help with ip's

MonstaDriva · 09-02-2007, 07:11 AM

Hi , I hope this is the right place so here goes . First , I have 2 pc's networked through a linksys befsr41 that I purchased yesterday . I have hughesnet HN7000N modem . I think it must be static ip since even if I power off the modem , when I restart it gives me the same ip . Now I have installed everything and it all seems to be working properly . A fella I was talking to told me that if I bought a router each pc could have its own ip and I took him as saying that each would have its own ip on the internet . Did I misunderstand him and he meant each would have its own ip on the network ?The reason I ask , if its at all possible I would like for each pc to look as though it has its on ip to the internet . In other words for example , if each pc is connected to irc and someone does a dns on each pc they would return different ip's to the person doing the dns . Is this possible to setup ?I'm not a whiz by any means to networking but I am pretty sharp otherwise . I would appreciate anyone helping me with this matter . Thanks

MD

**johnwill** · 09-02-2007, 02:49 PM

You did misunderstand him. In spite of the fact that you happened to get the same IP address through a power-off, you almost certainly have a dynamic IP address. The only way for you to accomplish what you desire is to spend the money for multiple IP addresses from the ISP, usually an extra cost option.

MonstaDriva · 09-02-2007, 02:57 PM

thank you for your reply . Its a hughesnet sat modem . I have powered it off 3 or 4 times this weeks sometimes as long as 2 hours , running cabling etc and it still has the same ip every time I power it up, even after its been disconnected at the coax . I noticed when I added this new router yesterday and hooked up the 2nd pc that web pages now load as slow or slower than my dialup did , yet when I do speedtest on either pc its over 800k down and 150k up . Its really got me bumfuzzled how the web pages load at a crawl now . Any ideas on that ? This is my first experience with a router . I was surprised to find at shieldsup that all but one of my ports are wide open and I haven't a clue how to close them but I will just have to learn that .thanks and hope you have an idea on the web page problem.

MD

**johnwill** · 09-03-2007, 01:13 PM

If you have a satellite modem, you may have to tinker with the MTU setting in the router. Try reducing it in steps of 100 and see if it changes the response speeds.

The satellite modem may be the reason that you see the odd results, I have no experience with satellite Internet connections.

**Cellus** · 09-04-2007, 12:17 PM

Quote:

Originally Posted by MonstaDriva

...I was surprised to find at shieldsup that all but one of my ports are wide open...

MD

That is most definitely not right. Are you using a Personal (software) Firewall at all? Is Windows Firewall on, or are you using something else like ZoneAlarm or COMODO Firewall Pro?

While it may or may not related, ports which shouldn't be open plus web browsing performance issues can equal to spyware/malware.

I would recommend going through our HijackThis 5 Step Process. If the various scans are coming up with hits, you should definitely complete the five steps and post a HijackThis Log in our HijackThis Log Help forum so a member of our security team can help clean your system.

MonstaDriva · 09-15-2007, 10:34 AM

hi, you got me worried now , heres what the scan shows at shields up for me
Your computer at IP:

ip ***********

Is being profiled. Please stand by. . .

Total elapsed testing time: 4.997 seconds

Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.

Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

Port
Service
Status Security Implications

0
<nil>
OPEN! Port 0 is unused and "reserved". But, as you can see, Internet packets can be sent to your system's port zero. It is unusual for this port to be open (when it is not stealthed it is usually closed) but something in your system or network appears to be accepting connections on port zero. You may click the port "0" link to the left to access our online Port Authority database for more information about port zero.

21
FTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

22
SSH
OPEN! Secure Shell provides a secure-connection version of the Telnet remote console service with additional features. Unfortunately, the SSH services and their security add-on packages have a long history of many widely exploited buffer overflow vulnerabilities. If your system has this port exposed to the outside world you should be vigilant in keeping your SSH service updated.

23
Telnet
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

25
SMTP
OPEN! Since it is more likely that you may have an open SMTP, SPAM-relaying proxy running on your system, than a real SMTP server, this is something you'll want to look into immediately. Spammers routinely use such open proxies to relay their content, so you probably don't want to be aiding them, nor to have your IP address associated with their activities.

You may provide your IP address (as shown above) to this site http://www.abuse.net/relay.html to have them safely check your system's port 25 for use as an open SMTP eMail forwarding proxy.

79
Finger
OPEN! The Finger service is an old source of Internet information. It is often used as a starting point for an attack, since many times a "finger" will point the attacker in the right direction with all sorts of names to be used in password cracking. Accepting connection on the Finger port lights a beacon in the night for attackers.

80
HTTP
OPEN! The web is so insecure these days that new security "exploits" are being discovered almost daily. There are many known problems with Microsoft's Personal Web Server (PWS) and its Frontpage Extensions that many people run on their personal machines. So having port 80 "open" as it is here causes intruders to wonder how much information you might be willing to give away.

110
POP3
OPEN! If you are certain that ShieldsUP! is really scanning your computer and not your ISP's proxy server by mistake, then the most common reason for a personal user to find port 110 open is if they are running an anti-viral eMail filter such as included in Norton AntiVirus 2000 (NAV2K).

Like any OPEN port, this represents a potentially serious security hole, and, in fact, the first version of NAV2K's "POProxy" eMail scanner was found to be unsafe and opened its user's computer to attack! Symantec reluctantly responded to the problem but only produced half a solution (otherwise you wouldn't be reading this!).

113
IDENT
OPEN! Identification/Authorization Service — Internet servers such as POP, IMAP, SMTP, and IRC query this port in response to client connections. It should NEVER be open since this is a source of tremendous information escape. Unsophisticated firewalls will show it closed — thus this provides a means for intruders to detect an otherwise stealthed computer. Only the latest, highest technology, adaptive firewalls are smart enough to stealth this port against random probes while showing it closed to queries from valid servers.

119
NNTP
OPEN! (Network News Transport Protocol) This port is used by and opened by USENET-style newsgroup servers. It will probably be open only when a local news server is running on your system.

135
RPC
OPEN! (Remote Procedure Call) This impossible-to-close port appears in most Windows systems. Since many insecure Microsoft services use this port, it should never be left "open" to the outside world. This port has been exploited to send "Messenger Spam" pop-ups to Microsoft windows users. Since it is impossible to close, you will need a personal firewall or NAT router to block it from external access. Do it soon!

139
Net
BIOS
OPEN! As you probably know by now, the NetBIOS File Sharing port is one of the largest security holes for networked Windows machines. The payoff to Malicious hackers from finding open Windows shares is so big that many scanners have been written just to find open ports like this one. Closing this port is not difficult and it should be a priority for you!

143
IMAP
OPEN! The Intenet Message Access Protocol is probably the most often scanned-for port after port 139 (NetBIOS). IMAP is a relatively new system, so its servers have not had time to mature and intruders are having a field day cracking into them. Responding affirmatively to connection attempts on this port (as your system is currently doing) will draw a lot of attention to your system!

389
LDAP
OPEN! This LDAP port, hosting the Lightweight Directory Access Protocol, is often opened by teleconferencing systems of various sorts. The most common is Microsoft's NetMeeting system which opens several ports. If you don't need this port to be open all of the time, closing it while it's not needed will enhance your system's security.

443
HTTPS
Closed Your computer has responded that this port exists but is currently closed to connections.

445
MSFT
DS
OPEN! This impossible-to-close port first appeared on Windows 2000 and was carried over to Windows XP. Since several insecure Microsoft services use this port, it should never be left "open" to the outside world. Since it is impossible to close you'll need a personal firewall or residential NAT router to block this port from external access. Do it soon!

1002
ms-ils
OPEN! This Microsoft Internet Locator Service (ILS) port appears to be open whenever Microsoft's Internet Connection Sharing (ICS) system is being used. Unfortunately, this port is apparently not needed unless Microsoft's NetMeeting is operating, though it is open anyway. It is not known what vulnerabilities will be discovered here, so arranging to close the port would be time well spent.

1024
DCOM
OPEN! One or more unspecified Distributed COM (DCOM) services are opened by Windows. The exact port(s) opened can change, since queries to port 135 are used to determine which services are operating where. As is the rule for all exposed Internet services, you should arrange to close this port to external access so that potential current and future security or privacy exploits can not succeed against your system.

1025
Host
OPEN! One or more unspecified Distributed COM (DCOM) services are opened by Windows. The exact port(s) opened can change, since queries to port 135 are used to determine which services are operating where. As is the rule for all exposed Internet services, you should arrange to close this port to external access so that potential current and future security or privacy exploits can not succeed against your system.

1026
Host
OPEN! One or more unspecified Distributed COM (DCOM) services are opened by Windows. The exact port(s) opened can change, since queries to port 135 are used to determine which services are operating where. As is the rule for all exposed Internet services, you should arrange to close this port to external access so that potential current and future security or privacy exploits can not succeed against your system.

1027
Host
OPEN! One or more unspecified Distributed COM (DCOM) services are opened by Windows. The exact port(s) opened can change, since queries to port 135 are used to determine which services are operating where. As is the rule for all exposed Internet services, you should arrange to close this port to external access so that potential current and future security or privacy exploits can not succeed against your system.

1028
Host
OPEN! One or more unspecified Distributed COM (DCOM) services are opened by Windows. The exact port(s) opened can change, since queries to port 135 are used to determine which services are operating where. As is the rule for all exposed Internet services, you should arrange to close this port to external access so that potential current and future security or privacy exploits can not succeed against your system.

1029
Host
OPEN! One or more unspecified Distributed COM (DCOM) services are opened by Windows. The exact port(s) opened can change, since queries to port 135 are used to determine which services are operating where. As is the rule for all exposed Internet services, you should arrange to close this port to external access so that potential current and future security or privacy exploits can not succeed against your system.

1030
Host
OPEN! One or more unspecified Distributed COM (DCOM) services are opened by Windows. The exact port(s) opened can change, since queries to port 135 are used to determine which services are operating where. As is the rule for all exposed Internet services, you should arrange to close this port to external access so that potential current and future security or privacy exploits can not succeed against your system.

1720
H.323
OPEN! Users running Microsoft NetMeeting may discover that port 1720 is open and exposed to the Internet. This should be regarded as something of a security danger since denial of service exploits for port 1720 and the H.323 protocol have been developed in the past and others could be discovered in the future. The best policy and practice is to only run NetMeeting when it is explicitly needed. Alternatively, a NAT router or personal firewall could be configured to keep port 1720 closed until it is needed for NetMeeting conferencing.

5000
UPnP
OPEN! Universal Plug'n'Play is Microsoft's new protocol for allowing PCs to automatically discover and control a wide range of locally networked peripherals. This powerful protocol is likely to expose the user's machine to many clever remote security exploits and vulnerabilities. And, unfortunately, Microsoft has enabled this insecure protocol by default -- even if your system doesn't need or use it. You can easily disable this with our free UnPlug n' Pray utility.

MonstaDriva

09-02-2007, 07:11 AM	#1 (permalink)
MonstaDriva Registered User Join Date: Sep 2007 Posts: 3 OS: xp	help with ip's Hi , I hope this is the right place so here goes . First , I have 2 pc's networked through a linksys befsr41 that I purchased yesterday . I have hughesnet HN7000N modem . I think it must be static ip since even if I power off the modem , when I restart it gives me the same ip . Now I have installed everything and it all seems to be working properly . A fella I was talking to told me that if I bought a router each pc could have its own ip and I took him as saying that each would have its own ip on the internet . Did I misunderstand him and he meant each would have its own ip on the network ?The reason I ask , if its at all possible I would like for each pc to look as though it has its on ip to the internet . In other words for example , if each pc is connected to irc and someone does a dns on each pc they would return different ip's to the person doing the dns . Is this possible to setup ?I'm not a whiz by any means to networking but I am pretty sharp otherwise . I would appreciate anyone helping me with this matter . Thanks MD

09-02-2007, 02:49 PM	#2 (permalink)
johnwill Manager, Networking Forums Join Date: Sep 2002 Location: S.E. Pennsylvania, US Posts: 41,685 OS: Windows 7, XP-Pro, Vista, Linux Blog Entries: 1	Re: help with ip's You did misunderstand him. In spite of the fact that you happened to get the same IP address through a power-off, you almost certainly have a dynamic IP address. The only way for you to accomplish what you desire is to spend the money for multiple IP addresses from the ISP, usually an extra cost option. __________________ If TSF has helped you, Tell us about it! or Donate to help keep the site up! Microsoft MVP - Windows Desktop Experience

09-02-2007, 02:57 PM	#3 (permalink)
MonstaDriva Registered User Join Date: Sep 2007 Posts: 3 OS: xp	Re: help with ip's thank you for your reply . Its a hughesnet sat modem . I have powered it off 3 or 4 times this weeks sometimes as long as 2 hours , running cabling etc and it still has the same ip every time I power it up, even after its been disconnected at the coax . I noticed when I added this new router yesterday and hooked up the 2nd pc that web pages now load as slow or slower than my dialup did , yet when I do speedtest on either pc its over 800k down and 150k up . Its really got me bumfuzzled how the web pages load at a crawl now . Any ideas on that ? This is my first experience with a router . I was surprised to find at shieldsup that all but one of my ports are wide open and I haven't a clue how to close them but I will just have to learn that .thanks and hope you have an idea on the web page problem. MD

09-03-2007, 01:13 PM	#4 (permalink)
johnwill Manager, Networking Forums Join Date: Sep 2002 Location: S.E. Pennsylvania, US Posts: 41,685 OS: Windows 7, XP-Pro, Vista, Linux Blog Entries: 1	Re: help with ip's If you have a satellite modem, you may have to tinker with the MTU setting in the router. Try reducing it in steps of 100 and see if it changes the response speeds. The satellite modem may be the reason that you see the odd results, I have no experience with satellite Internet connections. __________________ If TSF has helped you, Tell us about it! or Donate to help keep the site up! Microsoft MVP - Windows Desktop Experience

09-15-2007, 10:34 AM	#6 (permalink)
MonstaDriva Registered User Join Date: Sep 2007 Posts: 3 OS: xp	Re: help with ip's hi, you got me worried now , heres what the scan shows at shields up for me Your computer at IP: ip *********** Is being profiled. Please stand by. . . Total elapsed testing time: 4.997 seconds Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community. Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.) Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation. Port Service Status Security Implications 0 <nil> OPEN! Port 0 is unused and "reserved". But, as you can see, Internet packets can be sent to your system's port zero. It is unusual for this port to be open (when it is not stealthed it is usually closed) but something in your system or network appears to be accepting connections on port zero. You may click the port "0" link to the left to access our online Port Authority database for more information about port zero. 21 FTP Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 22 SSH OPEN! Secure Shell provides a secure-connection version of the Telnet remote console service with additional features. Unfortunately, the SSH services and their security add-on packages have a long history of many widely exploited buffer overflow vulnerabilities. If your system has this port exposed to the outside world you should be vigilant in keeping your SSH service updated. 23 Telnet Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address! 25 SMTP OPEN! Since it is more likely that you may have an open SMTP, SPAM-relaying proxy running on your system, than a real SMTP server, this is something you'll want to look into immediately. Spammers routinely use such open proxies to relay their content, so you probably don't want to be aiding them, nor to have your IP address associated with their activities. You may provide your IP address (as shown above) to this site http://www.abuse.net/relay.html to have them safely check your system's port 25 for use as an open SMTP eMail forwarding proxy. 79 Finger OPEN! The Finger service is an old source of Internet information. It is often used as a starting point for an attack, since many times a "finger" will point the attacker in the right direction with all sorts of names to be used in password cracking. Accepting connection on the Finger port lights a beacon in the night for attackers. 80 HTTP OPEN! The web is so insecure these days that new security "exploits" are being discovered almost daily. There are many known problems with Microsoft's Personal Web Server (PWS) and its Frontpage Extensions that many people run on their personal machines. So having port 80 "open" as it is here causes intruders to wonder how much information you might be willing to give away. 110 POP3 OPEN! If you are certain that ShieldsUP! is really scanning your computer and not your ISP's proxy server by mistake, then the most common reason for a personal user to find port 110 open is if they are running an anti-viral eMail filter such as included in Norton AntiVirus 2000 (NAV2K). Like any OPEN port, this represents a potentially serious security hole, and, in fact, the first version of NAV2K's "POProxy" eMail scanner was found to be unsafe and opened its user's computer to attack! Symantec reluctantly responded to the problem but only produced half a solution (otherwise you wouldn't be reading this!). 113 IDENT OPEN! Identification/Authorization Service — Internet servers such as POP, IMAP, SMTP, and IRC query this port in response to client connections. It should NEVER be open since this is a source of tremendous information escape. Unsophisticated firewalls will show it closed — thus this provides a means for intruders to detect an otherwise stealthed computer. Only the latest, highest technology, adaptive firewalls are smart enough to stealth this port against random probes while showing it closed to queries from valid servers. 119 NNTP OPEN! (Network News Transport Protocol) This port is used by and opened by USENET-style newsgroup servers. It will probably be open only when a local news server is running on your system. 135 RPC OPEN! (Remote Procedure Call) This impossible-to-close port appears in most Windows systems. Since many insecure Microsoft services use this port, it should never be left "open" to the outside world. This port has been exploited to send "Messenger Spam" pop-ups to Microsoft windows users. Since it is impossible to close, you will need a personal firewall or NAT router to block it from external access. Do it soon! 139 Net BIOS OPEN! As you probably know by now, the NetBIOS File Sharing port is one of the largest security holes for networked Windows machines. The payoff to Malicious hackers from finding open Windows shares is so big that many scanners have been written just to find open ports like this one. Closing this port is not difficult and it should be a priority for you! 143 IMAP OPEN! The Intenet Message Access Protocol is probably the most often scanned-for port after port 139 (NetBIOS). IMAP is a relatively new system, so its servers have not had time to mature and intruders are having a field day cracking into them. Responding affirmatively to connection attempts on this port (as your system is currently doing) will draw a lot of attention to your system! 389 LDAP OPEN! This LDAP port, hosting the Lightweight Directory Access Protocol, is often opened by teleconferencing systems of various sorts. The most common is Microsoft's NetMeeting system which opens several ports. If you don't need this port to be open all of the time, closing it while it's not needed will enhance your system's security. 443 HTTPS Closed Your computer has responded that this port exists but is currently closed to connections. 445 MSFT DS OPEN! This impossible-to-close port first appeared on Windows 2000 and was carried over to Windows XP. Since several insecure Microsoft services use this port, it should never be left "open" to the outside world. Since it is impossible to close you'll need a personal firewall or residential NAT router to block this port from external access. Do it soon! 1002 ms-ils OPEN! This Microsoft Internet Locator Service (ILS) port appears to be open whenever Microsoft's Internet Connection Sharing (ICS) system is being used. Unfortunately, this port is apparently not needed unless Microsoft's NetMeeting is operating, though it is open anyway. It is not known what vulnerabilities will be discovered here, so arranging to close the port would be time well spent. 1024 DCOM OPEN! One or more unspecified Distributed COM (DCOM) services are opened by Windows. The exact port(s) opened can change, since queries to port 135 are used to determine which services are operating where. As is the rule for all exposed Internet services, you should arrange to close this port to external access so that potential current and future security or privacy exploits can not succeed against your system. 1025 Host OPEN! One or more unspecified Distributed COM (DCOM) services are opened by Windows. The exact port(s) opened can change, since queries to port 135 are used to determine which services are operating where. As is the rule for all exposed Internet services, you should arrange to close this port to external access so that potential current and future security or privacy exploits can not succeed against your system. 1026 Host OPEN! One or more unspecified Distributed COM (DCOM) services are opened by Windows. The exact port(s) opened can change, since queries to port 135 are used to determine which services are operating where. As is the rule for all exposed Internet services, you should arrange to close this port to external access so that potential current and future security or privacy exploits can not succeed against your system. 1027 Host OPEN! One or more unspecified Distributed COM (DCOM) services are opened by Windows. The exact port(s) opened can change, since queries to port 135 are used to determine which services are operating where. As is the rule for all exposed Internet services, you should arrange to close this port to external access so that potential current and future security or privacy exploits can not succeed against your system. 1028 Host OPEN! One or more unspecified Distributed COM (DCOM) services are opened by Windows. The exact port(s) opened can change, since queries to port 135 are used to determine which services are operating where. As is the rule for all exposed Internet services, you should arrange to close this port to external access so that potential current and future security or privacy exploits can not succeed against your system. 1029 Host OPEN! One or more unspecified Distributed COM (DCOM) services are opened by Windows. The exact port(s) opened can change, since queries to port 135 are used to determine which services are operating where. As is the rule for all exposed Internet services, you should arrange to close this port to external access so that potential current and future security or privacy exploits can not succeed against your system. 1030 Host OPEN! One or more unspecified Distributed COM (DCOM) services are opened by Windows. The exact port(s) opened can change, since queries to port 135 are used to determine which services are operating where. As is the rule for all exposed Internet services, you should arrange to close this port to external access so that potential current and future security or privacy exploits can not succeed against your system. 1720 H.323 OPEN! Users running Microsoft NetMeeting may discover that port 1720 is open and exposed to the Internet. This should be regarded as something of a security danger since denial of service exploits for port 1720 and the H.323 protocol have been developed in the past and others could be discovered in the future. The best policy and practice is to only run NetMeeting when it is explicitly needed. Alternatively, a NAT router or personal firewall could be configured to keep port 1720 closed until it is needed for NetMeeting conferencing. 5000 UPnP OPEN! Universal Plug'n'Play is Microsoft's new protocol for allowing PCs to automatically discover and control a wide range of locally networked peripherals. This powerful protocol is likely to expose the user's machine to many clever remote security exploits and vulnerabilities. And, unfortunately, Microsoft has enabled this insecure protocol by default -- even if your system doesn't need or use it. You can easily disable this with our free UnPlug n' Pray utility. MonstaDriva