Security & Ports.

Today I did an online security test on the Symantec website. The results
showed that most of my common ports were either open or closed.
I then did the same test on the Shields Up website and the results showed
all my ports to be stealth.
Yesterday while online NAV reported an intrusion attempt on port 1476 by
NMap Xmas Scan, the attempted intrusion was blocked.
I have 3 questions.
Firstly why does the symantec site report the ports status to be different
to the shields up site?
Secondly if my ports are stealth is it possible for a scanner to see my
machine on the internet?
Thirdly is it possible that my linksys router firewall ingnored the scanner
and it was in fact the symantec software that responed thus making me
visable on the internet.

Many thanks....

The One

The One wrote:
> Today I did an online security test on the Symantec website. The results
> showed that most of my common ports were either open or closed.

Actually?-!

> I then did the same test on the Shields Up website and the results showed
> all my ports to be stealth.

That means they don't respond with a NAK.

> Yesterday while online NAV reported an intrusion attempt on port 1476 by
> NMap Xmas Scan, the attempted intrusion was blocked.
> I have 3 questions.
> Firstly why does the symantec site report the ports status to be different
> to the shields up site?



> Secondly if my ports are stealth is it possible for a scanner to see my
> machine on the internet?

Only if you have some ports open, i.e. you run a server.

> Thirdly is it possible that my linksys router firewall ingnored the scanner
> and it was in fact the symantec software that responed thus making me
> visable on the internet.

that's possible.

Rick Merrill

"The One" <> writes:

> Today I did an online security test on the Symantec website. The results
> showed that most of my common ports were either open or closed.
> I then did the same test on the Shields Up website and the results showed
> all my ports to be stealth.
> Yesterday while online NAV reported an intrusion attempt on port 1476 by
> NMap Xmas Scan, the attempted intrusion was blocked.
> I have 3 questions.
> Firstly why does the symantec site report the ports status to be different
> to the shields up site?

Good question.

> Secondly if my ports are stealth is it possible for a scanner to see my
> machine on the internet?

A scanner, no. It'll look like there's nothing on that IP address to
a scanner. Traces of you will be out there on the net in the logs of
the web servers you visit of course.

> Thirdly is it possible that my linksys router firewall ingnored the
> scanner and it was in fact the symantec software that responed thus
> making me visable on the internet.

Do a third test. broadbandreports.com has a port scanner in their
toolset. see what it says. It would be unusual for a hardware
appliance to blithely allow traffic in like that. I'm inclined to
toss the symantec scan out as erroneous.


--
Todd H.
http://www.toddh.net/

Todd H.

On Wed, 21 Mar 2007 16:07:57 GMT, "The One" <> wrote:

>Today I did an online security test on the Symantec website. The results
>showed that most of my common ports were either open or closed.

I just checked. It correctly reported all my ports as closed.

>I then did the same test on the Shields Up website and the results showed
>all my ports to be stealth.
>Yesterday while online NAV reported an intrusion attempt on port 1476 by
>NMap Xmas Scan, the attempted intrusion was blocked.
>I have 3 questions.
>Firstly why does the symantec site report the ports status to be different
>to the shields up site?

Good question.

>Secondly if my ports are stealth is it possible for a scanner to see my
>machine on the internet?

Please define "see" on the internet.

"Closed" means a rejection message is sent back letting the sender
know that there is no service to connect to. If you are "stealthed" no
response is sent back. Some people think the latter is more secure. I
don't think so. But "stealth" is a cool term for marketing people
wanting to promote something.

Actually the Symantec site is one of the few online scanners that
acknowledges "closed" as a safe state.

>Thirdly is it possible that my linksys router firewall ingnored the scanner
>and it was in fact the symantec software that responed thus making me
>visable on the internet.

What do you mean by that?

B. Nice

The One wrote:

> snip <

Secondly if my ports are stealth is it possible for
> a scanner to see my machine on the internet?
--
When you are in stealth mode, if a packet is is sent to a particular
port, the firewall drops any packet that is not allowed by the rules.
If this was an attempt by hacker to scan your ports, the very fact that
the packet was dropped tells the hacker there is something there.
Therefore, like another poster said, stealth is a marketing tool
employed by software companies attempting to sell software firewalls.
A closed port is just as secure as a stealthed port. The only concern
would be the open ports. However, if the Shields Up test showed your
ports closed, the problem was most likely with the Synmantec test
rather than your firewall. Also, there is no such thing as being
invisible on the Internet. It's just that there are so many easy
targets out there not running any kind of firewall or security
software, most hackers aren't going to waste their time trying to take
down your firewall and get into your system. You're simply one out of
millions out there.

--
Posted via a free Usenet account from http://www.teranews.com

Bullseye