Shields UP!! results (Not so good)

Discussion in 'other firewalls' started by Comp01, Sep 9, 2003.

Thread Status:
Not open for further replies.
  1. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Solicited TCP Packets: PASSED — No TCP packets were received from your system as a direct result of our attempts to elicit some response from any of the ports listed below — they are all either fully stealthed or blocked by your ISP. However . . .



    Unsolicited Packets: RECEIVED (FAILED) — Your system's personal security countermeasures unwisely attempted to probe us in response to our probes. While some users believe that "tracking down" the source of Internet probes is useful, experience indicates that there is little to gain and potentially much to lose. The wisest course of action is to simulate nonexistence — which your system has failed to do. Your counter-probes immediately reveal your system's presence and location on the Internet.



    Ping Echo: PASSED — Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests) from our server.

    is what I got, and failed (First time I've used it) I dunno, should I try it again? (When watching logs i accidentally clicked "back-trace" could that be it?) I dunno :doubt:
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Comp01

    Yes, selecting backtrace would explain the result in the first quote. Another setting in some firewalls that may cause the same result is if any option to resolve the IP addresses of unsolicited inbounds is selected.

    Regards,

    CrazyM
     
  3. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Next time post the text summary if you need to, its much easier to read.

    This is my text summary:
    GRC Port Authority Report created on UTC: 2003-09-09 at 05:25:52

    Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
    1056 Ports Stealth
    ---------------------
    1056 Ports Tested

    ALL PORTS tested were found to be: STEALTH.

    TruStealth: PASSED - ALL tested ports were STEALTH,
    - NO unsolicited packets were received,
    - NO Ping reply (ICMP Echo) was received.


    I have a feeling your firewall configuration is allowing packets such as netbios, or even SSDP/UPnP to be broadcasted to any site you connect to. How about you tell us your firewall, and operating system.

    Edit: CrazyM might have answered your question while I was typing mine :D
     
  4. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Win98, and Sygate personal firewall... Is what I am using. At the moment, anyways.
     
  5. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Comp - My Shields Up test gave me a great rating - 100% in stealth and does not exist on the internet. Back tracing from your computer is not wise... if you are curious about who his pinging, here is an example of what I did to give you an example from my firewall log:
    Packet sent from: 61.170.244.45 - UDP Port 10439 to net bios - blocked. Now to check the Domain, go to the Tom-Cat website, www,tom_cat.com/links.html#Firewalls3 and at the bottom of that page you will find WHOIS LOOKUP, click on it and then type in the source address, click Check Domain - this is the info. on the source packet.

    inetnum: 61.169.0.0 - 61.171.255.255
    netname: CHINANET-SH
    descr: CHINANET Shanghai province network
    descr: Data Communication Division
    descr: China Telecom
    country: CN
    admin-c: CH93-AP
    tech-c: XI5-AP
    mnt-by: MAINT-CHINANET
    mnt-lower: MAINT-CHINANET-SH
    changed: hostmaster@ns.chinanet.cn.net 20001201
    status: ALLOCATED PORTABLE
    source: APNIC

    person: Chinanet Hostmaster
    address: No.31 ,jingrong street,beijing
    address: 100032
    country: CN
    phone: +86-10-66027112
    fax-no: +86-10-66027334
    e-mail: hostmaster@ns.chinanet.cn.net
    e-mail: anti-spam@ns.chinanet.cn.net
    nic-hdl: CH93-AP
    mnt-by: MAINT-CHINANET
    changed: hostmaster@ns.chinanet.cn.net 20021016
    source: APNIC

    person: Wu Xiao Li
    address: Room 805,61 North Si Chuan Road,Shanghai,200085,PRC
    country: CN
    phone: +86-21-63630562
    fax-no: +86-21-63630566
    e-mail: ip-admin@mail.online.sh.cn
    nic-hdl: XI5-AP
    mnt-by: MAINT-CHINANET-SH
    changed: ip-admin@mail.online.sh.cn 20010510
    source: APNIC

    On the other hand, who cares who is pinging as long as they cannot enter your computer. Here is some good software that might help if you are unable to configure your firewall or you may wish to download one of the following:

    Port Explorer www.diamondcs.com.au/portexplorer
    DiamondCS [Purchase required after 30-day trial] A socket analysis and exploration utility for packetsniffing, port-to-process mapping, hidden server detection, plus these utilities: Whois Client, Address Resolver, Database Lookup, Network Statistics, Ping, and Traceroute.

    PortBlocker www.analogx.com
    AnalogX [Freeware] PortBlocker allows you to basically block the Internet port of most servers, making them unreachable to other computers on the Internet. This program is NOT a Firewall, but it will allow you to run a server that is only available on the local network, and will log any access attempts made by other machines that are attempting to use the blocked interface.

    Sam Spade www.samspade.org
    SamSpade.org [Freeware] Provides a centralized graphical environment to perform Internet and IP-related queries. Contains nslookup, traceroute, whois, Website search, SMTP relay check, SMTP VRFY, e-mail header analysis, e-mail blacklist query, keep-alive, IP-block whois, and much more.

    Securepoint Intrusion Detection Tool www.securepoint.cc
    Securepoint GmbH [Freeware] Protects your network from illegal data packages and scans for possible trojans and viruses. The tool can be run from any location in your network and filters all traffic.
     
  6. FireDancer

    FireDancer Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    316
    I aggree who cares as long as they cant get in. I am no expert but I have learned alot here at this forum from both BlitzenZues and CrazyM. It seems you need time to learn more about rule based firewalls and how to apply the rules and why. What I did on the advise of BlitzenZues is number 1 read all I could about rules and how they apply then I let my firewall "ask me first" about any applications that I wanted on the net.

    and before I clicked on permit or deny I looked real hard
    at the prompt and read what it was saying so to understand it. Where was it going? what port did it want to connect to? My advise to you is not to worry about who is pinging you and trying to trace them, first and foremost I have found that writing the proper rules and KEEPING them out, and staying SILENT (no responce back) to unsolicited packets or pings works best.

    If you dont absolutley need it DENY it and or ignore it!!

    FireDancer
     
  7. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Yeah, I'm fairly new to firewalls, heh, so still learning about this stuff :doubt:
     
  8. Rickster

    Rickster Guest

    Just a thought Comp01. Having a slick configurable firewall is great if you know all that stuff, but despite all I learn here I still hesitate to upgrade, primarily because it works flawlessly, so why mess with it? I use ZA and struggled with whether to upgrade, but I'm not advanced (or confident) enough to justify it. Secondly, I see posts by people like myself all the time and gain no comfort from the headaches, if not downright vulnerabilities, created in the process. It's your call, but KISS isn't a half-bad philosophy with firewalls. Regards, Rick
     
Loading...
Similar Threads
  1. boredog
    Replies:
    7
    Views:
    1,119
Thread Status:
Not open for further replies.