Thanks, thats right, i got 443 and 80 forwarded to a web server.
The ports i am wondering about are:
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
Yes, CERT was the reporting authority, according to them i have an "Open DNS Resolver", and a "Portmapper" service running.
Is there a proper way to check for open ports? Any suggestions on how to structure the firewall port forwardings?
EDIT:
One more report is relating to a NetBIOS service, exposed to the internet.
I got the notices appended below.
Dear Customer,
there is a suspected security breach on your Internet connection - and
without your knowledge, your connection could be misused to cause
to harm other Internet users.
We urge you to seek the advice of an expert and to take the appropriate
and to take appropriate protective measures.
Please note that if your connection is misused in the event of an actual attack, we are
we are unfortunately forced to temporarily block your connection to protect other Internet users.
temporarily block your connection to protect other Internet users.
For experts, we have compiled background information here:
Recently, attacks from the Internet have steadily increased.
To improve security, various organizations are therefore monitoring
network areas on the Internet.
Anomalies that affect our network are then made available to us.
We have received information concerning your connection: The following has been reported
a so-called open "NetBIOS interface" has been reported on your line.
NetBIOS is a programming interface for communication between
programs over a local network. NetBIOS over TCP/IP is a
network protocol that allows programs based on the programming interface
NetBIOS programming interface over the TCP/IP network protocol.
network protocol.
In recent months, systems that respond to NetBIOS name service requests from the Internet have been
have been increasingly misused to carry out DDoS reflection/amplification attacks.
abused.
Such an attack is known as "DDoS" - "distributed denial of service".
Since your connection can be used for such an attack, your
configuration poses an acute danger to other Internet users.
Important for you: Please take the necessary protective measures in your own interest.
protective measures in your own interest. Should your connection come to light in an attack reported to us,
we would be forced to block your account first.
If you repeatedly ignore this information about the aforementioned security vulnerability
your account will be blocked automatically. The security of your
of your connection, our infrastructure and other Internet users is paramount.
Translated with www.DeepL.com/Translator (free version)
Dear Customer,
There is a suspected security breach on your Internet connection
security vulnerability - your connection could be misused to harm other
could be misused to harm other Internet users.
We urge you to seek the advice of an expert and to take appropriate
and to take appropriate protective measures.
Please note that if your connection is misused in the event of an actual
attack, we will unfortunately be forced to temporarily shut down your connection to protect
other Internet users, we will be forced to temporarily block your connection.
For experts, we have compiled background information here:
Recently, attacks from the Internet have steadily increased.
To improve security, various organizations are therefore monitoring
network areas on the Internet.
Anomalies that affect our network are then made available to us.
We have received information concerning your connection: The following has been reported on
a so-called open "DNS resolver" has been reported on your connection.
In this case, a (relatively small) query to your DNS server can result in a quite
response, which is then sent back to the (supposed) request client.
is sent back.
Since the origin of the request is not checked (UDP), it is possible, by making a
DNS servers, it is possible to send the responses of all requested servers to a common "victim".
servers to a common "victim". This flood of data usually leads to a
overload of the data line and/or the affected computer.
Such an attack is known as "DDoS" - "distributed denial of service",
more precisely: "reflection attack".
Since your connection can be used for such an attack, your configuration poses an acute
configuration poses an acute danger to other Internet users.
Important for you: Please take the necessary protective measures in your own interest.
protective measures. We therefore urge you to secure your configuration in such a way that unauthorized
that unauthorized persons cannot use your DNS resolver service.
If your connection should come to light in an attack reported to us, we would be
would be forced to block your account first.
If you repeatedly ignore this information about the aforementioned security vulnerability
your account will be blocked automatically. The security of your
of your connection, our infrastructure and other Internet users is paramount.
Translated with www.DeepL.com/Translator (free version)