Which port scanning site should I believe?!

Discussion in 'other firewalls' started by Comp01, Jul 4, 2004.

Thread Status:
Not open for further replies.
  1. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    I just got this PC online (Win2k, all service pakcs + updates, etc) scanned at grc.com and pcflank.com - pcflank says port 138 is just closed, but grc.com says it is stealthed! Which one should I believe?
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    If it were mine I would be inclined to go with GRC
     
  3. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    this might not be relevant here but some sites call stealthed ports closed ports
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma

    It is all relevant;) . But anytime there is a question between PC Flank and GRC I will Most always go with GRC. It is a personal opinion but I believe i'm right.
     
  5. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Yeah, I don't know, maybe my NetBIOS aren't closed properly? (I used GRNoShare util, wouldn't let me online after that, so then used LetShare to re-enable them) so could this possibly be it?
     
  6. dog

    dog Guest

    I would agree ... Steve Gibson's Sheilds Up ... is one of the founding fathers among online port scanners ... That Nano Probe technology is amazing ... always fast and reliable.

    BTW- Pc Flank also uses "stealth" ratings ... and is also a reliable scanner.

    Comp01 have you tried re-scanning to double check?

    dog - *puppy*
     
  7. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Why don't you try GRC one more time, scan all service ports and see what you get. if you get all stealth, you got it.
     
  8. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
  9. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    I am using Sygates scan servies right now. Seeing what it has to say. In the logs though, it never shows ports 137, 138, and 139 as ever being scanned.
     
  10. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Your ISP could be blocking these ports.
    Are you behind any kind of hardware device?

    Regards,

    CrazyM
     
  11. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    I am not behind any hardware device, I am actually using dialup, the only firewall I have is Sygate 5.5, so it could be my ISP blocking these ports?
     
  12. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    ISP's will filter traffic coming in to their networks. Odd results at scanning sites and the events not showing up in your logs is usually an inidcator. To be certain you would have to contact your ISP to determine what traffic they may be blocking.

    As you noted earlier though, double check your rules for anything allowing inbound traffic just in case.

    Regards,

    CrazyM
     
  13. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Thanks for all the info, I believe it is PCflank, as I have passed Sygates test, GRC.com's about 3 times now, and a few others with no open ports, all stealthed, its only at PCflank.com...
     
  14. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Sorry, just thought I'd post this extra bit of info, neither port 137 or 138 are logged in any firewall records, however, everyother port is, I checked my rulesets, etc, and nothing is to bed allowe don ports 138, and 137, so I guess its either a) my ISP is blocking it, or b) PCflank.com is reporting invalid info...
     
  15. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Check my page http://www.security-ops.tk
    I have there several most reliable checkers for firewalls.
    But i mostly trust GRC and Sygate SOS.
     
  16. MakoFusion

    MakoFusion Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    130
    Well buddy what I'm about to say is totall unbiased cause I have seen it for myself.

    PCFlank.com is a total bunch of CRAP! You heard me right - It is rigged probably to sell that Outpost Firewall Pro they advertise to those who freak over a fail in a one time test. The people there will tell you excuses like 'oh its cause of one thing or another' or 'your proxy or router is cause it to fail'. I can do the same test 10 times on GRC.com with the same results but on this site I only need but a few of the same exact test changing nothing to any settings and come up with different results. Even when I have purposly set up my firewall that should be able to pass the four major ports.

    At Risk!
    TEST 1
    The test found visible port(s) on your system: 135, 138, 139
    TEST 2
    The test found visible port(s) on your system: 135, 137, 138
    TEST 3
    The test found visible port(s) on your system: 135, 137
    TEST 4
    The test found visible port(s) on your system: 135, 137, 138, 139

    I would not recommend this site to be a reliable firewall checker.

    I bet the majority of you could do the Quick test 5 times without changing anything and come up with lots of different results.
     
  17. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I would go with grc scan results over pcflank myself.
    You could check with a third scanning site to verify.
    Try this one....

    http://www.auditmypc.com
     
  18. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    I believe GRC and Sygate SOS the most. Their port scan results are more accurate.
     
  19. gerico

    gerico Registered Member

    Joined:
    Jul 6, 2002
    Posts:
    14
    In the past I've experienced a problem about ports 12345-12346: the PCFLANK scanner was telling me that these ports were "closed", not "stealthed". Furthermore I was unable to detect packets on these ports from my firewall packet log.
    Other port scanners labeled 12345 and 12346 as "stealthed".

    After a lot of tries I've found that effectively these ports were "closed" because my ISP was blocking (closing) them before my PC. Trying with other ISP confirmed my thesis (PCFLANK identified 12345-12346 as "stealthed" and packets finally were in the log).

    So, my conclusion: the PCFlank port scanner is one of the best scanners available on the net. Results are really more sensible from those reported by other scanners (that cannot distinguish if a port is closed by the ISP), furthermore the scan offers a wider range of options (TCP, SYN, etc.).

    My two cents.
     
  20. MakoFusion

    MakoFusion Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    130
  21. Snook

    Snook Registered Member

    Joined:
    Jun 19, 2003
    Posts:
    182
    PC Flank is not accurate. I've deployed Port Explorer and Ethereal which show no activity on the ports reported by PC Flank as either being open or closed (as opposed to stealth). Should be renmaned PC Flunk.
     
  22. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    I'm behind a Linksys BEFSX41 + Outpost Pro and pcflank shows ports 135, 137, 138, 139 open. I don't think so.

    Nick
     
  23. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Yes, absolutely right, PC Flunk is a GOOOD name for them.
     
  24. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Hello nick s
    Even though you may have the best firewall (Outpost) you can still set the Linksys router to close its ports (135, 137, 138, 139). We changed these router port settings for someone and the new GRC scan was even better!

    Be seeing you
     
  25. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    The problem is that GRC and Sygate scan results always show fully stealthed. If I do the pcflank scan twice, the results will be different on the second scan (135, 138, 139 versus 135, 137, 138, 139). If I set the router to forward 135, 137, 138, 139 to nonexistent IPs, pcflank still shows them to be "visible".

    Nick

    After more testing, it appears that my ISP is blocking those ports and the router setup is not relevant. However, it does not explain two different results on consecutive scans.
     
    Last edited: Jul 16, 2004
Loading...
Thread Status:
Not open for further replies.