I'm using a windows 7 PC
When I try to test an smtp connection through telnet giving the command:
telnet smtp.gmail.com 25
It shows a message:
could not establish connection to host, on port 25: connection failed"
How do I get my PC to establish a connection with the smtp host on port 25?
I checked the possibility of a Firewall blocking the port and also try using the telnet command on ports 465 or 587.
It works for me. Perhaps your ISP has a policy of blocking outbound port 25 connections, except to their official outgoing SMTP servers. That's why many services support
alternate port numbers for their SMTP service. You didn't say what the results were
for the alternate ports, so it's hard to say for sure whether that's your problem.
I also faced the same problem. The solution works for me
Either off the firewall OR Follow the below steps:
Open Windows Firewall with Advanced Security
Open Inbound Rules New Rule
Choose Port type
Choose TCP, and enter the required port - in our case, 25
Choose to Allow the connection Choose all three profiles (Domain+Private+Public)
Enter a custom rule name, e.g. "Port 25"
Press finish
Check whether SMTP port 25 is opened or not
a. Open up a command prompt.
b. Type “telnet <server_ip> 25” then hit enter.
c. Once you are determined the results. Type quit and hit enter
Important: Antivirus software can help protect your computer against viruses and other security threats. In most cases, you shouldn't disable your antivirus software. If you have to temporarily disable it to install other software, you should re-enable it as soon as you're done. If you're connected to the Internet or a network while your antivirus software is disabled, your computer is vulnerable to attacks.
Click Start, Programs, McAfee, VirusScan Console.
Double-click Access Protection
select Anti-virus Standard Protection
Unchecked enable access
Related
I want to block a program from accessing the local server "local host" (On windows) temporary so i can test random disconnections cases ... I tried adding a (rule) to the firewall for disabling both inbound and outbound in all networks types but the program just got block from accessing the internet not the local network
Moving on to an answer instead of a comment - nevertheless, more information on your use-case is greatly appreciated;
I think it is impossible to block access to localhost but allow internet access. Two reasons:
Networking works on different layers ("OSI layers") and localhost communication is looped back before firewall might filter (see ). Not so sure on this though.
localhost communication might be "basic" in a way that it is necessary for applications when they want to communicate via network.
UPDATE after OPs comment
I assume you are on Windows 10, and you know the path to the executable of the program you want to block.
Open "Windows Defender Firewall with Advanced Security".
On the left side, go to "Outbound Rules".
Then, on the right side click on "New Rule...".
A new window will open; Leave "Program" selected and click "Next".
Next to "This program path:" is a Button "Browse..." - select your program here. Click "Next..."
Select "Block the connection", then "Next...".
Select all three; Domain, Private and Public.
After click "Next..." choose an appropriate name, then click "Finish".
From now on, you can disable/enable this rule as you see fit.
Kinda hard to provide detailed answer having only the information you've provided, but I think this scenario can be easily tested with simple containers configuration: having both program under test and "localhost" service running in containers, you can randomly update container's network configuration to simulate connectivity issues.
You can use a reverse proxy like Fiddler and block all requests coming from this application to localhost.
If I understood what you mean then this will do:
To create a rule, select the Inbound Rules or Outbound Rules category at the left side of the window and click the Create Rule link on the right side. The Windows firewall offers four types of rules: Program – Block or allow a program. Port – Block or allow a port, port range, or protocol.
if you are using a third party anti-virus solution with a built-in firewall, go to the firewall option and black list/disable/prevent internet access to your app
Otherwise, disabling your firewall will not stop any access, as it will allow inbound and outbound traffic. you can prevent specific ports but disabling the firewall wall will not only do what mentioned before but it will also leave your device vulnerable for online threatts
Try these 3 simple steps.
run your program
Open cmd ( please check you need admin access for this, if yes then run as admin)
Run the following command to see at which port the localhost is listening.
netstat -ano | findstr :
e.g (if your localhost is listening at port 3900 the command will be as follow;
netstat -ano | findstr :3900
the result will be shown on cmd console, the last column is PID (Process id)
We will just kill that process which will eventually stop the localhost server to listen any request from any source.
taskkill /PID /F
< PID > that you will get from above command.
in this case, only the localhost will stop it's service, but you application will keep communicating to outer network, internet.
I set a netcat listener on my windows 7 machine
nc -nvlp 4444
Then I try to connect to it via kali linux:
nc -nv <Target_Ip_address> 4444
I get a connection refused. However, if I connect locally from the windows machine to the port I get a successul connection. In addition, when I run an nmap scan on the port I get its filtered. However, I never messed with any firewall and there are other ports that are open. The only problem is I can not open any ports to connect to (including port 4444) besides the ones already opened. Any help would be appreciated
I have tried to open other ports besides 4444 but none work. I attempted to connect to the ports already open and those worked.
I run nc -zvw3 <Target_IPAddress> 4444 on kali linux and get connection timed out. I verify the port is open on windows machine by netstat -a. I don't understand why I can't connect
Some ports will be open in windows by default. What you're looking for is the advanced firewall settings.
You can find this by pressing WIN+R and entering wf.msc. You can also find the advanced settings in Control Panel/System and security/Windows Firewall/Advanced settings. Here, you can add new policies to your inbound and outbound rules for both programs and ports.
Per example, here is how you open up port 4444 for inbound traffic:
Go to "Inbound Rules"
Click on "New Rule..." in the actions list
Select "Port"
Choose whether you want to apply your rule to TCP or UDP traffic
Enter 4444 in the textbox
Choose "Allow the connection"
Check where the rule should apply
Give it a name.
Make sure to pay attention to what you do however as it is very possible to introduce security risks here.
I am using a call to ftp.exe to upload file to a FTP Server.
This program is running since many years and uploads to number of servers, so far without problems.
After one of the receiver servers has been updated, uploads are no longer possible.
This is the command sequence:
open ftp.xxx.de
<user>
<pw>
>230 User logged in, proceed
cd upload
bin
put <filename>
and in response to this the server replies:
501 PORT IP is not the same as 10.100.244.5
150 File Status okay, about to open Connection
That is it, after this the connection is stuck and gets closed after a certain timeout period.
Funny enough, a google search for "PORT IP is not the same as" return exactly one result, which explains that the IP seen by the server is different from the one expected.
Also, when using WinSCP, FileZilla or other FTP utility programs, the connection has no problem and does transfer files just fine.
So, why does this appear and how to solve it?
The ftp.exe uses an old-fashioned active mode command PORT, which requires the client to specify its IP address to which the FTP servers needs to connect back to open a data transfer connection.
If your are behind a firewall or a NAT, the client may not know its external IP address and uses its local network address. This causes troubles. Either the server fails to connect back as it obviously cannot connect to the client's local network. Or the server rejects the PORT command straight away, if the specified IP address does not match the IP address, from which the FTP client connects to the server. This is a security measure as the difference may indicate a man-in-the-middle attack. Your server does the validation. Some servers might be configured to ignore the IP address specified in the PORT command and connect to a known IP address of the client.
Another way to solve this is, if the firewall/NAT can inspect the FTP traffic and seamlessly modify the IP address in the PORT command. This is obviously not happening.
You do not get the problem with WinSCP or FileZilla, as these clients default to the passive FTP mode, which does not have the problem. Also in the active mode these clients can be configured to use the external IP address. FileZilla also supports the modern EPRT command, that does not need to specify the IP address at all (the server uses the known IP address of the client).
See my article about active/passive FTP mode for details.
I do not think there's any way to make it working with the Windows ftp.exe. It neither supports the passive mode, nor can be configured to use the external IP address, nor supports the EPRT command.
So unless you can configure the FTP server not to do the check and connect to the known IP address of the client or configure your firewall/NAT to modify the IP address in the PORT command, you have to use another FTP client.
As you know that WinSCP works, see the guide for converting the Windows ftp.exe script to WinSCP script.
(I'm the author of WinSCP)
Using winsock as shown below we sent information to TCP port 8000. But sometimes we get error like Connection is forcefully rejected(error number 10061) and Connection is aborted due to timeout or other failure(error number 10053) . But in both pc firewall is disabled. so i think port will not be closed due to firewall. So how to troubleshoot these errors.
Dim TempWinClient As New AxMSWinsockLib.AxWinsock
TempWinClient.RemoteHost = PCName
TempWinClient.RemotePort = Port
TempWinClient.Tag = Message
TempWinClient.Connect()
For one, always call the .Close method on the WinSock control before any .Connect. I don't know what AxMSWinsockLib is, wrapper for the Winsock APIs?
Anyway, as to your question:
Firewalls aren't the only thing in the way. Ports need to be forwarded on the listening server's router; in this case, port 8000.
So on the server that you're attempting to connect to:
See if it is hooked up to a router. You need its "Default Gateway".
Open up a command prompt and type "ipconfig" without the quotes. Find the correct adapter, look at the IP address (usually 192.168.1.x) and then find the Default Gateway. Keep note of the IP address though!
The Default Gateway is the IP address of the router which you will connect to through a web browser like Internet Explorer (yuck), Google Chrome, Firefox, etc.
Open up your web browser of choice and type in: htp://192.168.0.1 (http, not htp) where the 192.168.0.1 is the Default Gateway.
You will be prompted for a username and password. Do a search on your router's model for the default password, but usually admin/admin, administrator/admin, or something will work.
Go through the menus and find something called Port Forwarding. It's different for each router, you may have to Google search for "[router model here] port forwarding" to get instructions.
Once on the port forwarding page, enter the IP address you should have taken note of earlier. This will tell the router to forward packets on port 8000 to the correct computer.
Enter the port number (8000) and apply the settings.
Then try to reconnect.
I just re-installed Ubuntu server 10.04 and decided to change all of my default ports to get a little extra security. Everything works fine, except when I decided to change the FTP (ProFTPd) port from the standard 21 to 3521. No problems with firewalls or port forwarding. ProFTPd was restarted but when I am trying to connect to it,even though it does respond, it throws the client (FileZilla) into a "passive mode" and then never goes into listing a directory.
I don't really want to use the "passive mode" and I have it disabled in proftpd.conf, but nevertheless I can't seem to change the default port otherwise and make it working. It does seem to work fine on port 21. FYI, the proftpd was installed as a standalone daemon, if that matters somehow?
Ok, I think I figured this out after reading this page: link . It appears that most FTP connections are indeed "passive" and the problem with "active" connections comes from the use of firewalls on the client side since FTP server is initiating an outgoing "data" connection to the client on some random port. In passive mode the client initiates both "command" and "data" connections to the server and hence the firewall isn't a problem, but you should specify which "passive" ports to use on the server. I enabled 3520 and 3521 PassivePorts and it's now working
FTP Active Mode by definition requires the server to initiate its outgoing connections from port L-1. Does your firewall allow outgoing connections from port 3520 as well?
From the FTP RFC:
3.2. ESTABLISHING DATA CONNECTIONS
The mechanics of transferring data consists of setting up the data
connection to the appropriate ports and choosing the parameters
for transfer. Both the user and the server-DTPs have a default
data port. The user-process default data port is the same as the
control connection port (i.e., U). The server-process default
data port is the port adjacent to the control connection port
(i.e., L-1).
...
3.3. DATA CONNECTION MANAGEMENT
Default Data Connection Ports: All FTP implementations must
support use of the default data connection ports, and only the
User-PI may initiate the use of non-default ports.
Negotiating Non-Default Data Ports: The User-PI may specify a
non-default user side data port with the PORT command. The
User-PI may request the server side to identify a non-default
server side data port with the PASV command. Since a connection
is defined by the pair of addresses, either of these actions is
enough to get a different data connection, still it is permitted
to do both commands to use new ports on both ends of the data
connection.
You might wish to take the opportunity to change your users to SFTP, a much nicer protocol.