Scanned ports question

Was curious to know how my firewall is holding up since it's been a
long time since I used one of those websites that scans/tests your
vulnerable ports for you. So I recently visited these three sites and
ran their ports scanner tests:
http://vector.servehttp.com
http://probe.hackerwatch.org
http://www.pcflank.com

Ever since then my firewall has shown a five-fold increase in the
number of "alerts" that outside computers have been trying to get in.


Is this coincedence or ....

Also is there any software that tests if you have unwanted leakage
*out* to the internet?
Gina

keexer

keexer wrote:
> Was curious to know how my firewall is holding up since it's been a
> long time since I used one of those websites that scans/tests your
> vulnerable ports for you. So I recently visited these three sites and
> ran their ports scanner tests:
> http://vector.servehttp.com
> http://probe.hackerwatch.org
> http://www.pcflank.com
>
> Ever since then my firewall has shown a five-fold increase in the
> number of "alerts" that outside computers have been trying to get in.
>
>
> Is this coincedence or ....
>
> Also is there any software that tests if you have unwanted leakage
> *out* to the internet?
> Gina

Are you using the Windows firewall? If so, and you are concerned with
outbound, there are free personal firewalls available from Sygate,
Kerio, ZoneAlarm that do monitor outbound. Frankly, the level of
concern being voiced by "experts" about the *inbound* performance of the
Windows firewall is cause enough for installing a third-party firewall.

Q

Quaoar

On Tue, 28 Sep 2004 12:11:55 GMT, (keexer) wrote:

>Was curious to know how my firewall is holding up since it's been a
>long time since I used one of those websites that scans/tests your
>vulnerable ports for you. So I recently visited these three sites and
>ran their ports scanner tests:
>http://vector.servehttp.com
>http://probe.hackerwatch.org
>http://www.pcflank.com
>
>Ever since then my firewall has shown a five-fold increase in the
>number of "alerts" that outside computers have been trying to get in.
>
>
>Is this coincedence or ....
>
>Also is there any software that tests if you have unwanted leakage
>*out* to the internet?
>Gina
#########################
Next time port scan your own PC or have a friend do it. Keep an eye
on the output from netstat -an Pay attention to connections in the
foreign address column.

donnie

keexer wrote:

> Was curious to know how my firewall is holding up since it's been a
> long time since I used one of those websites that scans/tests your
> vulnerable ports for you. So I recently visited these three sites and
> ran their ports scanner tests:
> http://vector.servehttp.com
> http://probe.hackerwatch.org
> http://www.pcflank.com
>
> Ever since then my firewall has shown a five-fold increase in the
> number of "alerts" that outside computers have been trying to get in.
>
>
> Is this coincedence or ....
>
> Also is there any software that tests if you have unwanted leakage
> *out* to the internet?
> Gina

The easiest way is to run a portscan of a remote machine (with the owner's
permission, of course!). Make sure that you get the IP address right. If
that machine's not using a firewall of any kind (and is in the DMZ if
behind a router or gateway) then a passive IDS such as Snort should record
accurate results. DN

David Norris

I wouldn't just let any service scan my system. You don't know what they are
recording about you. Imagine if they found out you had port 137 or 139
open, They could very easily gain access to your files. Knowing that you
either won't do anything about it, or will take time before you get a proper
firewall in place.

The only trusted source for a portscan is GRC.com or even the Symantec site
has a scanner.

Jay
http://habaneronetworks.com

"keexer" <> wrote in message
news:...
> Was curious to know how my firewall is holding up since it's been a
> long time since I used one of those websites that scans/tests your
> vulnerable ports for you. So I recently visited these three sites and
> ran their ports scanner tests:
> http://vector.servehttp.com
> http://probe.hackerwatch.org
> http://www.pcflank.com
>
> Ever since then my firewall has shown a five-fold increase in the
> number of "alerts" that outside computers have been trying to get in.
>
>
> Is this coincedence or ....
>
> Also is there any software that tests if you have unwanted leakage
> *out* to the internet?
> Gina

Jay Calvert

Jay Calvert wrote:
> I wouldn't just let any service scan my system. You don't know what they are
> recording about you. Imagine if they found out you had port 137 or 139
> open, They could very easily gain access to your files. Knowing that you
> either won't do anything about it, or will take time before you get a proper
> firewall in place.
>
> The only trusted source for a portscan is GRC.com or even the Symantec site
> has a scanner.
>
> Jay
> http://habaneronetworks.com
>
> "keexer" <> wrote in message
> news:...
>
>>Was curious to know how my firewall is holding up since it's been a
>>long time since I used one of those websites that scans/tests your
>>vulnerable ports for you. So I recently visited these three sites and
>>ran their ports scanner tests:
>>http://vector.servehttp.com
>>http://probe.hackerwatch.org
>>http://www.pcflank.com
>>
>>Ever since then my firewall has shown a five-fold increase in the
>>number of "alerts" that outside computers have been trying to get in.
>>
>>
>>Is this coincedence or ....
>>
>>Also is there any software that tests if you have unwanted leakage
>>*out* to the internet?
>>Gina
>
>
>
Personally, I wouldn't put stock in anything having to do with Mr.
Gibson either. (grc.com)

Mark

I'm going to try Symantec's.
Those three sites I mentioned reported all my ports are secure. But
they may be crooked as a dog's hind leg. I understand now.

By the way as soon as I reported my experience to this and other
newsgroups, the scans of my ports stopped.

Coincidence or ........???
Gina

keexer

"Mark" <> wrote in message
news:jDh7d.92109$wV.35030@attbi_s54...
> Jay Calvert wrote:
> > I wouldn't just let any service scan my system. You don't know what they
are
> > recording about you. Imagine if they found out you had port 137 or 139
> > open, They could very easily gain access to your files. Knowing that
you
> > either won't do anything about it, or will take time before you get a
proper
> > firewall in place.
> >
> > The only trusted source for a portscan is GRC.com or even the Symantec
site
> > has a scanner.
> >
> > Jay
> > http://habaneronetworks.com
> >
> > "keexer" <> wrote in message
> > news:...
> >
> >>Was curious to know how my firewall is holding up since it's been a
> >>long time since I used one of those websites that scans/tests your
> >>vulnerable ports for you. So I recently visited these three sites and
> >>ran their ports scanner tests:
> >>http://vector.servehttp.com
> >>http://probe.hackerwatch.org
> >>http://www.pcflank.com
> >>
> >>Ever since then my firewall has shown a five-fold increase in the
> >>number of "alerts" that outside computers have been trying to get in.
> >>
> >>
> >>Is this coincedence or ....
> >>
> >>Also is there any software that tests if you have unwanted leakage
> >>*out* to the internet?
> >>Gina
> >
> >
> >
> Personally, I wouldn't put stock in anything having to do with Mr.
> Gibson either. (grc.com)

Would you care to elaborate why not? Are you just spreading FUD or do you
have some legitimate issue (technical or otherwise?).

Kerry Liles

Kerry Liles wrote:
> "Mark" <> wrote in message
> news:jDh7d.92109$wV.35030@attbi_s54...
>
>>Jay Calvert wrote:
>>
>>>I wouldn't just let any service scan my system. You don't know what they
>
> are
>
>>>recording about you. Imagine if they found out you had port 137 or 139
>>>open, They could very easily gain access to your files. Knowing that
>
> you
>
>>>either won't do anything about it, or will take time before you get a
>
> proper
>
>>>firewall in place.
>>>
>>>The only trusted source for a portscan is GRC.com or even the Symantec
>
> site
>
>>>has a scanner.
>>>
>>>Jay
>>>http://habaneronetworks.com
>>>
>>>"keexer" <> wrote in message
>>>news:...
>>>
>>>
>>>>Was curious to know how my firewall is holding up since it's been a
>>>>long time since I used one of those websites that scans/tests your
>>>>vulnerable ports for you. So I recently visited these three sites and
>>>>ran their ports scanner tests:
>>>>http://vector.servehttp.com
>>>>http://probe.hackerwatch.org
>>>>http://www.pcflank.com
>>>>
>>>>Ever since then my firewall has shown a five-fold increase in the
>>>>number of "alerts" that outside computers have been trying to get in.
>>>>
>>>>
>>>>Is this coincedence or ....
>>>>
>>>>Also is there any software that tests if you have unwanted leakage
>>>>*out* to the internet?
>>>>Gina
>>>
>>>
>>>
>>Personally, I wouldn't put stock in anything having to do with Mr.
>>Gibson either. (grc.com)
>
>
> Would you care to elaborate why not? Are you just spreading FUD or do you
> have some legitimate issue (technical or otherwise?).
>
>
>
>
True, I agree, I should actually say something when I post. I
apologize. I'm thinking I was just tired when I posted that.

But, it's funny you use the acronym FUD, because that is exactly the
issue I have with the information posted at grc.com. While the
technical information that is posted there is (mostly) accurate, you
have to wade though an awful lot of media hype and sensationalism to get
to it.

Back to the original subject though, I do think the OP is probably safe
using the SheildsUP! service. I do think there are better alternatives
though. If all you want is a port scan consider asking someone you
personally know and trust to install Nmap and scan you.

If you are interested in outbound "leakage" when browsing web sites, the
issue is mostly with the browser, not the firewall. If you can browse
the web, you have already allowed the browser to send information out,
no matter what firewall you are using. What it sends is up to the
browser (and the active content it allows). Try different tests whether
from pcflank.com or grc.com. You will get different results depending
on which browser you use. If you see something you don't like, start
locking down your browser settings.

Mark

Mark

I would agree that there is a lot of marketing hype on grc.com but, by way
of a mild defence of that, I would argue there are SO many clueless people
out there with computers on the Internet - some sort of attention-grabbing
is rather important. Yes, I too get tired of some of the colour scheme
things and hand waving, but then, I have spent a lot of time rebuilding
neighbour's computers and networks after a serious infestation.

Your advice to the OP is very valid and good.

Regards,
Kerry


"Mark" <> wrote in message
news:CWn8d.188539$D%.145266@attbi_s51...
> Kerry Liles wrote:
> > "Mark" <> wrote in message
> > news:jDh7d.92109$wV.35030@attbi_s54...
> >
> >>Jay Calvert wrote:
> >>
> >>>I wouldn't just let any service scan my system. You don't know what
they
> >
> > are
> >
> >>>recording about you. Imagine if they found out you had port 137 or 139
> >>>open, They could very easily gain access to your files. Knowing that
> >
> > you
> >
> >>>either won't do anything about it, or will take time before you get a
> >
> > proper
> >
> >>>firewall in place.
> >>>
> >>>The only trusted source for a portscan is GRC.com or even the Symantec
> >
> > site
> >
> >>>has a scanner.
> >>>
> >>>Jay
> >>>http://habaneronetworks.com
> >>>
> >>>"keexer" <> wrote in message
> >>>news:...
> >>>
> >>>
> >>>>Was curious to know how my firewall is holding up since it's been a
> >>>>long time since I used one of those websites that scans/tests your
> >>>>vulnerable ports for you. So I recently visited these three sites and
> >>>>ran their ports scanner tests:
> >>>>http://vector.servehttp.com
> >>>>http://probe.hackerwatch.org
> >>>>http://www.pcflank.com
> >>>>
> >>>>Ever since then my firewall has shown a five-fold increase in the
> >>>>number of "alerts" that outside computers have been trying to get in.
> >>>>
> >>>>
> >>>>Is this coincedence or ....
> >>>>
> >>>>Also is there any software that tests if you have unwanted leakage
> >>>>*out* to the internet?
> >>>>Gina
> >>>
> >>>
> >>>
> >>Personally, I wouldn't put stock in anything having to do with Mr.
> >>Gibson either. (grc.com)
> >
> >
> > Would you care to elaborate why not? Are you just spreading FUD or do
you
> > have some legitimate issue (technical or otherwise?).
> >
> >
> >
> >
> True, I agree, I should actually say something when I post. I
> apologize. I'm thinking I was just tired when I posted that.
>
> But, it's funny you use the acronym FUD, because that is exactly the
> issue I have with the information posted at grc.com. While the
> technical information that is posted there is (mostly) accurate, you
> have to wade though an awful lot of media hype and sensationalism to get
> to it.
>
> Back to the original subject though, I do think the OP is probably safe
> using the SheildsUP! service. I do think there are better alternatives
> though. If all you want is a port scan consider asking someone you
> personally know and trust to install Nmap and scan you.
>
> If you are interested in outbound "leakage" when browsing web sites, the
> issue is mostly with the browser, not the firewall. If you can browse
> the web, you have already allowed the browser to send information out,
> no matter what firewall you are using. What it sends is up to the
> browser (and the active content it allows). Try different tests whether
> from pcflank.com or grc.com. You will get different results depending
> on which browser you use. If you see something you don't like, start
> locking down your browser settings.
>
> Mark

Kerry Liles