April 12th, 2003, 05:12 AM
i found this site and have tried it ... it is good , and help me for analyzing my internet connection security.
The ShieldsUP! tests depend upon accurately determining your computer's Internet Protocol (IP) address. If your IP address is incorrectly determined the wrong machine will be mistakenly tested. In addition, computers with multiple network connections — like a modem and a network adapter — can have more than one IP address. And machines with only one IP address can have it effectively "hidden" or "masqueraded" if the connection passes through any sort of firewall, proxy server, or other buffering agent.
If you are using a personal firewall product which LOGS contacts by other
systems, you should expect to see entries from this site's probing IP addresses:
220.127.116.11 –thru– 18.104.22.168. Since we own this IP range, these packets
will be from us and will not be any form of malicious intrusion attempt or attack
on your computer. You can use the report of their arrival as handy confirmation
that your intrusion logging systems are operating correctly, but please do not be
concerned with their appearance in your firewall logs. It's expected
April 12th, 2003, 05:31 AM
i have seen some pretty heavy criticism of grc/steve gibson much of it seems to have validity www.grcsucks.com and i have seen at least two other sites with similar points . I would be curious to hear what others think ?
April 12th, 2003, 05:43 AM
I don't like grc.com, he promotes hysteria, and never bothers to explain anything, just say "big flaw! patch! use my software!". I could go on all day about steve gibson, but I won't. I do want to say one thing though, the guy at grcsucks.com, does not know everything, he hasn't done his research, he says blackice isn't a firewall, well, I was at staples, and on the box of blackice, it said firewall. So, be wary of what you read. Take it in cautiously, and learn what these people are talking about, but not from them.
EDIT: And for somebody who talks about security, and how he does his part,(gibson), he shouldn't create software that lets people use his shields up test against others.
April 12th, 2003, 05:52 AM
I had never heard of grc/steve gibson until this post. However the "Shields Up" scanner seems to be a shame, it was obviously designed for those who lack any real computer knowledge. The Test My Shields button did nothing but a NetBIOS scan.... and still left most of the information (Computer Name, User Name, Workgroup) blank. All it did was tell me I have password protected shares and the names of my shares. Anyone who's actually concerned about computer security should be able to determine the shares on their computer. The scan didn't even check for hidden administrative shares (C$, D$, IPC$). As for the Probe My Ports button, it ran a port scan.. and not a very indepth one.... It checked a few standard ports to see if they were open or closed and that was all.. It doesn't even scan standard trojan ports (I opened a few up with NetCat and it didn't connect to a single one). I'd step into the ring with a grizzly bear than trust what this guys site tells me about my computer.
April 12th, 2003, 06:23 AM
I hear a lot of mixed things about Steve Gibson and ShieldsUp!, and my own feelings reflect that conflict. On the one hand, I think he does a pretty good job of raising awareness among Joe and Jane Sixpack, even if what he says is not exactly right and tends to be a little exaggerated. That has to count for something, because I think awareness among the average home user is one of the biggest obstacles we face. I guarantee you that better than 90% of the users I come in contact with have never even heard of a firewall, have no idea why they would want one, and have never run Windows Update. If Steve Gibson can introduce those words into their vocabulary and get them to think about the issue, then God bless him.
On the downside, I don't think ShieldsUp! is a very good tool at all and tends to give people a false sense of security. It probes 12 commonly used ports out of 65,000 and gives the impression that if those ports are "stealthed" you are OK. None of us here would think that, but we take a lot for granted because we've been around it so much. There are far better online port scanners. scan.sygatetech.com, for instance, is much more complete IMO.
I don't think anybody who claims credit for developing the SYN probe can really be taken seriously, but that's not to say he isn't performing a valuable service in many ways.
Do what you want with the girl, but leave me alone!
April 12th, 2003, 12:18 PM
Kinda like Al Gore's run for President...... After all, he did invent the internet......
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
April 12th, 2003, 12:54 PM
I actually like the site.
I have read most of the articles on the site and they are quit informative.
I think he does a nice job raising awareness and I point alot of noobs to the site. I also use it when I have to skool someone on computer security. Showing them why they have to remove fnps from their windows.
Nice starting point IMHO.
April 20th, 2003, 05:56 AM
The problem with grc.com and Gibson are:
-The biased editorialistic style he uses in his "articles"
-He often sounds like a security newbie himself;
in some way it can help him explain stuff "in a comprehensible way" to other newbies,
on the other hand, he keeps "discovering" stuff and taking credit for things that have been known in the security community for ages.
All this results in an unreliable information source that engages in self-engrandisment: he's like an infomercial for IT sec.
Credit travels up, blame travels down -- The Boss
April 20th, 2003, 07:03 AM
Only trust what you know, there are some dodgy sites out there
April 20th, 2003, 01:19 PM
i m gone,thx everyone for so much fun and good info.
cheers and good bye