Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: sovereign2017 on June 07, 2016, 01:35:16 PM

Title: Network Scan Issue
Post by: sovereign2017 on June 07, 2016, 01:35:16 PM
Hi everyone

In the last 24 hours I've noticed quite a drastic change while doing a Network Scan and was wondering if someone could explain what it actually means.

It seems to have occurred within the last 36 hours from when I had previously scanned my computer. None of what is currently there in the 'Services' section was there before.

On the first screenshot if you look to 'Services' you will see a list of things which make no sense to me. These things were never present before (I scan very regularly). When doing a random Google search on one of the items, it brings something up about being a 'Remote Procedure Call' which sort of has me curious if it's the same as 'Remote Access'?

On the second screenshot, in 'Services' an extra item saying "53 - DNS" has appeared. Again, that too is something that is very recent. It usually only shows the "80 - HTTP" part.

Coincidentally, my whole connection went weird on Sunday evening, and upon restarting everything there was an error notification (the first of it's kind) on my computer about my Web Cam app failing (along with an error code). The webcam is not something I've ever bothered with before, so I found it odd.

Any help would be greatly appreciated.

(Please excuse the bad paint-work on the screenshots. Not completely sure if it matters whether I show my IP, etc, but just to be on the safe side...)



Title: Re: Network Scan Issue
Post by: mchain on June 07, 2016, 09:44:43 PM
Hello sovereign2017, and welcome to the forums.

You've got a NETGEAR VMG485 Router, so I'd suggest:
Other than that, if avast network scanner says you are clean and in the clear, there should be nothing to worry about.
Title: Re: Network Scan Issue
Post by: sovereign2017 on June 08, 2016, 12:05:38 AM
Hi Mchain

Thanks for answering.

The thing is, all those 'services' weren't present the other day, or at any other time. They've just randomly appeared out of no where. What even are they? (if you don't mind me asking)

The defaults were changed on the day I got a new router installed last year, after my previous one had been hacked.

Can I ask what you mean by updating the firmware? I thought my ISP would do something like that automatically? How would I do that?

Sorry about all the questions...  :-[
Title: Re: Network Scan Issue
Post by: Eddy on June 08, 2016, 08:13:36 AM
http://lmgtfy.com/?q=how+to+update+router+firmware+netgear
Title: Re: Network Scan Issue
Post by: Filip Braun on June 08, 2016, 09:20:35 AM
Hello sovereign2017,

We recently enhanced the Network scan.
Is is now checking more services and making sure they are not vulnerable.
As long as the scan does not warn you about any vulnerabilities, you are fine. The service list is there just for your information.

Thanks for noticing the change,
Filip
Title: Re: Network Scan Issue
Post by: mchain on June 08, 2016, 08:41:34 PM
A second opinion for checking security status of your router:  https://www.grc.com/x/ne.dll?bh0bkyd2 (https://www.grc.com/x/ne.dll?bh0bkyd2)

Attached find three .png files which explains scan results of router tcp port checks:

All ports green/passed means tcp ports are stealthed at the router which is what you want to see.

Title: Re: Network Scan Issue
Post by: Eddy on June 08, 2016, 08:48:35 PM
Benefit of a good hardware firewall...
Quote
There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!
:D
Title: Re: Network Scan Issue
Post by: sovereign2017 on June 25, 2016, 03:22:03 AM
Hi everyone.

I apologise for not responding sooner. I've had an awful lot going on.

Just want to thank you all for your help.

Eddy - Thanks for the info. I'll have a look.

Mchain - I'm by no means computer literate, I really wish I was in this day and age, nevertheless, I'll be sure to take a look at what you've provided and try to make some sense of it.

Filip Braun - Thank-you for clarifying.
Title: Re: Network Scan Issue
Post by: sovereign2017 on June 25, 2016, 03:24:21 AM
Benefit of a good hardware firewall...
Quote
There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!
:D

Did I miss something? Was someone referring to my IP address? I can't see the post anywhere... ???

Title: Re: Network Scan Issue
Post by: mchain on June 26, 2016, 03:15:08 AM
No, no IP address was noted by eddy.

You'll need to go to this address to see where his quote was gotten from:  https://www.grc.com/x/ne.dll?bh0bkyd2 (https://www.grc.com/x/ne.dll?bh0bkyd2)

Click 'Proceed' you will arrive at a second (new) page:  https://www.grc.com/x/ne.dll?rh1dkyd2 (https://www.grc.com/x/ne.dll?rh1dkyd2)
Click 'Common Ports' allow scan to complete: 
What the GRC website is doing is testing your router for open or closed ports and reporting any found.  Your router uses a hardware firewall instead of the software firewall Windows uses.  If all reported as 'stealth' then you are good to go.
Title: Re: Network Scan Issue
Post by: -midnight on June 26, 2016, 01:58:19 PM
Solicited TCP Packets: PASSED — No TCP packets were received from your system as a direct result of our attempts to elicit some response from any of the ports listed below — they are all either fully stealthed or blocked by your ISP. However . . .



Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)



Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

I don't know to configure my firewall. 
Title: Re: Network Scan Issue
Post by: -midnight on June 26, 2016, 02:16:36 PM
Didn't pass the leak test so is there any way I can fix it?
Title: Re: Network Scan Issue
Post by: Pondus on June 26, 2016, 03:04:04 PM
What firewall?
Title: Re: Network Scan Issue
Post by: -midnight on June 26, 2016, 03:08:09 PM
Windows firewall.
Title: Re: Network Scan Issue
Post by: Pondus on June 26, 2016, 03:11:25 PM
Windows firewall.
And i then guess you dont have turned on outbound protection (default off) so leak test would then of course connect outbound  ;)

Title: Re: Network Scan Issue
Post by: -midnight on June 26, 2016, 03:19:35 PM
I didn't see outbound protection (default off). I changed the settings to block outbound protection to block but had to change it back to allow. After I changed the settings to block I got an error message on the SafeZone Browser....
Title: Re: Network Scan Issue
Post by: Pondus on June 26, 2016, 03:23:12 PM
you are once again fiddling with stuff you dont understand just to make your day more complicated   

Soon we will see another of those  "I wish i did not do that, how do i go back"  posts


http://www.howtogeek.com/172349/why-you-dont-need-an-outbound-firewall-on-your-laptop-or-desktop-pc/

Ask Leo  >> https://askleo.com



Title: Re: Network Scan Issue
Post by: -midnight on June 26, 2016, 03:36:08 PM
Soon we will see another of those  "I wish i did not do that, how do i go back"  posts.

No, you won't.
Title: Re: Network Scan Issue
Post by: -midnight on June 26, 2016, 04:38:20 PM
Should I set the firewall to restore default settings?
Title: Re: Network Scan Issue
Post by: mchain on June 27, 2016, 09:14:27 PM
@ -midnight,
Resetting your firewall back to default settings shouldn't hurt things, but, in the future, write down only the changes you do make and make only one change at a time to make things much easier, each one followed by a reboot of system. 

If you are really interested in discovering what you need to know about anything computer related follow Pondus' advice by visiting https://askleo.com/ (https://askleo.com/)
Also read:  http://www.howtogeek.com/172349/why-you-dont-need-an-outbound-firewall-on-your-laptop-or-desktop-pc/ (http://www.howtogeek.com/172349/why-you-dont-need-an-outbound-firewall-on-your-laptop-or-desktop-pc/)

<snip>
Why Outbound Firewalls Are Pointless For Most People

The reality is that outbound firewalls aren’t a useful security tool for the average user. Here’s why:
    Outbound firewalls aren’t an effective defense against malware. You should focus on using an effective antivirus program, keeping your software up-to-date, and making sure you don’t have Java installed. That will keep your PC much more secure than using an antivirus program that won’t help much after the fact. If your computer is compromised, it’s compromised.
<end snip>

Suggest reading the entire thing about outbound firewalls per the link above.  You should be using a robust backup and recovery system anyway if you are going to make changes to your system(s).
Title: Re: Network Scan Issue
Post by: DavidR on June 27, 2016, 10:37:51 PM
I would certainly contest that outbound firewalls aren't required.

If an outbound connection is made from your system, the corresponding inbound connections sails right past your firewall as essentially it has permission.

You only have to view the viruses and worms forum to see the number of URL:Mal alerts, etc. resulting from outbound connections by your system. And the only thing that stopped them was avast as they were trying to connect to malicious sites.

Any hidden or undetected malware on your system would be able to make out outbound calls to whatever site unmolested. By saying any malware on your system could already be creating holes in your system, well why not just give up. Not all malware will be capable if doing that straight off, a lot (viruses and worms) have a connection to malicious sites to bolster what is already on the system.

EDIT: Not to mention this article was Published 09/17/13, a lot has changed since then, firewall, antivirus and malware since then.
Title: Re: Network Scan Issue
Post by: sovereign2017 on June 30, 2016, 05:10:39 AM
Thanks again, Mchain.  :D

Speaking of DNS leaks. I use a VPN and tend to do the tests quite regularly.

Avast have upgraded me for a short period to try their new version and since then it shows that my Avast is 'leaking', whereas when I had the basic/free version the results never showed any leaks at all.

Can anyone explain why this is and if there's anything I need to do to stop it?