Are these scan results O.K??

Discussion in 'other firewalls' started by Lison, Apr 24, 2004.

Thread Status:
Not open for further replies.
  1. Lison

    Lison Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    5
    Hello

    I've finally decided to buy a firewall for my PC.

    For the record I have a P4 512 RAM WIN XP ADSL AV and a firewall on one of those 2-week trials.

    Now I don't want to influence your comments by naming the FW before you check out the scan results.

    Note I know virtually zilch about technical stuff - I just installed it with 'recommended config' and away we went.

    I have no complaints about it malfunctioning or anything. It's just I've read many times over (but don't quite understand) that stealth/blocked is good and closed is bad.

    So here are the results for the F/Wall from PC FLANKS set of tests:-

    QUICK TEST

    Danger!

    Trojan horse check

    Warning!

    Browser privacy check

    Danger!


    STEALTH TEST

    TCP "ping" non-stealthed
    TCP NULL non-stealthed
    TCP FIN non-stealthed
    TCP XMAS non-stealthed
    UDP non-stealthed



    BROWSER TEST

    Cookies

    Red sad face

    Referrer

    Red Sad Face


    TROJAN TEST

    34 Closed Ports


    ADVANCED PORT SCANNER

    Standard Scan
    4 Stealthed
    9 Closed
    1 Open


    TCP SYC Scan
    5 Stealthed
    8 Closed
    1 Open


    EXPLOITS TEST

    A Green Smiley (at last)

    As you can see its got lots of closed only ports etc. People seem to brag that their FWs are all blocked.

    Are these results OK or do I need to fine tune it with other members' guidance or try another FW?
     
  2. PikeDude

    PikeDude Registered Member

    Joined:
    Aug 3, 2003
    Posts:
    45
    Hello Lison,

    Most personal firewalls that I have tried have given me stealth on all the tests mentioned with the default installation of the products. Some of them only gave me stealth once I've tweaked the settings a little, it will be hard for people here to advise you which setting to tweak without knowing which firewall your using.

    As for your results, the stealth vs closed is a debate that is ongoing for a long time now as some feel that stealth is not really more secure than closed. I personally prefer to be stealth on all tests but that is only my opinion. The ones in your test results that would worry me would be the open ports!

    Before you purchase that firewall that you are trialing, I would definitively get those ports closed or stealth with some tweaking or rules created (depending on your product), otherwise even with your firewall in place you are still very much vulnerable.
     
  3. Lison

    Lison Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    5
    Thanks for the reply...

    It was two firewalls actrually. Factory configs on both. I wouldn't know how to do much to customize them anyway. There was a difference in one more blocked port on one of them otherwise both delivered identical results.

    The two firewalls were...

    Sygate Personal Pro 5.5 (2525?) :eek:

    BitGuard :eek:

    Why?? :doubt:
     
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    a lot depends on which ports were stealthed or closed and which port was open

    I personally do not find pcflank tests particularly reliable as they are unable to check my computer due to the fact that my isp uses a proxy server

    i tend to go for https://grc.com/x/ne.dll?bh0bkyd2

    which tells you exactly which ports are open and i bet it's 5000
     
  5. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Are you running both firewalls on the same machine at the same time? That would be a bad idea, since they both need to own the ipstack of windows. That would most probably result in less than reliable reports.

    I don;t care for closed or stealth ports. It's the open port that matters. It can be okay, for instance when you are running p2p software, or a webserver. it all depends (some easy answer, but that's the case here too).
     
  6. PikeDude

    PikeDude Registered Member

    Joined:
    Aug 3, 2003
    Posts:
    45
    Like meneer said, I wouldn't run both firewalls at the same time. You can try both of them during the trial (although not at the same time) and then decide which one suits you best.

    Since I tried BitGuard a long time ago, I'm not to sure how it has evolved but I do believe that the default installation should give you stealth and I do know that Sygate Pro also should give you stealth at default installation. Remove one of these firewalls and redo the test. Also try these other sites for testing:

    1- http://www.dslreports.com/scan
    2- http://www.blackcode.com/scan/
    3- http://scan.sygate.com/
    4- https://grc.com/x/ne.dll?bh0bkyd2

    Either firewall should give good protection just not at the same time. Also don't forget to turn off Windows XP firewall if it's turned on.
     
  7. Lison

    Lison Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    5
    I only used one Firewall at a time unistall/install. No problems here.

    The port open was/is 80.

    Switch off internal XP firewall?? I haven't done that. It's on. And still is. Could that stuff up the tests?

    Plz advise again before I switch it off.
     
  8. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Do you have anything else that could be affecting the results, ie. router?

    Regards,

    CrazyM
     
  9. Lison

    Lison Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    5
    Maybe.

    We share the ADSL modem with 2 PCs in the house.

    1xP3 into modem via crossover cable.
    1xP4 into modem vis USB.

    What do you think?
     
  10. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    It could be that pcflank scanned the router. In that case the results prove nothing at all.

    But first: Why is port 80 opened? Are you running a webserver somewhere?
    If so: is it a windows server? If so is it fully patched?



    It could be the internal webserver of the router (provided that you can manage the router via a browser). In that case it's a badly configured router. Open the config screen and make sure that you can only manage it from the internal network. Besides, using http (port 80) is no good idea, better use https (port 443).
     
  11. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Is the modem also acting as a gateway/router (doing NAT)?
    Do the pc's behind the modem have separate public IP's or private IP's?

    Regards,

    CrazyM
     
  12. zura

    zura Registered Member

    Joined:
    Mar 31, 2004
    Posts:
    19
    To me norton is consider the most best n powerful firewall. It's can verified what u want and do not. U cam try the free trail.
     
  13. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Sounds to me that it is not Your Actual IP address that is being scanned, could be your ISP cache server or your router but in your case I suspect that it is the PC that connects directly to the internet as you are not using a router.
     
Thread Status:
Not open for further replies.