Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: REDACTED on June 07, 2016, 01:35:16 PM
-
Hi everyone
In the last 24 hours I've noticed quite a drastic change while doing a Network Scan and was wondering if someone could explain what it actually means.
It seems to have occurred within the last 36 hours from when I had previously scanned my computer. None of what is currently there in the 'Services' section was there before.
On the first screenshot if you look to 'Services' you will see a list of things which make no sense to me. These things were never present before (I scan very regularly). When doing a random Google search on one of the items, it brings something up about being a 'Remote Procedure Call' which sort of has me curious if it's the same as 'Remote Access'?
On the second screenshot, in 'Services' an extra item saying "53 - DNS" has appeared. Again, that too is something that is very recent. It usually only shows the "80 - HTTP" part.
Coincidentally, my whole connection went weird on Sunday evening, and upon restarting everything there was an error notification (the first of it's kind) on my computer about my Web Cam app failing (along with an error code). The webcam is not something I've ever bothered with before, so I found it odd.
Any help would be greatly appreciated.
(Please excuse the bad paint-work on the screenshots. Not completely sure if it matters whether I show my IP, etc, but just to be on the safe side...)
-
Hello sovereign2017, and welcome to the forums.
You've got a NETGEAR VMG485 Router, so I'd suggest:
- changing the default administrator name and password if you haven't done so already
- consider moving/updating your router to the latest firmware update if not done
Other than that, if avast network scanner says you are clean and in the clear, there should be nothing to worry about.
-
Hi Mchain
Thanks for answering.
The thing is, all those 'services' weren't present the other day, or at any other time. They've just randomly appeared out of no where. What even are they? (if you don't mind me asking)
The defaults were changed on the day I got a new router installed last year, after my previous one had been hacked.
Can I ask what you mean by updating the firmware? I thought my ISP would do something like that automatically? How would I do that?
Sorry about all the questions... :-[
-
http://lmgtfy.com/?q=how+to+update+router+firmware+netgear
-
Hello sovereign2017,
We recently enhanced the Network scan.
Is is now checking more services and making sure they are not vulnerable.
As long as the scan does not warn you about any vulnerabilities, you are fine. The service list is there just for your information.
Thanks for noticing the change,
Filip
-
A second opinion for checking security status of your router: https://www.grc.com/x/ne.dll?bh0bkyd2 (https://www.grc.com/x/ne.dll?bh0bkyd2)
Attached find three .png files which explains scan results of router tcp port checks:
All ports green/passed means tcp ports are stealthed at the router which is what you want to see.
-
Benefit of a good hardware firewall...
There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!
:D
-
Hi everyone.
I apologise for not responding sooner. I've had an awful lot going on.
Just want to thank you all for your help.
Eddy - Thanks for the info. I'll have a look.
Mchain - I'm by no means computer literate, I really wish I was in this day and age, nevertheless, I'll be sure to take a look at what you've provided and try to make some sense of it.
Filip Braun - Thank-you for clarifying.
-
Benefit of a good hardware firewall...
There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!
:D
Did I miss something? Was someone referring to my IP address? I can't see the post anywhere... ???
-
No, no IP address was noted by eddy.
You'll need to go to this address to see where his quote was gotten from: https://www.grc.com/x/ne.dll?bh0bkyd2 (https://www.grc.com/x/ne.dll?bh0bkyd2)
Click 'Proceed' you will arrive at a second (new) page: https://www.grc.com/x/ne.dll?rh1dkyd2 (https://www.grc.com/x/ne.dll?rh1dkyd2)
Click 'Common Ports' allow scan to complete:
What the GRC website is doing is testing your router for open or closed ports and reporting any found. Your router uses a hardware firewall instead of the software firewall Windows uses. If all reported as 'stealth' then you are good to go.
-
Solicited TCP Packets: PASSED — No TCP packets were received from your system as a direct result of our attempts to elicit some response from any of the ports listed below — they are all either fully stealthed or blocked by your ISP. However . . .
Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)
Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.
I don't know to configure my firewall.
-
Didn't pass the leak test so is there any way I can fix it?
-
What firewall?
-
Windows firewall.
-
Windows firewall.
And i then guess you dont have turned on outbound protection (default off) so leak test would then of course connect outbound ;)
-
I didn't see outbound protection (default off). I changed the settings to block outbound protection to block but had to change it back to allow. After I changed the settings to block I got an error message on the SafeZone Browser....
-
you are once again fiddling with stuff you dont understand just to make your day more complicated
Soon we will see another of those "I wish i did not do that, how do i go back" posts
http://www.howtogeek.com/172349/why-you-dont-need-an-outbound-firewall-on-your-laptop-or-desktop-pc/
Ask Leo >> https://askleo.com
-
Soon we will see another of those "I wish i did not do that, how do i go back" posts.
No, you won't.
-
Should I set the firewall to restore default settings?
-
@ -midnight,
Resetting your firewall back to default settings shouldn't hurt things, but, in the future, write down only the changes you do make and make only one change at a time to make things much easier, each one followed by a reboot of system.
If you are really interested in discovering what you need to know about anything computer related follow Pondus' advice by visiting https://askleo.com/ (https://askleo.com/)
Also read: http://www.howtogeek.com/172349/why-you-dont-need-an-outbound-firewall-on-your-laptop-or-desktop-pc/ (http://www.howtogeek.com/172349/why-you-dont-need-an-outbound-firewall-on-your-laptop-or-desktop-pc/)
<snip>
Why Outbound Firewalls Are Pointless For Most People
The reality is that outbound firewalls aren’t a useful security tool for the average user. Here’s why:
- Outbound firewalls just prevent applications on your computer from connecting to the Internet. If you see that a piece of malware is trying to connect to the Internet, you’ve already lost because it’s running on your computer. The malware can do a lot of damage without Internet access.
- If a malicious program were running on your computer and had access to your system, it could likely open its own holes in your firewall software. Again, once the malicious software is running on your system, you’ve already lost.
- Malware could piggyback on other programs to communicate over the Internet. For example, a piece of malware could open a special web address in your browser to ping a server, capture the page that the server sends back, and use the data. It’s difficult to completely isolate an application from the Internet.
Outbound firewalls aren’t an effective defense against malware. You should focus on using an effective antivirus program, keeping your software up-to-date, and making sure you don’t have Java installed. That will keep your PC much more secure than using an antivirus program that won’t help much after the fact. If your computer is compromised, it’s compromised.
<end snip>
Suggest reading the entire thing about outbound firewalls per the link above. You should be using a robust backup and recovery system anyway if you are going to make changes to your system(s).
-
I would certainly contest that outbound firewalls aren't required.
If an outbound connection is made from your system, the corresponding inbound connections sails right past your firewall as essentially it has permission.
You only have to view the viruses and worms forum to see the number of URL:Mal alerts, etc. resulting from outbound connections by your system. And the only thing that stopped them was avast as they were trying to connect to malicious sites.
Any hidden or undetected malware on your system would be able to make out outbound calls to whatever site unmolested. By saying any malware on your system could already be creating holes in your system, well why not just give up. Not all malware will be capable if doing that straight off, a lot (viruses and worms) have a connection to malicious sites to bolster what is already on the system.
EDIT: Not to mention this article was Published 09/17/13, a lot has changed since then, firewall, antivirus and malware since then.
-
Thanks again, Mchain. :D
Speaking of DNS leaks. I use a VPN and tend to do the tests quite regularly.
Avast have upgraded me for a short period to try their new version and since then it shows that my Avast is 'leaking', whereas when I had the basic/free version the results never showed any leaks at all.
Can anyone explain why this is and if there's anything I need to do to stop it?