Matt,
I ran the commands you asked me to do, you are correct, the first two
commands looked like a blank line as results. The netstat -an |findstr ":80"
command looked like this:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Ronald>netstat -an |findstr ":80"
TCP 192.168.1.2:3266 207.22.51.86:80 ESTABLISHED
TCP 192.168.1.2:3267 199.125.90.97:80 ESTABLISHED
TCP 192.168.1.2:3268 199.125.90.101:80 ESTABLISHED
TCP 192.168.1.2:3269 199.125.90.101:80 ESTABLISHED
TCP 192.168.1.2:3270 207.22.51.86:80 ESTABLISHED
C:\Documents and Settings\Ronald>netstat -an |findstr ":80"
TCP 192.168.1.2:3272 65.82.150.11:80 LAST_ACK
TCP 192.168.1.2:3275 65.82.150.30:80 ESTABLISHED
TCP 192.168.1.2:3276 65.82.150.30:80 ESTABLISHED
TCP 192.168.1.2:3306 65.82.150.11:80 LAST_ACK
TCP 192.168.1.2:3312 65.82.150.11:80 TIME_WAIT
TCP 192.168.1.2:3316 65.82.150.11:80 ESTABLISHED
TCP 192.168.1.2:3317 65.82.150.11:80 ESTABLISHED
C:\Documents and Settings\Ronald>netstat -an |findstr ":80"
TCP 192.168.1.2:3272 65.82.150.11:80 LAST_ACK
TCP 192.168.1.2:3312 65.82.150.11:80 TIME_WAIT
TCP 192.168.1.2:3322 65.82.150.11:80 LAST_ACK
C:\Documents and Settings\Ronald>netstat -an |findstr ":80"
TCP 192.168.1.2:3328 200.4.216.200:80 ESTABLISHED
TCP 192.168.1.2:3329 200.4.216.200:80 ESTABLISHED
TCP 192.168.1.2:3330 200.4.216.200:80 ESTABLISHED
TCP 192.168.1.2:3331 200.4.216.200:80 ESTABLISHED
TCP 192.168.1.2:3332 200.4.216.200:80 ESTABLISHED
I have noted the ESTABLISHED status while (or recent) browsing activity. How
this sounds to you?
I'll give a call to my ISP as you suggest.
I'm grateful thanked for your diligent help Matt. You are great!
Matt DuBois said:
I don't know enough about your ISP and how they have your router configured
to say for sure whether Shields Up is scanning your router or one of your
ISP's servers. I do believe at this point that it is NOT scanning your
computer. If you call your ISP, they can help you figure out what exactly
is being scanned. If it winds up being your router, then you can talk to
them about your concerns and they can explain why those ports are sometimes
open.
As for the message you got this morning about the Reverse DNS - its
something to do with the configuration of your ISPs DNS servers. I wouldn't
worry about that bit either way. My ISP, for instance, has reverse lookups
configured, but the name is pure nonsense that doesn't identify who I am or
my account name at all. Most ISPs are the same way.
The three ports it mentioned being open this time are 21,23, and 80. Those
ports are, respectively, FTP, telnet and HTTP. These are things that are
probably not on your computer, but MIGHT be on your router so that your ISP
can configure it remotely. . .though FTP is a stretch for that. You can do
a quick check on your computer to confirm the ports are not open, but I am
pretty convinced at this point that what Shields Up is finding isn't your
computer.
To do the quick check of your own computer, run the following commands from
a command prompt (copy and paste them from here):
netstat -an |findstr ":21"
netstat -an |findstr ":23"
netstat -an |findstr ":80"
These commands will filter the output of "netstat -an", which shows all open
ports and connections on your computer, down to just the things you are
interested in.
After you run each one, look at the output. It will look something like
this (note, the IP addresses will be different). Note that the output for
the first two commands will likely be a blank line, so don't be concerned.
TCP 169.254.10.23:2266 169.254.10.24:80 CLOSE_WAIT
TCP 169.254.10.23:2268 169.254.10.24:80 CLOSE_WAIT
TCP 169.254.10.23:3945 169.254.10.25:80 ESTABLISHED
TCP 169.254.10.23:3946 169.254.10.26:80 ESTABLISHED
TCP 169.254.10.23:3947 169.254.10.26:80 ESTABLISHED
You are looking for either of two things:
1) The last column saying "LISTENING"
2) The number after the : in the second column being 21,23, or 80
If you see either of the above two things, then there is cause for concern
and we can chase down what is listening. Otherwise, the best thing to
do