Announcement

**DoYouKubuntu** · Dec 08, 2011, 12:16 PM

Re: Probe your ports

Thanks for the link.

Mine passed with perfect results on all tests--and I had to keep ignoring the "this is very unusual on Windows..." type messages. Um, DUH!, it's not windoze.

**SteveRiley** · Dec 08, 2011, 12:29 PM

Re: Probe your ports

Originally posted by nickstonefan

this site https://www.grc.com/x/ne.dll?bh0bkyd2 ... to test the security applications

Please have a look at what I wrote a while back on the identity theft/protection thread. ShieldsUp! is poorly thought-out exercise in scareifying, nothing more. Don't trust it.

**DoYouKubuntu** · Dec 08, 2011, 12:45 PM

Re: Probe your ports

I'd never heard of it, and knowing that my system is secure I didn't worry about it doing anything malicious. I was amused at its assumption that all of its users are on windoze.

**SteveRiley** · Dec 08, 2011, 02:27 PM

Re: Probe your ports

Originally posted by DoYouKubuntu

knowing that my system is secure

Hmm...that's a rather confident statement. Care to share how you really know?

**Qqmike** · Dec 08, 2011, 02:41 PM

Re: Probe your ports

A few years back, I looked into grc scans. I can't come even close to recalling the reasons now, but I concluded that the scan was not giving accurate results for my system. I can't recall if it was my Linux or my router setup. I do recall it complaining somewhat about some ports when in fact they were closed (verified at the time by a buddy). Simple home system: One Earthlink DSL router/modem untit (a combo, P-600 ZyXel), then comes a Linksys router, and off two of the router ports are two desktop PCs. But grc rambled some irrelevant nonsense about it. There went TDC (two d* cents)!

**Telengard** · Dec 08, 2011, 02:45 PM

Re: Probe your ports

Originally posted by SteveRiley

ShieldsUp! is poorly thought-out exercise in scareifying, nothing more. Don't trust it.

You're welcome to your own opinion of Gibson. I find ShieldsUp to be a useful service. It does exactly what it claims to do. If I open a port, it finds it. Your complaint about Gibson's term stealthed may have some merit, but keep in mind that he's addressing Windows users. Anyone curious enough to ask what that means can open Wikipedia and Google to learn more.

**DoYouKubuntu** · Dec 08, 2011, 02:53 PM

Re: Probe your ports

Originally posted by SteveRiley

Originally posted by DoYouKubuntu

knowing that my system is secure

Hmm...that's a rather confident statement. Care to share how you really know?

The short and lazy answer: 26+ years without a single incidence of anything "bad" (viruses, intrusions, hacks, etc.).

**oshunluvr** · Dec 08, 2011, 06:36 PM

Re: Probe your ports

I think "secure enough" might apply. I was chatting with contractor who deals with internet security for the Feds and when I mentioned all my systems were running linux, he immediately said "Oh, well then you're already way more secure than the most users..."

I run a rootkit check once in a while, but frankly I can't imagine what there is to worry about.

I think my single biggest worry is getting hijacked into a botnet and having something really treacherous be pushed through my computer without my knowledge. That could result in a real sticky legal situation.

**woodsmoke** · Dec 08, 2011, 11:09 PM

Re: Probe your ports

When I volunteered at Castle Cops long long ago and far far away, we had people go to Shield's Up! to check their machines.

Using XP I had zone alarm, etc the usual stuff that had been developed free back then and my XP machine never came out as secure as my Linux machine, and that was one reason why I went to Linux.

Looking back I find it humourous that I very HESITANTLY posted in general discussion about how I was moving to Linux, and every once in a while I would have a person ask a question but they were all windows people and that was it. The reason for the hesitancy was I was worried about insulting die-hard windows users.

But, SU was at least considered to be a reasonably good test by the people that ran the place.

woodsmoke

**SteveRiley** · Dec 09, 2011, 12:28 AM

Re: Probe your ports

Originally posted by oshunluvr

I think my single biggest worry is getting hijacked into a botnet and having something really treacherous be pushed through my computer without my knowledge. That could result in a real sticky legal situation.

This is, IMHO, the most worrisome threat, regardless of platform. Botnets are so effective because they work: they trick first the user, and then infect the machine -- often through multiple vulnerabilities at once, making the zombie control software much more difficult to completely remove.

**GreyGeek** · Dec 09, 2011, 02:34 PM

Re: Probe your ports

Gibson's unfortunate "scarifying" and misnomers aside, his probing does give some valuable information. At the least it is easier than having someone else, or yourself, aim nmap or some other port scanner at your box.

First, it tells you which, if any, ports are returning the SYN with a SYN-ACK. His "stealth" mode is merely your port not responding to the first part of the 3-way handshake, the SYN packet. IF all your ports fail to respond to the SYN packets, and your box does not echo a ping, your box is invisible to others on the internet unless they can deduce your presence from the behavior of your ISP's or other upstream servers. Few black hats can do that. Not responding to the SYN with an SYN-ACK is the "no response". Responding to the SYN-ACK by not the final ACK is the "connection refused". The "connection allowed" is when the entire handshake sequence is executed.

UDP, on the other hand, is connectionless. You can only send a UDP packet to the target and hope that it will arrive. The target will give no indication that it received the UDP packet, so in that sense it, too, is "stealthy" by not responding to any UDP packets it receives. However, IF a software app is listening on a UDP port for a specific UDP packet, it can respond. That is what netstat is for, among other things, to list any apps that are listening on tcp or udp sockets.

Code:

~$ sudo netstat -lp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address      Foreign Address     State    PID/Program name
tcp    0   0 *:ssh          *:*           LISTEN   2784/sshd    
tcp    0   0 localhost:ipp      *:*           LISTEN   2152/cupsd   
tcp    0   0 localhost:postgresql  *:*           LISTEN   1510/postgres  
tcp    0   0 localhost:5433     *:*           LISTEN   2017/pgpool   
tcp    0   0 localhost:smtp     *:*           LISTEN   1806/exim4   
tcp    0   0 *:17500         *:*           LISTEN   2916/dropbox  
tcp    0   0 *:8000         *:*           LISTEN   1461/squid   
tcp    0   0 localhost:gpsd     *:*           LISTEN   2121/gpsd    
tcp6    0   0 [::]:ssh        [::]:*         LISTEN   2784/sshd    
tcp6    0   0 localhost:ipp      [::]:*         LISTEN   2152/cupsd   
tcp6    0   0 localhost:postgresql  [::]:*         LISTEN   1510/postgres  
tcp6    0   0 localhost:smtp     [::]:*         LISTEN   1806/exim4   
tcp6    0   0 localhost:gpsd     [::]:*         LISTEN   2121/gpsd    
udp    0   0 *:icpv2         *:*                 1461/squid   
udp    0   0 *:17500         *:*                 2916/dropbox  
udp    0   0 *:mdns         *:*                 1102/avahi-daemon: 
udp    0   0 *:53120         *:*                 1102/avahi-daemon: 
udp    0   0 *:bootpc        *:*                 2699/dhclient  
udp    0   0 *:bootpc        *:*                 2732/dhclient3 
udp    0   0 sonyvgnfw140e.local:ntp *:*                 2825/ntpd    
udp    0   0 localhost:ntp      *:*                 2825/ntpd    
udp    0   0 *:ntp          *:*                 2825/ntpd    
udp    0   0 *:60085         *:*                 1461/squid   
udp6    0   0 localhost:ntp      [::]:*               2825/ntpd    
udp6    0   0 fe80::216:eaff:fe4d:ntp [::]:*               2825/ntpd    
udp6    0   0 [::]:ntp        [::]:*               2825/ntpd    
Active UNIX domain sockets (only servers)
Proto RefCnt Flags    Type    State     I-Node  PID/Program name  Path
unix 2   [ ACC ]   STREAM   LISTENING   17375  2916/dropbox    /home/jerry/.dropbox/command_socket
unix 2   [ ACC ]   STREAM   LISTENING   12036  2017/pgpool     /var/run/postgresql/.s.PGSQL.5433

Gibson is just another business man trying to profit off of public ignorance.

BTW, if your ports are green but you still "Fail" because of the ping echo, it is probably because your wireless router is replying to the ping, NOT your computer. You'll have to turn off the ping reply using your browser to reconfigure your wireless router.

Announcement

Probe your ports

Probe your ports

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment