question regarding home network security

[john]

Hi,

I just came back from the shields up website
https://www.grc.com/x/ne.dll?rh1dkyd2 and the analysis I got was this:

Solicited TCP Packets: RECEIVED (FAILED) - As detailed in the port report
below, one or more of your system's ports actively responded to our
deliberate attempts to establish a connection. It is generally possible to
increase your system's security by hiding it from the probes of potentially
hostile hackers. Please see the details presented by the specific port links
below, as well as the various resources on this site, and in our extremely
helpful and active user community.


Ping Reply: RECEIVED (FAILED) - Your system REPLIED to our Ping (ICMP Echo)
requests, making it visible on the Internet. Most personal firewalls can be
configured to block, drop, and ignore such ping requests in order to better
hide systems from hackers. This is highly recommended since "Ping" is among
the oldest and most common methods used to locate systems prior to further
exploitation.


Here is my diagram

both computers have win xp home, fully updated

Here is the diagram

internet
|
|
router
|
|
---------computer 1
|
|
|
computer 2----printer


Should I be concerned or is this an acceptable level of security?

thanks,

chuck

 

[Steve Winograd [MVP]]

Hi,

I just came back from the shields up website
https://www.grc.com/x/ne.dll?rh1dkyd2 and the analysis I got was this:

Solicited TCP Packets: RECEIVED (FAILED) - As detailed in the port report
below, one or more of your system's ports actively responded to our
deliberate attempts to establish a connection. It is generally possible to
increase your system's security by hiding it from the probes of potentially
hostile hackers. Please see the details presented by the specific port links
below, as well as the various resources on this site, and in our extremely
helpful and active user community.

Ping Reply: RECEIVED (FAILED) - Your system REPLIED to our Ping (ICMP Echo)
requests, making it visible on the Internet. Most personal firewalls can be
configured to block, drop, and ignore such ping requests in order to better
hide systems from hackers. This is highly recommended since "Ping" is among
the oldest and most common methods used to locate systems prior to further
exploitation.


Here is my diagram

both computers have win xp home, fully updated

Here is the diagram

internet
|
|
router
|
|
---------computer 1
|
|
|
computer 2----printer


Should I be concerned or is this an acceptable level of security?

thanks,

chuck

I'm assuming that you have a typical home broadband router, like the
ones from Linksys, D-Link, Netgear, Belkin, etc.

Your router acts as an incoming firewall, preventing unsolicited
incoming traffic from reaching your computers. The router has a
public IP address that's visible from the Internet. Your computers
have private IP addresses that are invisible from the Internet.

ShieldsUp!! is probing your router, not your computers. Your router
replied to a ping (ICMP echo) request. By itself, that's not a
security risk. Pings are widely used in networking to see if a
particular host is alive.

You can probably configure your router to ignore pings. Make sure
that your router doesn't allow remote administration by other people
on the Internet.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Chuck]

Hi,

I just came back from the shields up website
https://www.grc.com/x/ne.dll?rh1dkyd2 and the analysis I got was this:

Solicited TCP Packets: RECEIVED (FAILED) - As detailed in the port report
below, one or more of your system's ports actively responded to our
deliberate attempts to establish a connection. It is generally possible to
increase your system's security by hiding it from the probes of potentially
hostile hackers. Please see the details presented by the specific port links
below, as well as the various resources on this site, and in our extremely
helpful and active user community.


Ping Reply: RECEIVED (FAILED) - Your system REPLIED to our Ping (ICMP Echo)
requests, making it visible on the Internet. Most personal firewalls can be
configured to block, drop, and ignore such ping requests in order to better
hide systems from hackers. This is highly recommended since "Ping" is among
the oldest and most common methods used to locate systems prior to further
exploitation.


Here is my diagram

both computers have win xp home, fully updated

Here is the diagram

internet
|
|
router
|
|
---------computer 1
|
|
|
computer 2----printer


Should I be concerned or is this an acceptable level of security?

thanks,

chuck

John / Chuck,

If you're checking your security using GRC Nanoprobe, remember that you're only
checking the security of your router. Nanoprobe looks no further than the host
at your public ip address, ie your NAT router.

However, Steve's concept of Stealth is pretty primitive. There are other ways
of scanning you, other than a simple TCP Connect.
<http://nitecruzr.blogspot.com/2005/05/security-by-obscurity.html>

That said, there are no currently known exploits against NAT, so you are likely
safe for the moment. Even if a bad guy does learn of your existence from
detecting the one or more active and responding ports, attacking your NAT router
probably won't get him anywhere, right now. A Layered Defense, however, is a
good idea for the long term.
<http://nitecruzr.blogspot.com/2005/05/please-protect-yourself-layer-your.html>

BTW, do you own or control domain "northpole DOT com"? Posting your own email
address openly will get you more unwanted email, than wanted email. Posting
other's possible email addresses like that is rude, at best. Learn to munge
your email address properly, to keep yourself a bit safer when posting to open
forums. Protect yourself and the rest of the internet - read this article.
<http://nitecruzr.blogspot.com/2005/05/how-to-post-on-usenet-and-encourage.html#Munging>