Spolicited TCP Packets

According to the Shields Up test solicited TCP packets received (failed).
How do I fix this?  I use the latest version of Zone Alarm.

-- 
Have a good day,

Mel Marcovitz
0
Mel
10/21/2003 4:26:00 AM
grc.shieldsup 2699 articles. 0 followers. Follow

9 Replies
601 Views

Similar Articles

[PageSpeed] 23

Mel Marcovitz <mel_mark@pathcom.com> wrote:
> According to the Shields Up test solicited TCP packets received (failed).
> How do I fix this?  I use the latest version of Zone Alarm.

Hmm.  Which scan did you use?  I suggest you try all of them and see if they
all agree.  And copy and paste the text results from the All Services scan
here so we can see what you are seeing.

-- 
Robert
List of Lists - http://lists.gpick.com/
Eric Howe's Privacy and Security Site -
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
10/21/2003 1:42:00 PM
Hi:

Thanks for the response,

Here is the result that I am talking about:

Solicited TCP Packets: RECEIVED (FAILED) - As detailed in the port report
below, one or more of your system's ports actively responded to our
deliberate attempts to establish a connection. It is generally possible to
increase your system's security by hiding it from the probes of potentially
hostile hackers. Please see the details presented by the specific port links
below, as well as the various resources on this site, and in our extremely
helpful and active user community.

All my ports appear to be either closed or stealthed.



"Robert Wycoff" <rwycoff@127.0.0.1> wrote in message
news:bn3d4g$9bu$1@news.grc.com...
> Mel Marcovitz <mel_mark@pathcom.com> wrote:
> > According to the Shields Up test solicited TCP packets received
(failed).
> > How do I fix this?  I use the latest version of Zone Alarm.
>
> Hmm.  Which scan did you use?  I suggest you try all of them and see if
they
> all agree.  And copy and paste the text results from the All Services scan
> here so we can see what you are seeing.
>
> -- 
> Robert
> List of Lists - http://lists.gpick.com/
> Eric Howe's Privacy and Security Site -
> http://www.staff.uiuc.edu/~ehowes/main-nf.htm
>
>
0
Mel
10/21/2003 3:42:00 PM
Mel Marcovitz <mel_mark@pathcom.com> wrote:
> Hi:
>
> Thanks for the response,
>
> Here is the result that I am talking about:
>
> Solicited TCP Packets: RECEIVED (FAILED) - As detailed in the port report
> below, one or more of your system's ports actively responded to our
> deliberate attempts to establish a connection. It is generally possible to
> increase your system's security by hiding it from the probes of
> potentially hostile hackers. Please see the details presented by the
> specific port links below, as well as the various resources on this site,
> and in our extremely helpful and active user community.
>
> All my ports appear to be either closed or stealthed.

Aha.  Now I understand.

All Steve is saying there is that some of your ports are closed, rather than
stealthed.

-- 
Robert
List of Lists - http://lists.gpick.com/
Eric Howe's Privacy and Security Site -
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
10/21/2003 4:13:00 PM
Hi Mel

"Mel Marcovitz" <mel_mark@pathcom.com> wrote in message
news:bn2cjj$i3h$1@news.grc.com...
> According to the Shields Up test solicited TCP packets received (failed).
> How do I fix this?  I use the latest version of Zone Alarm.

You have Zone Alarm, but you haven't told us how you connect to the
internet.  Is it dialup, cable, DSL, or what?

Somewhere on the results page is a button labelled Text Summary.  Click on
that, and copy and paste the summary you are given into your next post.
That will tell us what ports are not Stealth.

The ports which are only closed may be being intercepted by your ISP, or a
cable or DSL modem, or a router if you have one, or Zone Alarm may not be
set up correctly.  ZA's logs might be able to tell you if the probe packets
to the closed ports are getting as far as your PC.

I hope that's not too much to swallow in one go, and that you persevere with
this.  But in any case, Closed ports are OK.  Stealth are thought by some to
be better; other people think it id not necessARY to be Stealth.  The ports
you would need to worry about are any which show Open, if you did not open
them yourself deliberately, by running some sort of derver program (like a
web server).

Peter.
0
Peter
10/21/2003 6:54:00 PM
Hi:

Thanks for the response.

1.My computer is a standalone computer using a dial up connection.

2. According to the  shields up report all the ports from 0 to 1055 are
either closed or stealthed.

3. The report I get is:
    Solicited TCP Packets: RECEIVED (FAILED) - As detailed in the port
report below, one or more of your system's ports actively responded to our
deliberate attempts to establish a connection. It is generally possible to
increase your system's security by hiding it from the probes of potentially
hostile hackers. Please see the details presented by the specific port links
below, as well as the various resources on this site, and in our extremely
helpful and active user community.

The thing that disturbs me is that the report says that my system failed the
tests and I don't understand how to correct the situation.

Sorry I had to delete part of your message to make it short enough to send.

-- 
Have a good day,

Mel Marcovitz


"Peter W Gray" <peterw.gray@ukonline.co.uk> wrote in message
news:bn3vdb$rpq$1@news.grc.com...
> Hi Mel
>
> "Mel Marcovitz" <mel_mark@pathcom.com> wrote in message
> news:bn2cjj$i3h$1@news.grc.com...
> > According to the Shields Up test solicited TCP packets received
(failed).
> > How do I fix this?  I use the latest version of Zone Alarm.
>
> You have Zone Alarm, but you haven't told us how you connect to the
> internet.  Is it dialup, cable, DSL, or what?
>
> Somewhere on the results page is a button labelled Text Summary.  Click on
> that, and copy and paste the summary you are given into your next post.
> That will tell us what ports are not Stealth.
>
>>
> Peter.
>
>
0
Mel
10/22/2003 4:11:00 AM
In message <bn501i$nk2$1@news.grc.com>, Mel Marcovitz 
<mel_mark@pathcom.com> writes
>Hi:
>
>Thanks for the response.
>
>1.My computer is a standalone computer using a dial up connection.
>
>2. According to the  shields up report all the ports from 0 to 1055 are
>either closed or stealthed.

Closed is good enough, Stealth may be better, and certainly can't hurt.

>3. The report I get is:
>    Solicited TCP Packets: RECEIVED (FAILED) - As detailed in the port
>report below, one or more of your system's ports actively responded to our
>deliberate attempts to establish a connection. It is generally possible to
>increase your system's security by hiding it from the probes of potentially
>hostile hackers. Please see the details presented by the specific port links
>below, as well as the various resources on this site, and in our extremely
>helpful and active user community.

Which ports are listed as Closed? You can copy that section of the 
report and paste it in here.

>The thing that disturbs me is that the report says that my system failed the
>tests and I don't understand how to correct the situation.

It will depend on which ports. Also whether the ports that are 
responding are on your computer or maybe because of something your ISP 
is doing.

>Sorry I had to delete part of your message to make it short enough to send.

There's about a 25 consecutive line limit. Delete the parts of the 
quoted text that you're not responding to. You can intersperse your 
response among the quoted text to break it up too.

-- 
 From invalid, Reply To works.
Kevin A.
0
Kevin
10/22/2003 4:27:00 AM
Mel Marcovitz <mel_mark@pathcom.com> wrote:

> Sorry I had to delete part of your message to make it short enough to
> send.

This may help.

http://www.imilly.com/noregrets.htm#QED

-- 
Robert
List of Lists - http://lists.gpick.com/
Eric Howe's Privacy and Security Site -
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
10/22/2003 1:43:00 PM
Hi Mel

"Mel Marcovitz" <mel_mark@pathcom.com> wrote in message
news:bn501i$nk2$1@news.grc.com...
> Hi:
>
> Thanks for the response.
>
> 1.My computer is a standalone computer using a dial up connection.

OK.  So there isn't anything else on your end except the PC, with Zone Alarm
on it.

> 2. According to the  shields up report all the ports from 0 to 1055 are
> either closed or stealthed.

That is good.  I means that there isn't any server program running on you
machine, which would hold one or more ports Open.

> 3. The report I get is:
>     Solicited TCP Packets: RECEIVED (FAILED) -

<snip rest of report>
Solicited packets are ones that ShieldsUp asked your system to send out.
Stealth is the result you get for a port which does *not* send back
solicited packets; Closed is the result that you get for a port which *does*
send back a packet with a RST flag -- saying in effect "Go away, I don't
want to talk to you".

> The thing that disturbs me is that the report says that my system failed
the
> tests and I don't understand how to correct the situation.

You would only have got  Pass result if all ports were Stealth.  But Closed
is usually good enough.

We could help more if you posted here the text summary that you get when you
click on the "Text Summary" button below the grid of squares on the test
page.  It will tell you *which* ports are Closed and which are Stealth.

It sounds to me as if Zone Alarm is not blocking probes as it should, but we
can't tell for sure without more information.  Have you perhaps told it to
*allow* connections coming in from Steve's site?

> Sorry I had to delete part of your message to make it short enough to
send.

Not a problem.  If you mix your replies in between the quoted bits you are
replying to, like I have, then your post will get past Steve's "excessive
quoting" filter.  Some of us think it makes conversations easier to
follow -- others disagree.

Peter.
0
Peter
10/22/2003 3:11:00 PM
Hi:

Thanks for the responses.

I think I have solved the problem. I set the "internet  zone security" to
high and left the "trusted zone security" at medium.
I am now getting the desired results.

-- 
Have a good day,

Mel Marcovitz


"Peter W Gray" <peterw.gray@ukonline.co.uk> wrote in message
news:bn66nl$j3j$1@news.grc.com...
> Hi Mel
>
> "Mel Marcovitz" <mel_mark@pathcom.com> wrote in message
> news:bn501i$nk2$1@news.grc.com...
> > Hi:
> >
> > Thanks for the response.
> >
> > 1.My computer is a standalone computer using a dial up connection.
>
> OK.  So there isn't anything else on your end except the PC, with Zone
Alarm
> on it.
>> <snip rest of report>
> >
> Peter.
>
>
0
Mel
10/23/2003 12:59:00 AM
Reply:

Similar Artilces:

TCP Packets in order?
When receiving "TCP Packets" using a network sniffer, are (1) the packets guaranteed to be in order, or (2) does the application level need to sort the packets based on the packet sequence number? From logging it looks like it is (2). Although open source network sniffer project (http://sourceforge.net/projects/owns/), seems to make the mistake of assuming (1)! -Rael Rael wrote: > When receiving "TCP Packets" using a network sniffer, are (1) the > packets guaranteed to be in order, or (2) does the application level > need to sort the packet...

Packet size TCP/IP
How can I determine the best packet size setting for TCP/IP? Of course I could do some tests but are there certain limits or things I should know about this? I can imagine when having large records I could get better performance using larger packet size. Also how can I check the setting I use will actual come across the network (I read some switches or network cards reset the packet size). Thanks, -- Majodi [ Majodi Ploegmakers 100757,662 ComBIT@TheOffice.net ] [And from glowing tongues of candles I heard her whisper in my ear ] [ ...

failed solicited tcp packets
Hi, I am admittedly somewhat of a newbie but all my ports are stealthed (except 113 which is closed), my router doesn't respond to pings, etc. but I failed the solicited tcp packets portion of the test and am trying to find out how that happened and how to fix it. My machine runs Windows XP SP2 and I have a D-Link router that I thought was completely secure. Can someone help? Milton Cumpton wrote: > Hi, > > I am admittedly somewhat of a newbie but all my ports are stealthed (except > 113 which is closed), my router doesn't respond to pings, etc. but I ...

question about ShieldsUp and unsolicited packets
Hi folks, if this question has already been answered before, I apologize for asking it again here and pls direct me to where the answer is. I couldn't find any responses that help to answer my question. Many thanks in advance for taking the time to read this post & provide an answer. I am running Win2K WS, ZoneAlarmPro 5.0, with an SMC wireless router (with firewall features enabled, dummy IP for DMZ, discard ping from WAN is enabled) and and SMC wireless adaptor, with ADSL. (1) when I do a ShieldsUp (for the common ports or all service ports) I get a TruStealth Analysis ...

TCP/IP received packets size.
Hi there, Perhaps you can help me on this one.... I have build an distributed application where more clients can connect on a server. My client applications can take data from database in blobs. I want to make a progress bar to show how much data is received and how much is not. But, Where can I find information about size of packets I have received ? Are there any PB or system functions ? I use Windows 95 and PB 6.0. Any help... helps! ...

tcp keep-alive packets on sles
QUESTION: WILL SETTING THE FIRST_WATCHDOG_PACKET TO 5 ON A SLES OES SERVER CAUSE IT TO SEND TCP KEEP-ALIVE PACKETS EVERY FIVE MINUTES (JUST AS IT DOES ON A NETWARE SERVER)? IF SO, THEN WHY AREN'T MY SLES SERVERS SENDING OUT TCP KEEP-ALIVE PACKETS? IF NOT, THEN HOW DO I GET MY SLES SERVERS TO START SENDING OUT TCP KEEP-ALIVE PACKETS? I have had the First_Watchdog_Packet set to 5 on both NetWare and SLES. According to Marcel Cox (a poster on this forum) but not according to the latest Novell documentation this should result in keep-alive packets sent from my SLES servers ever...

Failed Solicited TCP Packets Test
It said that my pc tried to actively respond. A few of my packets are open 395, 396 and 400-402. The only ports reading as stealthy are 0, 83, 85, 113, 179, 1024-1027, 1029-1031, 1033, 1035-1037, 1039, 1041-1055. I'm running Zone Alarm 4.0 with all security set to high, no custom settings. So far I've only granted access to Outlook Express, IE, Direcway's network (my ISP), and Nortion's AV. I have to set Direcway up as a trusted network connection but so does everyone else and several people have told me they tested at stealth. I would sure appreciate any sugges...

what could i do with Solicited TCP Packets: RECEIVED (FAILED)
what could i do with Solicited TCP Packets: RECEIVED (FAILED) i am using micro trend internet security 2005 12(the newest version) and one of the good thing about this internet security pack thet i have not seen in any other internet security pack is thet it's block or hide reverse dns but i still have thet Solicited TCP Packets: RECEIVED (FAILED) error and i have port 138 closed instead of stealth but i'm not sure if this thing are related if you have any idea i would like to here about it and thanks in advance. "aviramof" <aviramof@hotmail.com> wrote in m...

Solicited TCP Packets: RECEIVED (FAILED)
I did ShieldsUp and the summary is: 0 Ports Open 19 Ports Closed 6 Ports Stealth --------------------- 25 Ports Tested TruStealth:FAILED - NOT all tested ports were STEALTH, - NO unsolicited packets were received, - NO Ping reply (ICMP Echo) was received.I think this is the problem:But wtf are Solicited TCP Pakets?What can I do to solve this Error Solicited TCP Packets: RECEIVED (FAILED) ?I have the Outpost-Personal firewall.Thanx Matthias Hello Matthias "Matthias Bacher" <-nospam-matthiasbacher@web.de-nospam> w...

Solicited TCP Packets failed, any worries here.
I am using Skype on port 41235 and I am port forwarding TCP/UDP ports to my system on my router to avoide Relays in Skype. Sheilds up gives me the following notice after a scan on that port; Solicited TCP Packets: RECEIVED (FAILED) Unsolicited Packets: PASSED Ping Echo: PASSED Can anyone clarify if there is a serious security risk here, I wish Steve would touch on Open Ports on Security Now. I know Steve recommends forwarding UPD ports for Skype but how about TCP? I can't seem to get rid of the relays without forwarding both. Thanks for the feedback. On Mo...

TCP/UDP Packet sniffing with WinXP
Is it possible to sniff packets sent from one ip to another ip if i know what the 2 ip addresses are? I dont wish to sniff my ip just a colleage of mine and his mates and see if i can sniff out the icq traffice between the pair of them. If so what is the best packet sniffer to use. Many thanks Silent Re: packet sniffing in XP Ethereal packet sniffer: http://www.ethereal.com/distribution/win32/ In article <a0d0p9$1ks9$1@news.grc.com>, Silent@ntlworld.com says... > Is it possible to sniff packets sent from one ip to another ip if i know > what the 2 ip addresses are? ...

Cannot retrieve TCP packets (bytes) correctly
Hi there everyone, I have a problem with sending and receiving TCP bytes. Clients make a request to the server and the server bundles the request as well as the query results (this is a stream converted into bytes) of the request into a buffer for sending to the client. On the client side, the client receives the response and then splits the received buffer into 2: one buffer of fixed length for the protocol request (this is just a packed record) and the other buffer will contain the stream with the request results. However, the size of the data received on the client side rarely matches...

Tool to generate arbitrary UDP and TCP packets?
[cross posted and follow-ups set to grc.techtalk] I need a tool to generate arbitrary UDP/TCP packets to test an Ethernet device under development. Initially I need to be able to define a packet (perhaps in hex) and transmit it to the device, then observe the device's reply using Ethereal. Later it may be desirable to be able to generate streams but that is not required at present, and perhaps not at all. At some point I'll write a Windows application that understands the protocols, at which point I won't need the "tool" anymore. I mainly need the tool so...

WinXP SP2 Firewall Dropping TCP Packets
I noticed in the WinXP firewall log that it is dtopping TCP packets from the POA. The firewall does have exceptions set for GroupWise and for Notify. Any reason why it would still be dropping these? Here's a few entries from the log: 2005-05-16 09:14:50 DROP TCP X.X.X.206 X.X.X.32 1677 1366 40 FAP 472979544 4262189800 4532 - - - RECEIVE 2005-05-16 09:14:50 DROP TCP X.X.X.206 X.X.X.32 1677 1366 40 A 472979545 4262189801 4531 - - - RECEIVE 2005-05-16 09:14:51 DROP TCP X.X.X.206 X.X.X.32 1677 1365 40 FAP 2211196685 190596209 8912 - - - RECEIVE 2005-05-16 09:14:51 DROP TCP ...

Web resources about - Spolicited TCP Packets - grc.shieldsup

Resources last updated: 11/29/2015 4:35:37 PM