Hello, In my recent experimentation spree I wanted to see how different firewalls behave along with some other programs. I headed for grc and pcflank for the port scan tests. GRC gave consistent results - ports were either stealthed or closed, depending on what I did and whether I closed the firewall or not. However, for a particular setup, the results remained the same over a period of time. Not so with PCFlank. I would test a configuration. And then every few minutes retry the test. And I would get results that ports 135-139 were closed or stealthed, every time a different set: At 10:33 I would get all stealthed except 136. At 10:34 All stealthed except 135 and 139. At 10:37 All stealthed except 138. For a SAME setup! I thought this was a glitch on my behalf somehow, so I reboot, disabled programs and processes, enabled programs and processes, threw in PeerGuardian and eMule just for the fun of it, played with NetBios. No matter what I did, whenever I tested a GIVEN setup twice or three or four times, PCFlank would report different results. I find this annoying - and unreliable. Computers are shifty things and you have about 1,000 processes running in the background, but if you just reboot, connect to internet and only go to PCFlank without doing anything at all, then results for ports should not change. Furthermore, my ISP blocks some of these ports, so there is no reason whatsoever they should ever report anything but stealthed. Any thoughts guys? Anyone had similar experiences? Mrk
You can try this. Instead of the test normally used, go to the PC Flank Advanced Port Scanner and input a fixed set of ports to test, separated by commas. {You can even input the exact same ports that GRC tests for}. Assuming you are testing the same PC under the same conditions, one would think you will get same results every time. I have found the Advanced Port Scanner to be reliable. Hope that helps .. {Btw, if you are using FireFox or IE, the "form-fill" feature will remember the ports you input, so that you won't have to manually re-enter them everytime you scan}.
For what it's worth, I have also found PC Flank tests to be rather unreliable and/or bogus in the past. I have run tests at other places like Grc and Sygate and come up clean and fully stealth, and then run the tests on PC Flank and it tells me I have a closed port or two rather than stealth. And this with many different firewalls. So long ago I just wrote off PC Flank as flakey.. I trust the others more.
Someone else had a post citing the same concern. When I did the scans from PCFlank, grc.com and Sygate, I noticed a difference between the scans. grc.com's scans came from port numbers that were >60,000. Sygate's scans came from ports in the 30,000 to 60,000 range. PCFlank's scans came from ports 3,000 to 3,500. My theory at the time was that PCFlank's scan looked more like network traffic than the others.
Sorry to ask another question in this thread, but should I worry about this closed port that is being detected at PcFlank, even though GRC is saying its stealthed? (3128 closed Masters Paradise and RingZero Trojan horses)
I would not worry about it. You could always try the test again to see if you get the same results at pcflank. Regards, CrazyM
Hi, Dream, that's exactly the problem: You make a pcflank test at a certain time you get closed. 3 minutes later, you get stealthed. 2 minutes after that, you get stealthed. 4 minutes after that, you get closed. And so on. All possible combinations of closed and stealthed with ports 135-139. Impossible that some should ever show anything else than stealthed - because my ISP stealths some of these. Besides, closed ports are fine. Mrk
Hi Mrkvonic, I did the port scan today and got totally stealthed, which is good but also very confusing! Surely there are not that many differences between the port scanners at GRC and PcFlank?
i got this msg when i try my luck with pcflank test "The test could not determine your IP address. The test has found that the IP address used by your computer cannot be scanned. This commonly occurs because of a firewall program on your computer and/or you are connected to the Internet through a proxy-server or your ISP uses Network Address Translation (NAT) to share IP addresses. This means the test cannot check your system as the results of the testing would be incorrect." what does it mean i am stealth or what?
one more question (at work...cant remember my password for this forum)... my friend owns a pc without any firewall...he only uses kaspersky pro.. he went to grc and pcflank...he passed all test except web browser... is that normal? if its stealth without firewall, i was wandering the test is not that good to see how well a firewall works. please advise. thanks. liw
Hi, More details would be nice .... but it's possible. Apropos ip address, are you behind proxy at work? That way, proxy might get scanned and not your own comp ... Mrk
my friend was at home using adsl. is it possible my internet provider has proxy? he questioned me about firewall so i tested his pc at grc and pcflank and it turned out all stealth except for web brower. he doesnt use any firewall whatsoever... just kaspersky pro. please advise. thanks liw (liwliw)
The "browser test" is part of the PC Flank Quick Test, which is a separate test from the Advanced Port Scanner. The Quick Test does test a few ports, plus it tests your browser to see if it hides the referrer. If your browser is not set to hide the referrer, you will fail that part of the test. Not all browsers allow to hide the referrer, but most firewalls have privacy features which can be set to hide or block the referrer and allow you to pass the browser test. HTH .. Permit me to add that, contrary to others' reports here, I have never experienced any problems with PC Flank port scan results; they have agreed with scan results from GRC, DSLReports, Sygate, Symantec, SecurityMetrics, etc. But of course your mileage may vary.
tks for the heads up...i will scan his pc with that option..trying to convince him that he needs a firewall. thanks gg
Some modems are dual purpose and also function as routers. If they are using XP was the Windows firewall on? Regards, CrazyM
THAT'S UNBELIEVABLE! Does he have WINXP? It's firewall is on by default? Anyway I went to site and tired the Exploits(dos, densial of servie) test. They list 19 different exploits my router showed 12-13 blocked attacks and the WinXP firewall log showed 7 or so lines of dropped packets, however, they were only 40bytes which seems small for DOS. All in all, the test seemed legit, except for the dropped packet size. everyone, check out the new post on PC Security Test 2005. .
The Windows firewall will cover unsolicited inbound traffic, but does not have outbound application control. If your friend wants outbound application control, then they will have to use a third party software firewall. Regards, CrazyM
Someone else linked me to this thread, I'm having the same problem with PC Flank's Advanced Port Scanner test. I use NetVeda as my firewall and in one test it shows all ports are stealthed but the next test shows port 135 as being closed. Everytime there is a different result. All the other firewall tests that I have run show me as being completely stealthed.
I have had this problem with PCFlank for a long time. I am not convinced it is actually looking at my computer, but instead is looking at my ISP, although the address is correct. None of the other testing sites seem to have this problem. The cynical side suggests they are tied up with OutPost since that is the f/w they are promoting.