Norton Firewall fails Norton's own test.

Discussion in 'other firewalls' started by Roger100, Jun 22, 2005.

Thread Status:
Not open for further replies.
  1. Roger100

    Roger100 Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    8
    I recently upgraded my computer and I re-installed Norton Internet Security which I had bought in February 2005. I ran Live Update and brought it up to date. As my previous version of Norton Utilities was not compatible with Windows XP I looked at the Symantec web site with a view to purchasing the newer version.
    I noticed that Symantec were offering a free Security Scan so as I thought my computer would pass I tried the Scan. To my surprise it failed as I was "At Risk" from "Hacker Exposure" on Ports ICMP, 22 and 80. I have looked at the configuration of my Norton Firewall and as far as I can see it is configured correctly. I wonder how many computer users with Norton Internet Security would also fail this test. It does seem odd though that Symantec would offer a free Security Scan when it's own Firewall would fail so I am wondering whether I have not done something which I should have done, it seems OK to me though. I cannot see anything on the Symantec web site that advises me to do anything which I have not already done, perhaps it feels I should buy a Norton Firewall!!!. Roger100
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Hi Roger100,

    Welcome to Wilders!!!

    Since your thread is not about L'n'S firewall, I have moved it to the other firewalls forum ;) ...
     
  3. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    Norton firewall, not LnS
     
  4. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Hello Roger,

    It appears NIS is not functioning properly on your PC. Under normal circumstances, it will give a stealth result at Symantec's and other testing sites. Unless you've already invested in the new NIS, you can uninstall NIS and try ZoneAlarm or Sygate or LnS -- those should give you stealth results as well.

    Warmly, Ran
     
  5. Roger100

    Roger100 Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    8
    As I only bought NIS in February 2005 I am reluctant to get rid of it so soon. I run Windows XP on my new hard drive and Windows 98SE on my original hard drive but I get the same result which ever hard drive I am using when I go on line to do the Security Scan. I presume I would be unable to keep NIS but also use Zonealarm Firewall as well. Roger
     
  6. dog

    dog Guest

    Hi Roger, ;)

    Welcome to Wilders' :)

    Have you tried uninstalling NIS, then after rebooting reinstalling NIS? Something may have gone wrong with the installation.

    Steve
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Roger

    Anything else in the mix like a router?
    When you did the test did you see the scans showing up in the NIS logs?

    Regards,

    CrazyM
     
  8. Roger100

    Roger100 Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    8
    I have uninstalled NIS and then reinstalled, downloaded all the updates. Re-tested, same result. I phoned Symantec UK and was informed that it was nothing to do with my Firewall as what ports were open was down to my Internet Supplier, NTL.
    This seems rather strange but as I purchased the Firewall and AntiVirus software in February as part of a package I can't have one without the other. It seems therefore that I may have to purchase a new AntiVirus programme and then download say ZoneAlarm. However, if what Symantec say is correct then this would make no difference to what ports were open and I would still be at risk from Hackers.
    I have not got a router as far as I am aware although I do have two hard drives, I did not see the NIS logs. Roger
     
  9. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
  10. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Try contacting Symantec again as you may have have gotten a tech support guy who doesn't know which end is up. It happens sometimes with various manufacturers. He probably does not know what the problem is,but won't say that.
     
  11. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    With Symantec it happens rather a lot. :mad: I've had some dire experiences at the hands of their so called Tech support; so if it is costing you money to pick up the phone to them, you are probably wasting it! :p You'd be better off spending that cash on a more reliable product than enriching Symantec any further! ;)
     
  12. Roger100

    Roger100 Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    8

    Thanks for that. I used pcflank and got the following result
    "The test has found that the IP address used by your computer cannot be scanned. This commonly occurs because of a firewall program on your computer and/or you are connected to the Internet through a proxy-server or your ISP uses Network Address Translation (NAT) to share IP addresses.

    This means the test cannot check your system as the results of the testing would be incorrect".

    I assume that means that despite what Symantec said my Firewall is OK, is that correct?. Roger
     
  13. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    I have found that PCFlank does not always give the correct result. I think sometimes it is seeing the ISP rather than you. The link given for GRC is much better.
    https://image.grc.com/x/ne.dll?bh0bkyd2
     
  14. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    This is possible as some ISP's will filter certain traffic at their borders. You could try contacting your ISP tech support and ask if they are doing any filtering that could explain your results.

    If your ISP was filtering certain traffic this does not put you at risk, your system would not see those packets, but your firewall would still deal with everything else.

    Does your modem do any kind of NAT? To rule this out check the IP of your system, is it a private one (10.x.x.x 192.168.x.x)?

    Checking the logs would help troubleshoot this issue and determine if the firewall is seeing these scans and to what ports. You will need to check the firewall log and IDS log.

    Regards,

    CrazyM
     
  15. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Unfortunately, it merely means that the test was not possible on your system. Which might, or might not, mean that the Symantec test was also invalid.

    Following CrazyM's advice, and checking the FW logs, would be the best thing to try.
     
  16. Roger100

    Roger100 Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    8
    I have just done all the tests at image.grc etc and my system achieved a perfect "True Stealth" rating. So despite what Symantec's test showed my computer is invisible. One thing I did note was that the IP address they were testing was not the same as that revealed by a Belarc Advisor printout of my computer. Is that significant?. Roger
     
  17. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Yes, as it would suggest there may be something else in the mix in your connection to the network.

    Is the IP for your system in one of the private address ranges?
    Did the scan at grc show up in you NIS logs?

    Regards,

    CrazyM
     
  18. Roger100

    Roger100 Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    8
    Hi CrazyM. I thought you may be interested in the Norton test results that failed 3 ports, the following is what was said:
    Ping Ping. Ping is a network troubleshooting utility. It asks your computer to acknowledge its existence. If your computer responds positively to a ping, hackers are more likely to target your computer.

    22 SSH. TCP connections to this port might indicate a search for SSH, which has a few exploitable features. SSH is a secure replacement for Telnet. The most common uses of SSH are to securely login and copy files from a server.

    80 HTTP (Hypertext Transfer Protocol). HTTP is used to transfer Web pages over the Internet. Port 80 should be open only if you're running a Web server.

    The address being tested starts 82 and at the end of this address my IP's name is quoted. The number is similar to mine but is definitely different..

    I have checked my Firewall log and the only thing that could be the grc.com test is"Unused Windows Service Block was detected and blocked". The grc test states that all my Ports are "Stealth". Roger
     
Loading...
Thread Status:
Not open for further replies.