Thanks Mort Furd, but how? 
And how come, with Zone Alarm running, none of my ports show up as “stealth”? (All but the three open ports show up as closed).
Kinda worried, but in over my head here … :rolleyes:
Julie
In the “Firewall” section, make sure "Internet Zone Security? is set to High. Under the “Zones” tab (same section), make sure your internet connection is listed as “Internet” and not “Trusted.”
Whoops, that should be “Internet Zone Security**”, not "Internet Zone Security?**.
Thanks jmizzou, but the settings are, and always have been, as you describe. Also, I’ve gone through and disabled all allowed programs, one by one, and retested each time - all three ports still remained open!
Think my PC is haunted? :rolleyes: 
Julie
Damifno.
I’m using iptables on Linux, and using Guarddog as a setup tool. Guarddog defaults to “stealth” - you’ve got to intentionally poke holes in it. The firewall is one hundred percent closed when you install it, and you have to change ports to “blocked” or “open” for them to even be seen by another computer.
Stealthed is the way to go. As a normal user, you have no business offering any services through open ports. Your normal surfing and stuff does not need for your PC to have ports visible to the internet.
I’d look for something in ZoneAlarm that lets me block all ports coming into my PC.
The allowed programs don’t have anything to do with the open ports.
If you list the programs that you have trusted, it might help.
Also, do you have kids/SO that is internet savvy? SSH and port 80 open sounds like someone may be using your PC as a gateway to bypass a school/company firewall.
Finally, try rebooting after disabling each program.
I used to have a windows utility that would list the open local ports on a PC and tell me the name of the program that is listening on those ports. Sound familiar to anyone?
Ah, found it.
If you still can’t find out what is causing this to happen, go to http://www.ntutility.com/freeware.html and download and install the “Active Ports” utility. This will list the ports open on your PC and what process/path is using that port.
Hi Anon … I really appreciate your help with this. 
I went to download the “Active Ports” utility, but it’s only for Windows NT/2000/XP, and I use 98SE*. :rolleyes:
Believe me, no-one in this house is computer savvy. Just me and mini-me.
*Which might give a clue to the problem … I’ve never managed to download/install any of the patches for 98SE duck … it always failed for some reason, and I gave up trying. I believe it’s too late now?
Julie
I tested my Zone Alarm invisibility. The one section that I failed, I downloaded their patch to correct it. Since I’m running on a LAN, it ended up firewalling myself out of my system. I couldn’t access my internet. I had to take it to the tech guys, and they laughed at me. Be careful!
You may have Personal Web Server installed. Try following the instructions on this web page.
http://www.dewassoc.com/support/pws/remove_pws40.htm
We’ll get it yet!
Mort Furd: I just pinged myself from http://network-tools.com . The response they showed was “timed out”, so I assume I’m dropping the packets. (If I weren’t, how would I find that out and change that setting? I’m running Win98, ZA 2.6.362.) ZoneAlarm blocked the ping and produced this log entry:
FWIN,2003/09/11,15:26:46 -5:00 GMT,66.46.181.116:0,12.248.xxx.xxx:0,ICMP (type:8/subtype:0)
For comparison, here’s a typical log entry from one of the numerous hits I mentioned:
FWIN,2003/09/11,15:25:46 -5:00 GMT,12.248.35.40:0,12.248.xxx.xxx:0,ICMP (type:8/subtype:0)
Doesn’t this indicate I’m being pinged as opposed to sending out ping requests?
Lest I seem alarmist, let me say that at the moment this situation is just a nuisance.
Interestingly, network-tools attempted 10 pings, but only the first got through to me. And when I then did a tracert, it didn’t get through either. Maybe my ISP knows of the situation and is blocking multiple pings at one of the servers.
Okay. That IS a normal ping directed at you. Somebody is just looking for open computers to piddle with.
The log entries are easier to read than the description, and clearer too.
I don’t know the particulars of Zone Alarm (I’ve got iptables in my Linux kernel,) but there are some firewalls that respond and then lock down when they get repeat traffic. ZA may be doing it or your ISP.
If you want to do traceroute, you’ll have to open the ports for it. Tracroute uses the UDP protocol, and goes to ports in the range 33434-33600.
So long ZA is dropping the packets, you are clear.
What is fun to do is to send WinPopup messages back at such guys. I do it on occassion to the folks who’ve still got W32.Blaster or related stuff.
Note the source IP address, then open a DOS box and do this:
net send 12.248.35.40 Hey putz leave me the hell alone
If it times out, it didn’t get through. If it goes through, you’ll have scared the britches off a scriptkiddie.
You’ll need to open ports 137 and 139 (outgoing only) to make it work, but it can be fun.
I see you are using the ISP my father dumped last year. Too expensive and too flaky in his area.
If anyone is interested, as per Anthracite’s recommendation I have been useing ZoneAlarm for 1 1/2 years now, no problems with it. As to this:
See, what you need to do is have a special alternate password which, when you enter it into the system, causes it to look like it’s giving up the info, but it’s actually misleading fake info.
Sort of like that episode of the old Star Trek, Kirk gave a coded distress signal to Scotty by saying “Condition Green”.
That’s actually quite clever. It wouldn’t work with my standard PGP Disk setup, but it could work with some other things I use…
Heh…deniable encryption has been done. See www.rubberhose.org for details. (Gotta love the name!)
Hi Anon!
Well, PWS is indeed installed (it appears on the Program list) … but there’s no file for it on my SE98 disc - the very disc* Windows was installed from in the first place.
- A … ahem … ripped copy of my original disc (since lost), but nevertheless the actual one used for the installation …
Julie
Those of you with Linux/NetBSD who want to prepare for such events might consider a program called “Rubberhose”.
It’s a disk encryption system, the practical upshot of which is that you can have multiple encrypted partitions and the Feds^H^H^HBad guys can’t even tell how many there are on the disk.
If they get out the rubber hose to persuade you to give up the password, you can give them one for a not-very-incriminating one.
dylan_73Dunno how the hell you could have posted that at 12:59 PM, merely minutes ahead of my post at 02:52 pm.
Ummmm … ignore the above. After consultation with My Friend The Computer Engineer it seems like I made myself a dud copy of my good copy of the original disc :smack: … he’s got the good copy in his possession, and is gonna give it back so I can close those damned ports!!! Thanks for all the help I’ve received, and fingers crossed! 
Julie
GSV: I’m a time travelling stalker…everywhere you go, I’ve just been there… 