WWDC conflicting report vs grc -which to believe

Discussion in 'other firewalls' started by bluekey23, Jun 7, 2004.

Thread Status:
Not open for further replies.
  1. bluekey23

    bluekey23 Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    77
    Hello,
    I just downloaded and tried out gk's WWDC(windows worms door clearer 1.4.1). In the right hand menu under open ports it says that TCP ports 3001-3004 and 1025 are **open**. But when I went to grc and ran a scan, the scan says these are all stealthed(perfect result). This is confusing. How should I interpret these apparently conflicting results?
    Hopefullly someone can shed some light on this.
    Thanks!
    p.s. In a post I made here about a month ago, Lowwatermark asked me to post a portion of my Zonealarm log and said that I was protected since I have the internet zone and trusted zone settings are set on high.
     
  2. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi bluekey23,

    WWDC check local open ports, which mean ports which are really opened on your system, either by a windows service binded to it, or by
    an application you have started.

    An online scan doesn't show you local opened ports, but the ports status available from the Internet.
    If for instance one of your port is opened, but if you block it with a firewall, the the port will be "stealth" from the outside,
    althought it is really opened on your system.
    It's the purpose of a firewall to block your ports.

    There is a difference between the local status (the reality) and the remote available status.

    Regards,

    gkweb.
     
  3. bluekey23

    bluekey23 Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    77
    Hi GK,
    Thanks for your replies. Now I'm still confused. You say that
    If for instance one of your port is opened, but if you block it with a firewall, the the port will be "stealth" from the outside,
    althought it is really opened on your system.
    It's the purpose of a firewall to block your ports.
    I have always assumed that my firewall(ZApro 5) was blocking these local open ports. The WWDC shows some open TCP and UDP ports(about 6 of each). Most worrisome(I think) is open TCP port 1025, which I know is a port favored by some trojans. Should I assume that if WWDC does NOT show a TCP or UDP port as open, then it is blocked locally? So, I guess my questions are:
    1. Should I worry about these ports which WWDC shows as open?
    2. If I should worry, then how do I go about blocking these local open ports?
    (hmmm.... always thought the firewall with settings on high would be giving me the right level of security)
     
  4. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    What WWDC does is the same than the netstat command.
    For more details, you can use Port Explorer from DiamondCS.

    May be i didn't explain it well :
    ports can be locally opened or closed.
    An opened port, is simply an application/service listening on it (binded to).

    Then, your concerns are about external attacks from the outside, so no matter if your ports are opened or not on your system, if a firewall block them. So no, if all your port are seen as stealth/closed from the outside, there is no need to worry.

    It depends on the point of view : from the outside (crackers, malwares, attacks, etc...) ports are unreachable, whereas locally there are opened and unexploitable.

    Imagine a house with windows opened, if you put a big wall made of stones in front of it, the windows are unreachable althought still opened.

    regards,

    gkweb.
     
  5. bluekey23

    bluekey23 Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    77
    GK,
    That's much more clear. Excellent anaolgy!
     
  6. jvmorris

    jvmorris Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    618
    And it's an important issue, also.

    If you need, for some reason, to disable your software firewall or you need to move out from behind it for some reason (gulp!), or if you're concerned what might be exposed if your software firewall simply fails or gets subverted, gkweb's little utility allows you to easily find out what's going to be exposed to the world at large.

    So, it's an easy way to find services that you may want to consider disabling or otherwise protecting.
     
Thread Status:
Not open for further replies.