HackerWatch Test

Hi guys;

I just tried a security scan on HackerWatch (www.hackerwatch.org), testing a few common ports for vulnerabilities.

I was surprised to read on the results page that port 25 smtp was 'open, vulnerable and responding' despite a very good software firewall running on my machine. I first checked all the settings to look for potential configuration errors, but couldn't find any.

I went to pcflank (www.pcflank.com) and tried a similar test, which revealed port 25 as 'stealthed'. Tried again on sygate (scan.sygatetech.com) which 'confirmed' the stealthed result from pcflank.

IMHO, there might be a bug on hackerwatch server, but just to make sure and for the sake of my own peace of mind, could someone else (who surely knows the smtp 25 port vulnerability just CANNOT exist on his machine)try this test and report on his results here so I could get some kind of confirmation about this ?

Thanks a lot...

Crockett

 

Hi,
I must be still sleeping.I went there and did not find any test.
Where can i find it?

 

Hi Claire;

Thanks for replying.

Please follow the link http://www.hackerwatch.org/probe/ and select 'port scan'.

Crockett

 

Hi Crockett,
I just passed the test.All my ports are stealhted
I am using LnS with enhanced ruleset
Take care

 

Secure
21 (FTP)

This port is completely invisible to the outside world.



Secure
23 (Telnet)

This port is completely invisible to the outside world.



Secure
25 (SMTP Mail Server Port)

This port is completely invisible to the outside world.



Secure
79 (Finger)

This port is completely invisible to the outside world.



Secure
80 (HTTP)

This port is completely invisible to the outside world.



Secure
110 (POP3 Mail Server Port)

This port is completely invisible to the outside world.



Secure
139 (Net BIOS)

This port is completely invisible to the outside world.



Secure
143 (IMAP)

This port is completely invisible to the outside world.



Secure
443 (HTTPS)

This port is completely invisible to the outside world.

 

Hi Crockett,
Just did a scan at the link you provided came up secure on all ports. Did you try again?

 

Crockett

what I notice most was that the site's attempt of some sort to collect info prior to beginning the test....

snowman

 

dumb me...I should have just said I passed the test instead of posting the long results......

 

Hello all of you;

Claire's last post finished with 'take care'... Well, just seems I'm not doing that good a job of taking care of myself by now, am I ?

Tried to re-do the test, but can't get back on the site for the time being. Maybe other people are trying to pass the test following what has been written here. Hope I'm not causing too much havoc...

Anyway, since all of your results seem to go in the same direction, the problem should probably come from my firewall. Recently installed one of the prior versions of it because I wanted to check interoperability among some softwares, and I guess this old version might be the culprit. Gonna switch back to a more recent version and see what will happen.

BUT - and that may be the most troublesome point - the hackerwatch testing procedure has been the only one to uncover this vulnerability on my machine. How could pcflank and sygate miss it ?

Don't mistake what I'm pointing to here. I am a big fan of pcflank - it simply IS one of my favorite sites. But one set of tests just doesn't seem to be enough in and of itself. Why, I don't know.

I'm glad I came across hackerwatch - I can now get my hands dirty and try to solve the problem.

I'll get back to this thread and post positive results as soon as I can...

Thanks for your replies.

Crockett

 

Crockett

imo the test at hackerwatch was very weak...

 

Hi Snowman;

You may be right, but then it makes the matter all the more mind-boggling - why this test and not 'stronger' ones ?

Crockett

 

Crockett

for your consideration.......you can open outlook express an change your pop3 ports to secure.....an try the test again..

 

Crockett

if you decide to change you pop3 port to secure....just for testing this test.......don't forget to change it back...otherwise you may not recieve mail......happens sometimes

 

Hello back;

Can't wait to try all these possible solutions, but can't get back to hackerwatch either !

Seems to currently be a whole lot of traffic going on overthere...

I'll connect back later and post whatever improvement I may be able to obtain.

Thanks and see you later Snowman.

Crockett

 

Crockett

you are most welcome......frankly I find it rather odd that your firewall blocked all the other ports but not port 25.......that just does not seem correct.

wishing you a pleasent day......later

snowman

 

I did the test and it showed about 1/2 secure and the other 1/2 open. My firewall logs showed they were blocked. Ran the test again and all were open except port 21. Did not change a thing before I ran the 2nd test.

 

I ran a port scan and discovered I have numerous vulnerabilities. I use the new version (free) of Zone Alarm. Is there a way to configure either ZA, or perhaps do something else to reduce my exposure?

Open and Unsecure!
21 (FTP)

This port is not being blocked and there is a program accepting connections on this port.

Open and Unsecure!
23 (Telnet)

This port is not being blocked and there is a program accepting connections on this port.

Open and Unsecure!
25 (SMTP Mail Server Port)

This port is not being blocked and there is a program accepting connections on this port.


Open and Unsecure!
79 (Finger)

This port is not being blocked and there is a program accepting connections on this port.


Open and Unsecure!
80 (HTTP)

If this computer is not supposed to be acting as a web server you should not have this port open.


Open and Unsecure!
110 (POP3 Mail Server Port)

This port is not being blocked and there is a program accepting connections on this port.


Open and Unsecure!
139 (Net BIOS)

Having the NetBIOS port accessible to the Internet is very dangerous. Check your firewall configuration or install McAfee.com Personal Firewall if you have not already done so.


Open and Unsecure!
143 (IMAP)

This port is not being blocked and there is a program accepting connections on this port.

Open and Unsecure!
443 (HTTPS)

If this computer is not supposed to be acting as a web server you should not have this port open.

Also, when I do a port scan, via the Shield's Up site and Symantic, everything is fine. Also, how does this site finish the scan in litterly a nano-second?

Thanks for taking the time to read this.

 

Everywhere but here I am stealth too. I am not putting any stock in this scan. My firewall logs show blocked even though hackerwatch is saying I am open, so to me it is nothing to worry about.

 

I remember at one time there was a version of NAV that in checking the email, held the SMTP port open and some firewalls would show an open port because of NAV. I think NAV fixed it in the next version though.
Also sometimes some of the port scans on the net are totally unreliable. I have quit using Sygates, which used to be one of the best, but will indeed report secured ports as open, now.
Also, people with routers need to remember that scans scan the router, not the machine with the firewall. Same goes for anyone using a proxy.

 

I just went there and ran the scan. It said all my ports were open. Well, outpost has the ability to look at active packets being transferred and I found that Hackerwatch was picking up the IP of my ISP, not me. I would expect my ISPs ports to show open.
Never trust a scan site unless it shows you the IP it is scanning. Otherwise, you never know who it is scanning.

 

Crockett,

From the postings between your last one and now, it seems to me that there's a real possibility that you're ISP is routing you through a proxy server that it runs. In that case, HackerWatch could well be testing the proxy server rather than your own currently assigned IP address. I haven't been there in a long time, but that seems the most likely possibility to me.

There's another one (always is! ) Are you running a configurable router? Sometimes, what happens is that your router ends up getting tested; not your firewall. (And this definitely can happen at PCFlank, for example.)

 

Indeed Root, that would be the deal. I was wide open there, contrary to Sygate, GRC, Symantec, PCFlank, Security Safe and TDS-3 which show its tight as a drum - now I see why. Thanks for the headsup Crockett, it sure gets your attention, but good to crosscheck before changing anything and illustrates the value of the forum. Can just imagine the number of people freaking out and fiddling with otherwise good security profiles, perhaps for the worse, on basis of dip stick test configurations like that one.

 

When in doubt..give us a shout!


http://www.dslreports.com/forum/remark,4051324~root=security,1~mode=flat

 

Well, at least now I don't have to sleep with one eye open.

 

Yes you do. Never heard of the firewall fairy?