective, you can team up with a friend and port scan each other's machines. All you have to do is have both machines connect to the Internet. Then determine what your IP address is by running winipcfg.exe (on Win9x machines) or ipconfig (from a cmd prompt under WinNT). You can e-mail your IP addresses to each other so you can stay on-line and maintain the same address. Finally, each of you can fire up SuperScan and enter the other person's IP address in the "Hostname Lookup" box and follow all the other instructions above.

So, what do you do if you find open ports? The first thing to do is find out what is opening the port. A good resource for common port usage is RFC 1700. You can download it from PUB II in file area 35 - Internet as rfc1700.zip. Many applications use non-standard ports, but at least it is a good starting point.

If you have file and print sharing enabled, you should find that port 139 is open. Visit Gibson's site at http://www.grc.com/su-bondage.htm. for a good explanation of how to close this open port. Gibson has some other good information available on other pages as well, so browse around.

Some of the other ports you might find open may be harder to close. There is no magic bullet to eliminate the problem. You can try a clean boot and see if the port is closed. You can open programs one at a time and see if you can identify the one opening a port. You can run a good virus scanner that might pick up on a trojan program that is doing it.

You may find that the best solution is simply to install a personal firewall that will block anyone who attempts to connect to your machine. Many of the available firewalls will also block outbound traffic unless you specifically allow it. Since Trojan programs can attempt to do nasty things like send password information to some hacker on the Internet, this can be of great help.

Some programs are free for personal use, such as ZoneAlarm, Sybergen Secure Desktop, and PortICE. All are available on PUB II in file area 35 - Internet (zonalm21.exe, ssd21464.zip, and portice2.zip).

There are also a number of commercial products, such as Symantec's Norton Internet Security, ZoneLab's ZoneAlarm Pro, Tiny Software's Tiny Personal Firewall, Network Associates' McAfee.com Personal Firewall, and Network Ice's BlackICE Defender.

Once you install a personal firewall, you can use a port scanner to verify it is doing its job properly. To do this, you will have to have help from someone outside of your firewall to run the port scan. Running it on your own machine will not tell you what you need to know.

A word of caution on using a port scanner: NEVER use a port scanner on anyone but yourself or someone who has asked you to do so. Running a port scan is generally considered to be an attack. If the person on the other end detects a scan, they may report you to your Internet Service Provider. Such a complaint could get your account with your ISP terminated.


Bottom Line:

SuperScan v2.06
Freeware from Robin Keir
Web site: http://keir.net

keir.net


Copyright and Usage
Ottawa Personal Computer Users' Group (OPCUG), Inc.
3 Thatcher Street, Ottawa, ON  K2G 1S6

The opinions expressed in these reviews may not necessarily
represent the views of the OPCUG or its members.

Page created: 08-Oct-00