Win2k Virus?

[phantomgti]

Hi Everyone,

I am running Win2k behind a linksys DSL/Cable router BEFSR41. I recently did a Symantec Security check and it said that I had 3 ports open (ICMP Ping, Telnet and HTTP). I've contacted Linksys regarding this and they eventually said to return the router to the place I bought it. Done.... I thought the problem would be solved.

I still have the ports open. I don't have port forwarding or anything like that setup on the router. It is the basic setup out of the box.

I ran Norton's antivirus in safe mode and it didn't detect a virus.

Is there something I am missing? or are these ports normally open?

Thanks in advance for any help you could give me.

Trevor

[MishY]

I have the v3 version of that router so your menus might differ.

Firstly, check for firmware upgrades on the Linksys website. MAKE SURE YOU DOWNLOAD THE CORRECT FIRMWARE FOR YOUR ROUTER. You will find the version number on the router itself.

Secondly, go to Applications and Gaming and check for Port 80 being open (this is httpd)

Then click on the Security tab and scroll to the very bottom. Enable "Block anonymous internet requests" and Enable "Filter Multicast"

[phantomgti]

Hi MishY

Thanks for your response!

I actually do have the v3 of the router and have upgraded the firmware as soon as I got the new router.

I know for sure that the "Applications/Gaming" doesn't have any ports open.

I do have the "Block Anonymous Internet requests" enabled but I'm not too sure if the "Filter Multicast" is enabled or not. I am at work right now and won't be able to check for a few hours.

Do you think this problem is strictly with my router?

[MishY]

If you are not portforwarding (or Applications & Gaming) and you are not scanning the router from a PC on your LAN there is no reason why http should be open.

What are you using to scan your network ? Try the "shields up" and do the scan for all service ports (1-1056) on www.grc.com

[MishY]

I've just ran that test and only IDENT showed up and showed close. That is pretty normal and not of concern

[MishY]

Also make sure under UPnP Forwarding you having nothing enabled.

Do you have a DMZ ?

[phantomgti]

"If you are not portforwarding (or Applications & Gaming) and you are not scanning the router from a PC on your LAN there is no reason why http should be open.

What are you using to scan your network ? Try the "shields up" and do the scan for all service ports (1-1056) on www.grc.com"

That's why I'm confused.... there isn't a reason why the http should be open.

I was using Symantec System Check www.symantec.com/securitycheck/

I'll give the GRC site a go.

"Also make sure under UPnP Forwarding you having nothing enabled.

Do you have a DMZ ?"


No UPnP Forwarding or DMZ.... don't know what's going on.

[phantomgti]

One other question......

Can those ports only be closed in the router settings? or can I disable them in Windows?

[phantomgti]

Hi MishY,

Well I think Symantec is on drugs or they want to make you paranoid inorder to buy their software.

I did all the tests at GRC and they came up with only the ident closed like yours was.

Is it possible for you to do the Symantec Security check just to see what they say regarding your connection?

www.symantec.com/securitycheck

Thanks for all your help.

Trevor