HackerWatch Test

Discussion in 'other firewalls' started by crockett, Aug 3, 2002.

Thread Status:
Not open for further replies.
  1. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    :eek:Hi guys;

    I just tried a security scan on HackerWatch (www.hackerwatch.org), testing a few common ports for vulnerabilities.

    I was surprised to read on the results page that port 25 smtp was 'open, vulnerable and responding' despite a very good software firewall running on my machine. I first checked all the settings to look for potential configuration errors, but couldn't find any.

    I went to pcflank (www.pcflank.com) and tried a similar test, which revealed port 25 as 'stealthed'. Tried again on sygate (scan.sygatetech.com) which 'confirmed' the stealthed result from pcflank.

    IMHO, there might be a bug on hackerwatch server, but just to make sure and for the sake of my own peace of mind, could someone else (who surely knows the smtp 25 port vulnerability just CANNOT exist on his machine)try this test and report on his results here so I could get some kind of confirmation about this ?

    Thanks a lot...

    Crockett
     
  2. claire

    claire Guest

    Hi,
    I must be still sleeping.I went there and did not find any test. o_O
    Where can i find it?
     
  3. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    Hi Claire; :)

    Thanks for replying.

    Please follow the link http://www.hackerwatch.org/probe/ and select 'port scan'.

    Crockett :cool:
     
  4. claire

    claire Guest

    Hi Crockett,
    I just passed the test.All my ports are stealhted :D :)
    I am using LnS with enhanced ruleset
    Take care
     
  5. snowman

    snowman Guest

    Secure
    21 (FTP)

    This port is completely invisible to the outside world.



    Secure
    23 (Telnet)

    This port is completely invisible to the outside world.



    Secure
    25 (SMTP Mail Server Port)

    This port is completely invisible to the outside world.



    Secure
    79 (Finger)

    This port is completely invisible to the outside world.



    Secure
    80 (HTTP)

    This port is completely invisible to the outside world.



    Secure
    110 (POP3 Mail Server Port)

    This port is completely invisible to the outside world.



    Secure
    139 (Net BIOS)

    This port is completely invisible to the outside world.



    Secure
    143 (IMAP)

    This port is completely invisible to the outside world.



    Secure
    443 (HTTPS)

    This port is completely invisible to the outside world.
     
  6. Loki

    Loki Registered Member

    Joined:
    May 26, 2002
    Posts:
    193
    Location:
    Lake Worth, Florida, USA
    Hi Crockett,
    Just did a scan at the link you provided came up secure on all ports. Did you try again?
     
  7. snowman

    snowman Guest

    Crockett

    what I notice most was that the site's attempt of some sort to collect info prior to beginning the test....

    snowman
     
  8. snowman

    snowman Guest

    dumb me...I should have just said I passed the test instead of posting the long results......
     
  9. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    Hello all of you;

    Claire's last post finished with 'take care'... Well, just seems I'm not doing that good a job of taking care of myself by now, am I ? :D

    Tried to re-do the test, but can't get back on the site for the time being. Maybe other people are trying to pass the test following what has been written here. Hope I'm not causing too much havoc... ;)

    Anyway, since all of your results seem to go in the same direction, the problem should probably come from my firewall. Recently installed one of the prior versions of it because I wanted to check interoperability among some softwares, and I guess this old version might be the culprit. Gonna switch back to a more recent version and see what will happen.

    BUT - and that may be the most troublesome point - the hackerwatch testing procedure has been the only one to uncover this vulnerability on my machine. How could pcflank and sygate miss it ?

    Don't mistake what I'm pointing to here. I am a big fan of pcflank - it simply IS one of my favorite sites. But one set of tests just doesn't seem to be enough in and of itself. Why, I don't know.

    I'm glad I came across hackerwatch - I can now get my hands dirty and try to solve the problem.

    I'll get back to this thread and post positive results as soon as I can...

    Thanks for your replies.

    Crockett
     
  10. snowman

    snowman Guest

    Crockett

    imo the test at hackerwatch was very weak...
     
  11. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    Hi Snowman;

    You may be right, but then it makes the matter all the more mind-boggling - why this test and not 'stronger' ones ? o_O

    Crockett
     
  12. snowman

    snowman Guest

    Crockett

    for your consideration.......you can open outlook express an change your pop3 ports to secure.....an try the test again..
     
  13. snowman

    snowman Guest

    Crockett

    if you decide to change you pop3 port to secure....just for testing this test.......don't forget to change it back...otherwise you may not recieve mail......happens sometimes
     
  14. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    :DHello back;

    Can't wait to try all these possible solutions, but can't get back to hackerwatch either !

    Seems to currently be a whole lot of traffic going on overthere...

    I'll connect back later and post whatever improvement I may be able to obtain.

    Thanks and see you later Snowman.

    Crockett :cool:
     
  15. snowman

    snowman Guest

    Crockett

    you are most welcome......frankly I find it rather odd that your firewall blocked all the other ports but not port 25.......that just does not seem correct.

    wishing you a pleasent day......later

    snowman
     
  16. dom424

    dom424 Guest

    I did the test and it showed about 1/2 secure and the other 1/2 open. My firewall logs showed they were blocked. Ran the test again and all were open except port 21. Did not change a thing before I ran the 2nd test.
     
  17. jnibori

    jnibori Registered Member

    Joined:
    Jul 31, 2002
    Posts:
    41
    I ran a port scan and discovered I have numerous vulnerabilities. I use the new version (free) of Zone Alarm. Is there a way to configure either ZA, or perhaps do something else to reduce my exposure?

    Open and Unsecure!
    21 (FTP)

    This port is not being blocked and there is a program accepting connections on this port.

    Open and Unsecure!
    23 (Telnet)

    This port is not being blocked and there is a program accepting connections on this port.

    Open and Unsecure!
    25 (SMTP Mail Server Port)

    This port is not being blocked and there is a program accepting connections on this port.


    Open and Unsecure!
    79 (Finger)

    This port is not being blocked and there is a program accepting connections on this port.


    Open and Unsecure!
    80 (HTTP)

    If this computer is not supposed to be acting as a web server you should not have this port open.


    Open and Unsecure!
    110 (POP3 Mail Server Port)

    This port is not being blocked and there is a program accepting connections on this port.


    Open and Unsecure!
    139 (Net BIOS)

    Having the NetBIOS port accessible to the Internet is very dangerous. Check your firewall configuration or install McAfee.com Personal Firewall if you have not already done so.


    Open and Unsecure!
    143 (IMAP)

    This port is not being blocked and there is a program accepting connections on this port.

    Open and Unsecure!
    443 (HTTPS)

    If this computer is not supposed to be acting as a web server you should not have this port open.

    Also, when I do a port scan, via the Shield's Up site and Symantic, everything is fine. Also, how does this site finish the scan in litterly a nano-second?

    Thanks for taking the time to read this.
     
  18. dom424

    dom424 Guest

    Everywhere but here I am stealth too. I am not putting any stock in this scan. My firewall logs show blocked even though hackerwatch is saying I am open, so to me it is nothing to worry about.
     
  19. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    I remember at one time there was a version of NAV that in checking the email, held the SMTP port open and some firewalls would show an open port because of NAV. I think NAV fixed it in the next version though.
    Also sometimes some of the port scans on the net are totally unreliable. I have quit using Sygates, which used to be one of the best, but will indeed report secured ports as open, now.
    Also, people with routers need to remember that scans scan the router, not the machine with the firewall. Same goes for anyone using a proxy.
     
  20. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    I just went there and ran the scan. It said all my ports were open. Well, outpost has the ability to look at active packets being transferred and I found that Hackerwatch was picking up the IP of my ISP, not me. I would expect my ISPs ports to show open.
    Never trust a scan site unless it shows you the IP it is scanning. Otherwise, you never know who it is scanning.
     
  21. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    Crockett,

    From the postings between your last one and now, it seems to me that there's a real possibility that you're ISP is routing you through a proxy server that it runs. In that case, HackerWatch could well be testing the proxy server rather than your own currently assigned IP address. I haven't been there in a long time, but that seems the most likely possibility to me.

    There's another one (always is! ;) ) Are you running a configurable router? Sometimes, what happens is that your router ends up getting tested; not your firewall. (And this definitely can happen at PCFlank, for example.)
     
  22. Rickster

    Rickster Guest

    Indeed Root, that would be the deal. I was wide open there, contrary to Sygate, GRC, Symantec, PCFlank, Security Safe and TDS-3 which show its tight as a drum - now I see why. Thanks for the headsup Crockett, it sure gets your attention, but good to crosscheck before changing anything and illustrates the value of the forum. Can just imagine the number of people freaking out and fiddling with otherwise good security profiles, perhaps for the worse, on basis of dip stick test configurations like that one.
     
  23. jnibori

    jnibori Registered Member

    Joined:
    Jul 31, 2002
    Posts:
    41
    Well, at least now I don't have to sleep with one eye open.
     
  24. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Yes you do. Never heard of the firewall fairy? :)
     
Thread Status:
Not open for further replies.