PPPoE, Port Blocking & Port Scanning

baudhayan

Regulars
[OP]
Regulars
Oct 20, 2005
238
10
Mumbai
Hi every1,
I guess sum1 in the forum told how 2 use Bridging in PVC0. I did tht & also configured all my OS's (Win98, Win2k Pro & WinXP) 2 use PPPoE (http://www.raspppoe.com). My net is working perfectly allright, but no one from an external network is able 2 dial in 2 my public ip using netmeeting & also my vnc from external n/w doesnt work. I have also disabled my norton internet security (NIS), it still didnt work out. I also did a port scan from the site http://www.dslreport.com/scan, even with my NIS disabled the site gives a report tht all ur necessary tcp/udp ports r blocked, indicating tht my ISP is blocking ports. I work as a n/w security admin in a firm & thus have tried all possible settings. I infact also changed the TCP settings for my PPPoE, since after the PPPoE connection gets estd the default gw bcums the public ip which mtnl assigns 2 me, i added a route to point to 59.183.63.154 (default MTNL gw). Can sum1 confirm whether im rite or whether i have 2 change certain settings in my pc.

I also frequently get alerts from my NIS tht the MTNL Delhi DNS Server is trying 2 do a Portscan on my pc. Im attaching the screenshots.

View attachment 291View attachment 291
 

cyberwiz

Senior Member
Regulars
Mar 11, 2005
2,476
44
Delhi
I am getting a feeling that norton is not getting completely disabled when u disable it. Try completely uninstalling norton and then see if it works.MTNL doesnt block any port so the blocking has to be at ur end.
 

baudhayan

Regulars
[OP]
Regulars
Oct 20, 2005
238
10
Mumbai
Originally posted by cyberwiz@Oct 20 2005, 01:47 PM
I am getting a feeling that norton is not getting completely disabled when u disable it. Try completely uninstalling norton and then see if it works.

MTNL doesnt block any port so the blocking has to be at ur end.
[snapback]29043[/snapback]
[/quote]

I actually had opened netmeeting ports (prior to posting this topic), bcoz NIS had popped up 2 do the same, but it still didnt work....
:(
 


prathapml

Mjölnir
Regulars
Aug 27, 2004
832
9
Bangalore
It would have have been faar easier to read first post if it was in plain english.Anyways, if you're having ALL ports blocked, it looks like the connection is still not bridged.To check, try this:Type "ipconfig" into a CMD prompt. What does the IP address of the NIC say?Does it return a public IP or a private?
 

baudhayan

Regulars
[OP]
Regulars
Oct 20, 2005
238
10
Mumbai
Originally posted by prathapml@Oct 21 2005, 08:57 AM
It would have have been faar easier to read first post if it was in plain english.
Anyways, if you're having ALL ports blocked, it looks like the connection is still not bridged.

To check, try this:
Type "ipconfig" into a CMD prompt.  What does the IP address of the NIC say?
Does it return a public IP or a private?
[snapback]29095[/snapback]
[/quote]

Dear prathapml,
Thx 4 all ur guidance. But I guess u didnt read my topic carefully. I already told u tht Im a N/W security admin with a firm. I have done the basic & infact advanced troubleshooting b4 putting up this topic on the forum. Anyways FYI Im getting a public IP.

By the way "cyberwiz", I uninstalled NIS in XP & also disabled my F/W, but my portscan results still shows all ports blocked.
:(
 

prathapml

Mjölnir
Regulars
Aug 27, 2004
832
9
Bangalore
For a genuine network security admin, this kind of a problem is nothing at all....So have you confirmed with your ISP at all? About whether they block ports or not.
 


baudhayan

Regulars
[OP]
Regulars
Oct 20, 2005
238
10
Mumbai
Originally posted by prathapml@Oct 21 2005, 10:08 AM
For a genuine network security admin, this kind of a problem is nothing at all....

So have you confirmed with your ISP at all? About whether they block ports or not.
[snapback]29099[/snapback]
[/quote]

U r absolutely rite, 4 a genuine n/w sec admin this is not at all any probs (thnx 4 judging my skillset), but since cyberwiz said tht MTNL does not block the ports, I rechecked all my settings, but unfortunately didnt work out. If u think there's anything more 2 b tweaked then plz let me know....Thnx in advance
 

baudhayan

Regulars
[OP]
Regulars
Oct 20, 2005
238
10
Mumbai
cyberwiz..me & my friend both own a triband in mumbai. i get ip's in the 59.183 network, but my friend ip's in the 59.181 n/w. i tried doing a tracert 2 both my & my friends ip. i surprisingly found tht the trace was getting completed for my friends ip. in my case d traffic does not go beyond 59.185.0.67. this means tht on my n/w mtnl is not allowing incoming ports open. plz c d screenshot belowView attachment 315
 

max

Regulars
Regulars
Oct 6, 2005
2,780
6
uh...baudhyan, tracert (traceroute) has nothing to do with port blocking. All it means is that the packets are getting dropped by some firewall. Observe the output of the second traceroute, it stops getting packets on the 7th hop. Which is same as hop that you reached your friend's machine. So it's very likely that the traceroute was completed until your machine was reached and it was your machine that started dropping packets!

This can only mean that Window's IPSec firewall (the f*cked up firewall) is active. Sorry for the strong words but Windows' built in firewall isn't a firewall at all. Real firewalls have stateful packet inspection built right into them while Windows' so called "firewall" doesnt have any such features. Anyway, getting back on topic, it's actually either your router is dropping packets (highly unlikely) or windows. My bet is windows. Try disabling and stopping IPSec all together.

Also, try forwarding all ports to your PC and then use Shield's Up from ( http://www.grc.com ) and then determine which ports are open or closed. It should ideally show all ports closed except a few (RPC and stuff).
 

baudhayan

Regulars
[OP]
Regulars
Oct 20, 2005
238
10
Mumbai
max............i know traceroute has nothing 2 do with port blocking. tracert works on d principle of ICMP echo req's & timeouts. I just wanted 2 find out d point beyond whih d packets r getting dropped. anyways u have done a gud observation abt d no of hops (which is 7). anways i 1st used d rtr in PPPoE mode & rtr f/w enabled & ran a portscan from an external machine, 2nd I disabled rtr f/w & installed norton internet security & ran a portscan, 3rd i ran d rtr in bridged mode & with no f/w enabled ...but believe me in all d port scans im getting d same result. I m using NMAP for scanning. anyways i'll reinstall any of my OS's & chk whether i get d same o/p in a freshly installed OS. but have u observed 1 strange o/p in tracert. none of d tracert o/p shows any entry 4 d default gateway - which in my case is 59.183.63.254 & in my friends case is 59.181.63.254.