PCFlank tests unreliable

Discussion in 'other firewalls' started by Mrkvonic, Jan 8, 2006.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    In my recent experimentation spree I wanted to see how different firewalls behave along with some other programs. I headed for grc and pcflank for the port scan tests.
    GRC gave consistent results - ports were either stealthed or closed, depending on what I did and whether I closed the firewall or not. However, for a particular setup, the results remained the same over a period of time.
    Not so with PCFlank.
    I would test a configuration. And then every few minutes retry the test. And I would get results that ports 135-139 were closed or stealthed, every time a different set:
    At 10:33 I would get all stealthed except 136.
    At 10:34 All stealthed except 135 and 139.
    At 10:37 All stealthed except 138.
    For a SAME setup!
    I thought this was a glitch on my behalf somehow, so I reboot, disabled programs and processes, enabled programs and processes, threw in PeerGuardian and eMule just for the fun of it, played with NetBios.
    No matter what I did, whenever I tested a GIVEN setup twice or three or four times, PCFlank would report different results.
    I find this annoying - and unreliable. Computers are shifty things and you have about 1,000 processes running in the background, but if you just reboot, connect to internet and only go to PCFlank without doing anything at all, then results for ports should not change.
    Furthermore, my ISP blocks some of these ports, so there is no reason whatsoever they should ever report anything but stealthed.
    Any thoughts guys? Anyone had similar experiences?
    Mrk
     
  2. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    You can try this. Instead of the test normally used, go to the PC Flank Advanced Port Scanner and input a fixed set of ports to test, separated by commas. {You can even input the exact same ports that GRC tests for}. Assuming you are testing the same PC under the same conditions, one would think you will get same results every time. I have found the Advanced Port Scanner to be reliable. Hope that helps .. ;) {Btw, if you are using FireFox or IE, the "form-fill" feature will remember the ports you input, so that you won't have to manually re-enter them everytime you scan}.
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    That's esactly what I did - Advanced Port Scanner.
    Mrk
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    For what it's worth, I have also found PC Flank tests to be rather unreliable and/or bogus in the past. I have run tests at other places like Grc and Sygate and come up clean and fully stealth, and then run the tests on PC Flank and it tells me I have a closed port or two rather than stealth. And this with many different firewalls. So long ago I just wrote off PC Flank as flakey.. I trust the others more.
     
  5. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    Someone else had a post citing the same concern. When I did the scans from PCFlank, grc.com and Sygate, I noticed a difference between the scans. grc.com's scans came from port numbers that were >60,000. Sygate's scans came from ports in the 30,000 to 60,000 range. PCFlank's scans came from ports 3,000 to 3,500. My theory at the time was that PCFlank's scan looked more like network traffic than the others.
     
  6. <DreamCatcher>

    <DreamCatcher> Registered Member

    Joined:
    Jan 6, 2006
    Posts:
    154
    Sorry to ask another question in this thread, but should I worry about this closed port that is being detected at PcFlank, even though GRC is saying its stealthed?

    (3128 closed Masters Paradise and RingZero Trojan horses)
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    I would not worry about it. You could always try the test again to see if you get the same results at pcflank.

    Regards,

    CrazyM
     
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    Dream, that's exactly the problem:
    You make a pcflank test at a certain time you get closed.
    3 minutes later, you get stealthed.
    2 minutes after that, you get stealthed.
    4 minutes after that, you get closed. And so on.
    All possible combinations of closed and stealthed with ports 135-139.
    Impossible that some should ever show anything else than stealthed - because my ISP stealths some of these. Besides, closed ports are fine.
    Mrk
     
  9. <DreamCatcher>

    <DreamCatcher> Registered Member

    Joined:
    Jan 6, 2006
    Posts:
    154
    Hi Mrkvonic,

    I did the port scan today and got totally stealthed, which is good but also very confusing! Surely there are not that many differences between the port scanners at GRC and PcFlank?
     
  10. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    The question is fundamental: if they report 1 or 5 ports wrong what about all the others?
    Mrk
     
  11. LIWLIW

    LIWLIW Guest

    i got this msg when i try my luck with pcflank test

    "The test could not determine your IP address.

    The test has found that the IP address used by your computer cannot be scanned. This commonly occurs because of a firewall program on your computer and/or you are connected to the Internet through a proxy-server or your ISP uses Network Address Translation (NAT) to share IP addresses.

    This means the test cannot check your system as the results of the testing would be incorrect."

    what does it mean i am stealth or what?
     
  12. LIWLIW

    LIWLIW Guest

    one more question (at work...cant remember my password for this forum)...
    my friend owns a pc without any firewall...he only uses kaspersky pro..
    he went to grc and pcflank...he passed all test except web browser...
    is that normal? if its stealth without firewall, i was wandering the test is not that good to see how well a firewall works. please advise.
    thanks.

    liw
     
  13. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hi,
    More details would be nice .... but it's possible.
    Apropos ip address, are you behind proxy at work? That way, proxy might get scanned and not your own comp ...
    Mrk
     
  14. LIW

    LIW Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    52
    my friend was at home using adsl. is it possible my internet provider has proxy? he questioned me about firewall so i tested his pc at grc and pcflank and it turned out all stealth except for web brower. he doesnt use any firewall whatsoever... just kaspersky pro. please advise. thanks

    liw (liwliw)
     
  15. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    The "browser test" is part of the PC Flank Quick Test, which is a separate test from the Advanced Port Scanner. The Quick Test does test a few ports, plus it tests your browser to see if it hides the referrer. If your browser is not set to hide the referrer, you will fail that part of the test. Not all browsers allow to hide the referrer, but most firewalls have privacy features which can be set to hide or block the referrer and allow you to pass the browser test. HTH .. ;) Permit me to add that, contrary to others' reports here, I have never experienced any problems with PC Flank port scan results; they have agreed with scan results from GRC, DSLReports, Sygate, Symantec, SecurityMetrics, etc. But of course your mileage may vary. ;)
     
  16. LIW

    LIW Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    52
    tks for the heads up...i will scan his pc with that option..trying to convince him that he needs a firewall. thanks

    gg
     
  17. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Is your friend's PC behind a router?

    Regards,

    CrazyM
     
  18. LIW

    LIW Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    52
    nope... just using adsl modem to wall socket
    thanks.

    LIW
     
  19. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Some modems are dual purpose and also function as routers.
    If they are using XP was the Windows firewall on?

    Regards,

    CrazyM
     
  20. Milken

    Milken Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    20
    THAT'S UNBELIEVABLE! Does he have WINXP? It's firewall is on by default?

    Anyway I went to site and tired the Exploits(dos, densial of servie) test. They list 19 different exploits my router showed 12-13 blocked attacks and the WinXP firewall log showed 7 or so lines of dropped packets, however, they were only 40bytes which seems small for DOS. All in all, the test seemed legit, except for the dropped packet size.

    everyone, check out the new post on PC Security Test 2005. .
     
  21. LIW

    LIW Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    52

    hi,
    yes its on.... so windows firewall if sufficient enough?

    liw
     
  22. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    The Windows firewall will cover unsolicited inbound traffic, but does not have outbound application control. If your friend wants outbound application control, then they will have to use a third party software firewall.

    Regards,

    CrazyM
     
  23. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    Someone else linked me to this thread, I'm having the same problem with PC Flank's Advanced Port Scanner test.
    I use NetVeda as my firewall and in one test it shows all ports are stealthed but the next test shows port 135 as being closed.
    Everytime there is a different result.
    All the other firewall tests that I have run show me as being completely stealthed.
     
  24. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    I have had this problem with PCFlank for a long time. I am not convinced it is actually looking at my computer, but instead is looking at my ISP, although the address is correct. None of the other testing sites seem to have this problem.

    The cynical side suggests they are tied up with OutPost since that is the f/w they are promoting.
     
Thread Status:
Not open for further replies.