How well protected are you?

***moxnix*** · December 22nd, 2003, 02:27 AM

Here is a scan of my system from 2003-12-14 . This was done with the firewall off, and then another with the firewall on. (copied from my web site at: http://www.freewebs.com/moxnix/ )

Here is a comparison of a port scan of my box, with the firewall turned off on the first one and then turned on on the second one. Note: my system is a very secure system, even with the firewall off. I have disabled all netbios and turned off all un-necessary services.

Firewall off:

GRC Port Authority Report created on UTC: 2003-12-14 at 22:25:23

Results from scan of ports: 0-1055

1 Ports Open
1048 Ports Closed
7 Ports Stealth
---------------------
1056 Ports Tested

The port found to be OPEN was: 1025

Ports found to be STEALTH were: 135, 136, 137, 138, 139, 445,
593

Other than what is listed above, all ports are CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

And this with the Firewall on:

GRC Port Authority Report created on UTC: 2003-12-14 at 22:29:40

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

***pwaring*** · December 22nd, 2003, 02:30 AM

From the ShieldsUp! page:

Without your knowledge or explicit permission, the Windows networking technology which connects your computer to the Internet may be offering some or all of your computer's data to the entire world at this very moment!

Hmm, I'm running Linux behind a D-Link router, and to the best of my knowledge neither of those use Windows networking technology.

***cdkj*** · December 22nd, 2003, 02:43 AM

w00t!!

i'm steath yes

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

**Alphaflux** · December 22nd, 2003, 02:57 AM

haha i passed on all tests. shields up is a good resource that i have been using alot recently, thanks for letting the other users know about it

**Nightfalls_Girl** · December 22nd, 2003, 03:18 AM

WOOT our system is.

"All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet."

Our system rocks...

/me wonders what the hell Nightfall has running on it other then Norton

Nightfalls_Girl

***phishphreek*** · December 22nd, 2003, 03:40 AM

I also passed their little tests... though, they couldn't really test my PC(s) because it is behind a cisco router that I'm using as my border firewall. I do have open ports on that... but they are restricted via ACLs to only allow certain subnets. I even tried disabling the firewalls on the PCs and just letting the boarder firewall be the only protection. Same results each time.

The ports that are forwared on the router then hit a firewall on my server, along with tcp wrappers, port sentry, and really strict password policies, amongs all the other good stuff.

The rest of my clients all have a software firewall and av.

My goal is to setup my wired network separate from my wireless network (different subnets) but still get internet access from my router and allow printing to my network printer. Some simple ACLs can take care of that.

If I can get the switch working (trying to recover it from water damage...), then I can separate it further with vlans...

Its really quite fun setting up all this with major restrictions, but still working just fine. Quite a nice little challenge, really.

***Tim_axe*** · December 22nd, 2003, 03:42 AM

Yeah, you do fail if you run a server of any sort (as I do)...

80
HTTP
OPEN! The web is so insecure these days that new security "exploits" are being discovered almost daily. There are many known problems with Microsoft's Personal Web Server (PWS) and its Frontpage Extensions that many people run on their personal machines. So having port 80 "open" as it is here causes intruders to wonder how much information you might be willing to give away.

I'm running Apache... Hrm... I've seen this website before and it is geared to the average home user. I remember installing PWS on my 98 Box many years ago because I was in so despirate need of a web server at the time. I didn't get owned, but I realized that PWS didn't like PHP so I switched to Apache...

**valhallen** · December 22nd, 2003, 02:07 PM

I did it again after locking my PC done some - without firewall.

All ports closed except 135

Tim_Axe :: I ahve a webserver running as well - but its not configured to alow outside connections - I just use it to test php and stuff before uploading to remote host

v_Ln

**unvi$ible** · December 22nd, 2003, 02:15 PM

hi,
had clean insatall the other day so i was interested to see how i will go with this test as before i was disabling services and this and that so this time i didnt do much of "homework" on it.have zone alarm on it-happy with result: NO BAD FOR A NEWBIE

LEARNT SOMETHING HERE. BIG THANKYOU TO YOUR GUYS.KEEP A GOOD WORK
Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!
Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.
0
<nil>
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

21
FTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

22
SSH
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

23
Telnet
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

25
SMTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

79
Finger
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

80
HTTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

110
POP3
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

113
IDENT
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

119
NNTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

135
RPC
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

139
Net
BIOS
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

143
IMAP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

389
LDAP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

443
HTTPS
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

445
MSFT
DS
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1002
ms-ils
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1024
DCOM
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1025
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1026
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1027
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1028
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1029
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1030
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1720
H.323
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

5000
UPnP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

**trinity7** · December 23rd, 2003, 04:50 AM

Hello. I joined this forum to get help with internet security. There is person who has broken into my pc. He also had physical access to it before I knew it was him.

I wiped my hard drive and install zonealarm pro. He got in as if it was nothing anyway.

What else can I do to keep him out?

Trinity7

Thread: How well protected are you?

Thread Tools

Display

Internet Security

Posting Permissions