In the last 24 hours I’ve noticed quite a drastic change while doing a Network Scan and was wondering if someone could explain what it actually means.
It seems to have occurred within the last 36 hours from when I had previously scanned my computer. None of what is currently there in the ‘Services’ section was there before.
On the first screenshot if you look to ‘Services’ you will see a list of things which make no sense to me. These things were never present before (I scan very regularly). When doing a random Google search on one of the items, it brings something up about being a ‘Remote Procedure Call’ which sort of has me curious if it’s the same as ‘Remote Access’?
On the second screenshot, in ‘Services’ an extra item saying “53 - DNS” has appeared. Again, that too is something that is very recent. It usually only shows the “80 - HTTP” part.
Coincidentally, my whole connection went weird on Sunday evening, and upon restarting everything there was an error notification (the first of it’s kind) on my computer about my Web Cam app failing (along with an error code). The webcam is not something I’ve ever bothered with before, so I found it odd.
Any help would be greatly appreciated.
(Please excuse the bad paint-work on the screenshots. Not completely sure if it matters whether I show my IP, etc, but just to be on the safe side…)
The thing is, all those ‘services’ weren’t present the other day, or at any other time. They’ve just randomly appeared out of no where. What even are they? (if you don’t mind me asking)
The defaults were changed on the day I got a new router installed last year, after my previous one had been hacked.
Can I ask what you mean by updating the firmware? I thought my ISP would do something like that automatically? How would I do that?
We recently enhanced the Network scan.
Is is now checking more services and making sure they are not vulnerable.
As long as the scan does not warn you about any vulnerabilities, you are fine. The service list is there just for your information.
I apologise for not responding sooner. I’ve had an awful lot going on.
Just want to thank you all for your help.
Eddy - Thanks for the info. I’ll have a look.
Mchain - I’m by no means computer literate, I really wish I was in this day and age, nevertheless, I’ll be sure to take a look at what you’ve provided and try to make some sense of it.
Click ‘Proceed’ you will arrive at a second (new) page: https://www.grc.com/x/ne.dll?rh1dkyd2
Click ‘Common Ports’ allow scan to complete:
What the GRC website is doing is testing your router for open or closed ports and reporting any found. Your router uses a hardware firewall instead of the software firewall Windows uses. If all reported as ‘stealth’ then you are good to go.
Solicited TCP Packets: PASSED — No TCP packets were received from your system as a direct result of our attempts to elicit some response from any of the ports listed below — they are all either fully stealthed or blocked by your ISP. However . . .
Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to “counter-probe the prober”, thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)
Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since “Ping” is among the oldest and most common methods used to locate systems prior to further exploitation.
I didn’t see outbound protection (default off). I changed the settings to block outbound protection to block but had to change it back to allow. After I changed the settings to block I got an error message on the SafeZone Browser…
@ -midnight,
Resetting your firewall back to default settings shouldn’t hurt things, but, in the future, write down only the changes you do make and make only one change at a time to make things much easier, each one followed by a reboot of system.
[b]Why Outbound Firewalls Are Pointless For Most People[/b]
The reality is that outbound firewalls aren’t a useful security tool for the average user. Here’s why:
Outbound firewalls just prevent applications on your computer from connecting to the Internet. If you see that a piece of malware is trying to connect to the Internet, you’ve already lost because it’s running on your computer. The malware can do a lot of damage without Internet access.
If a malicious program were running on your computer and had access to your system, it could likely open its own holes in your firewall software. Again, once the malicious software is running on your system, you’ve already lost.
Malware could piggyback on other programs to communicate over the Internet. For example, a piece of malware could open a special web address in your browser to ping a server, capture the page that the server sends back, and use the data. It’s difficult to completely isolate an application from the Internet.
Outbound firewalls aren’t an effective defense against malware. You should focus on using an effective antivirus program, keeping your software up-to-date, and making sure you don’t have Java installed. That will keep your PC much more secure than using an antivirus program that won’t help much after the fact. If your computer is compromised, it’s compromised.
Suggest reading the entire thing about outbound firewalls per the link above. You should be using a robust backup and recovery system anyway if you are going to make changes to your system(s).
