I read in the help file that 13 plug-ins are available. Backdoor Knock (NT) Common Ports Check Encryption Keyfinder Interrogate IRC Scan LAN Scan Password Changer Netbus Emulator NetBus Host Hunter NT Global Network Shares SMTP Control Module TCP Inspector 1.0 Trojan Ports Check I use WXP. What, if any, plug-ins are worth loading? Where do I get them & how do I config TDS to use them?
Thx Finn. I see where I put a check in the box 'Load Pulgins', but this loads all 13. Is this an 'all-or-none' proposition. Can only one or two be loaded? Do you recommend loading them all?
Yeah, that was a stupid question. Sorry for being a moron. Thx for being patient. This prgm is very powerful. A couple of the plugins locked on me. No problem. No hard lock. The TCP inspector reported it was able to connect to 3 ports: 25 - SMTP 110 - POP3 135 - NetBIOS Do you see anything wrong with that? I use ZoneAlarm on a cable connection.
Hi Spanky! No, that's not a problem. But for the ports 25 and 110 there should be written "closed". Both ports are being used by your mail software. If you have NetBIOS activated (printer and file sharing) then this is o.k. as well that port 135 is open. Are you in a network and are you using printer and file sharing? If not, deactivate NetBIOS (printer and file sharing). Don't forget that you probe your own system. If you wanna try to probe your system from outside and see how secure it is, go and do these tests: www.pcflank.com Best regards! Patrice
Hi Spanky, The first two are your email, the third is your local network - 135: DCE endpoint resolution, RPC-LOCATOR - RPC (Remote Procedure Location Service . If you are a stand alone pc disable file & print sharing, if you have a local network check that ZA is correctly set up go here http://scan.sygate.com/ and this will show if port 135 is open to the Internet. HTH Pilli
Wow! Pilli wat a lovely new avatar and so appropriate! Applause for you! Yes those ports can be blocked in the firewall as long as you get emails through
Thanks Jooske, Maybe running a bit fast? Spanky & Patrice, The reason I suggested sygate test is that it can find your true IP addy when you are using a NAT router PCflank cannot & usually only sees your ISP's cache sever thus testing the cache server & not your true IP. I'll also add this one: http://www.auditmypc.com:85/scanoptions.asp?S=204779YZ7V8Z7Z700 & This one: http://www.dslreports.com/scan Pilli
Hi Pilli! Funny, I have a NAT router and PC Flank finds out my correct IP. Check it again with your router! Best regards! Patrice
Well Patrice you may have a problem, although you may not be going through a cached server i.e proxy server of your ISP: QUOTE: IP Address test The test could not determine your IP address. The test has found that the IP address used by your computer cannot be scanned. This commonly occurs because of a firewall program on your computer and/or you are connected to the Internet through a proxy-server or your ISP uses Network Address Translation (NAT) to share IP addresses. This means the test cannot check your system as the results of the testing would be incorrect. END QUOTE: Pilli
hmm, bit confused now. when you are behind a router, ok, your computer ip is hidden. But who cares, it's about your external security and your public ip should be tested, and that ip is not hidden Dolf
Dollefile, Sygate, Auditmupc & DSL can find my true IP i.e. my routers IP which is at present 80.10.76.1 (fictitious for this post)) PC flank cannot define it. My pc's actuall address is 192.169.1.100 which is a private address used by my network and is as prohibeted Internet address & is Translated by the router using NAT. The router is stealth to port scans according to the above sites that can see the routers true addrees, so I am fairly confident that it is working correctly. Any other result would be worrying
All of the above tests on my system indicate that they can identify my NAT but not my machine. So I get the same results with my firewall off or on. Most of the tests say that the results are not valid if the address shown is your NAT.
Hi Finn McCool, The router will show Stealth or Blocked to the probes if it is setup correctly & yes it should not make any difference if your pc's firewall is on or off as the router is doing it's job. The software firewall (I use Sygate Pro 5) is mainly to stop or control outbound connections. Though with TDS3 there is very little chance for a Trojan even getting on to your PC let alone making an outbound connection. Also being able to monitor all the connections using Port Explorer can show other malware or phone home programmes.
Hi Pilli! Well, the test doesn't find out my internal IP-address 192.168.XX.XX, but it finds out the IP, the provider gave me. 62.XXX.XXX.XXX. I'm having a broadband connection. This means, it's not my system which is scanned, it's my router. Got it now? Regards, Patrice P.S. The aim for these tests is to scan your system for vulnerabilities, so I would allow them to find out your IP once. Try it, perhaps you find out something new.
Patrice, I know what you are saying but in my case and that of many others PCflank fails to determine our router IP address as given by our ISPs. Your situation is obviously different. Sygate, DSL & Audit my pc can find my real (router) IP addy.
Mhh... that's interesting in a way! I wonder why -this has something to do how they implemented the scan engine into their site I guess. Regards, Patrice P.S. Nevertheless, you just test your router and NOT your system.
Dollefile, Correct! And with your other security software, hackers or crackers will always go for a softer target. Looking at my WallWatcher log today I can see at least ten different compromised PCs with their probes bouncing of my router ports 137, 139 & 445 Bugbear etc.
