Are these scan results O.K??

Hello

I've finally decided to buy a firewall for my PC.

For the record I have a P4 512 RAM WIN XP ADSL AV and a firewall on one of those 2-week trials.

Now I don't want to influence your comments by naming the FW before you check out the scan results.

Note I know virtually zilch about technical stuff - I just installed it with 'recommended config' and away we went.

I have no complaints about it malfunctioning or anything. It's just I've read many times over (but don't quite understand) that stealth/blocked is good and closed is bad.

So here are the results for the F/Wall from PC FLANKS set of tests:-

QUICK TEST

Danger!

Trojan horse check

Warning!

Browser privacy check

Danger!


STEALTH TEST

TCP "ping" non-stealthed
TCP NULL non-stealthed
TCP FIN non-stealthed
TCP XMAS non-stealthed
UDP non-stealthed



BROWSER TEST

Cookies

Red sad face

Referrer

Red Sad Face


TROJAN TEST

34 Closed Ports


ADVANCED PORT SCANNER

Standard Scan
4 Stealthed
9 Closed
1 Open


TCP SYC Scan
5 Stealthed
8 Closed
1 Open


EXPLOITS TEST

A Green Smiley (at last)

As you can see its got lots of closed only ports etc. People seem to brag that their FWs are all blocked.

Are these results OK or do I need to fine tune it with other members' guidance or try another FW?

 

Hello Lison,

Most personal firewalls that I have tried have given me stealth on all the tests mentioned with the default installation of the products. Some of them only gave me stealth once I've tweaked the settings a little, it will be hard for people here to advise you which setting to tweak without knowing which firewall your using.

As for your results, the stealth vs closed is a debate that is ongoing for a long time now as some feel that stealth is not really more secure than closed. I personally prefer to be stealth on all tests but that is only my opinion. The ones in your test results that would worry me would be the open ports!

Before you purchase that firewall that you are trialing, I would definitively get those ports closed or stealth with some tweaking or rules created (depending on your product), otherwise even with your firewall in place you are still very much vulnerable.

 

Thanks for the reply...

It was two firewalls actrually. Factory configs on both. I wouldn't know how to do much to customize them anyway. There was a difference in one more blocked port on one of them otherwise both delivered identical results.

The two firewalls were...

Sygate Personal Pro 5.5 (2525?)

BitGuard

Why??

 

Are you running both firewalls on the same machine at the same time? That would be a bad idea, since they both need to own the ipstack of windows. That would most probably result in less than reliable reports.

I don;t care for closed or stealth ports. It's the open port that matters. It can be okay, for instance when you are running p2p software, or a webserver. it all depends (some easy answer, but that's the case here too).

 

Like meneer said, I wouldn't run both firewalls at the same time. You can try both of them during the trial (although not at the same time) and then decide which one suits you best.

Since I tried BitGuard a long time ago, I'm not to sure how it has evolved but I do believe that the default installation should give you stealth and I do know that Sygate Pro also should give you stealth at default installation. Remove one of these firewalls and redo the test. Also try these other sites for testing:

1- http://www.dslreports.com/scan
2- http://www.blackcode.com/scan/
3- http://scan.sygate.com/
4- https://grc.com/x/ne.dll?bh0bkyd2

Either firewall should give good protection just not at the same time. Also don't forget to turn off Windows XP firewall if it's turned on.

 

I only used one Firewall at a time unistall/install. No problems here.

The port open was/is 80.

Switch off internal XP firewall?? I haven't done that. It's on. And still is. Could that stuff up the tests?

Plz advise again before I switch it off.

 

Do you have anything else that could be affecting the results, ie. router?

Regards,

CrazyM

 

Maybe.

We share the ADSL modem with 2 PCs in the house.

1xP3 into modem via crossover cable.
1xP4 into modem vis USB.

What do you think?

 

It could be that pcflank scanned the router. In that case the results prove nothing at all.

But first: Why is port 80 opened? Are you running a webserver somewhere?
If so: is it a windows server? If so is it fully patched?



It could be the internal webserver of the router (provided that you can manage the router via a browser). In that case it's a badly configured router. Open the config screen and make sure that you can only manage it from the internal network. Besides, using http (port 80) is no good idea, better use https (port 443).

 

Is the modem also acting as a gateway/router (doing NAT)?
Do the pc's behind the modem have separate public IP's or private IP's?

Regards,

CrazyM

 

To me norton is consider the most best n powerful firewall. It's can verified what u want and do not. U cam try the free trail.

 

Sounds to me that it is not Your Actual IP address that is being scanned, could be your ISP cache server or your router but in your case I suspect that it is the PC that connects directly to the internet as you are not using a router.