http://probe.hackerwatch.org says the Port 143 is Open... but https://www.grc.com says its stealth... I use Outpost PRO 3, NOD32 and a-squared with a²Guard
The first site is down, so I couldn't check. A port can show stealthed from the outside but can be listening inside. This is true on my Win2K system. Services and Svchost listen, but nothing gets in. Port 445 for example. Does your Outpost show open connections? Image below is the GRC test, then my firewall connections box, then netstat (microsoft-ds is the name of port 445). Recent logging shows the firewall blocking port 445: --------------------------------------------- [27/Oct/2005 11:59:48] Rule 'Deny All Remaining Protocols': Blocked: In TCP, 66-52-165-123.okld.pon.net [66.52.165.123:2825]->localhost:445, Owner: SYSTEM --------------------------------------------- You might check to see what is listening on port 143. Isn't this an email port for some programs? regards, -rich ________________ ~~Be ALERT!!! ~~
My best guess is that you don't have a problem then. Any open ports would be shown by Outpost, and Grc.com says you're good too. It is possible that the other site just gave you spurious results. I have seen this happen before myself at pcflank. Just to be sure, you could also try the Sygate scan at http://scan.sygate.com/
The first site you listed is still down. Maybe some can try it when it comes back up to see if we get the same results as you do. -rich ________________ ~~Be ALERT!!! ~~
I found the site at http://www.hackerwatch.org/probe/ and ran their scan and Port 143 shows secure. You might run it again just to check. -rich ________________ ~~Be ALERT!!! ~~
Kerodo, try this scan and see what you get: http://www.seifried.org/security/ports/0/143.html -rich ________________ ~~Be ALERT!!! ~~
I get green here and have passed all the tests 100% stealth, however, I am behind a router. That one test shows my port 143 open, which is nonsense. Right now, in addition to the router, I have Kerio 4 installed, and see nothing in it's logs, or does it show that port open in the stats. So I would say that test is invalid.. (the 2nd one). The first test here: http://www.hackerwatch.org/probe/ shows my port 143 stealth.
Same here, Arup. Kerodo, I received the same results as you in both tests, and agree with your conclusions. -rich ________________ ~~Be ALERT!!! ~~
Port 143 is used for IMAP (Internet Message Access Protocol) which is a method of managing emails. It is therefore possible for a scan site to report this port as being open if you were retrieving emails using IMAP at the time (though this should not happen since the firewall should only allow incoming traffic from that server). However if one site only reports a port open, then it is more likely that it is giving a false alarm.
Might the confusion be over what exactly is an open and closed port? ------------------------- open port A TCP/IP port number that is configured to accept packets. Contrast with "closed port," which is set to deny all packets with that port number. http://www.pcmag.com/encyclopedia_term/0,2542,t=open port&i=48464,00.asp --------------------------- My assumption is that open and closed is controlled by the operating system. You close a port by disabling a program or service. An open port is either in a Connected state or Listening state, as the 'Open Connections at Local Host' box shows in my Post #3 above. Now, a port can listen all it wants to, but if the firewall blocks communication to a specific port, then nothing can enter. So, it's confusing when a probe test returns an "Open Port" result. I don't understand how an outside probe can see inside whether or not a port is open/closed. All the probe can determine is whether or not it can communicate with the computer via a certain port. Perhaps the probe results should state "able (or not able) to communicate with the computer" instead of "open" or "closed." My port 445 shows "closed" from the outside in these probe tests, but it is really Open/Listening inside as far as the computer is concerned. This has been my understanding - subject to revision if incorrect -rich ________________ [size=+1]~~Opera is Great!!~~[/size]
