Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Good free browser/firewall testers?


  • Please log in to reply
10 replies to this topic

#1 n01paranoid

n01paranoid

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:13 AM

Posted 22 February 2012 - 11:02 AM

Shields Up seems pretty good. Not so sure about pcflank though. Their Quick Test says I have several visible ports, and the solution they recommend is for me to buy Outpost Firewall Pro, yet when I test these very same ports in their Advanced Port Scanner test, pcflank says they are all stealthed and invisible to others. Scam? Scareware?

Of the browser only testers, browserscope seems one of the better ones.

Any thoughts on these or others?

Edited by n01paranoid, 22 February 2012 - 11:07 AM.


BC AdBot (Login to Remove)

 


#2 spc3rd

spc3rd

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Mid-Atlantic region (USA)
  • Local time:11:13 PM

Posted 22 February 2012 - 11:13 AM

Hi n01paranoid,

Just a comment here about Outpost Firewall Pro which I happen to use myself. Within the Firewall settings, you can tick a box which essentially tells OPFW to run in stealth mode, which does make you invisible to others.

Just a thought.

Regards,

spc3rd

Dell Optiplex 755 Desktop | Win 7 Pro, SP 1, 64-bit | Intel Core 2 Duo, 3.00 gHz CPU | 8 GB RAM | 400 GB Seagate SATA HDD | Outpost Security Suite Pro | MBAM Premium 2.0 | Spywareblaster | SAS (on-demand) | Blocklist Pro | IE 11 & FF w/ NoScript | Disconnect | Adblock Plus | Flagfox


#3 n01paranoid

n01paranoid
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:13 AM

Posted 22 February 2012 - 11:20 AM

Thanks for the reply. I use Comodo firewall with Defense+ enabled and stealth settings as you mention with Outpost. Pcflank is the only tester that says I have visible ports. Has anyone taken pcflank's quick test and not been told they have visible ports?

Edited by n01paranoid, 22 February 2012 - 11:23 AM.


#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 AM

Posted 22 February 2012 - 03:41 PM

Pcflank is the only tester that says I have visible ports.


I did the test and it says that the following ports are visible on my machine: 21, 23, 80, 135, 137, 138, 139, 1080, 3128

I don't know what they mean with "visible", it's not a common term used with port scanning.
Anyways, I know these ports are not open to the Internet on my machine. My machine sits behind a Cisco router (the public IP address provided by my ISP is on one of the interfaces of my router) and is NATed, and all the ports on my Cisco router on the Internet-facing interface are closed.

One of the most popular and best tools to scan machines is nmap. It is a command line tool running on many OSs like Windows and Linux, but you can find online versions too, like http://http://nmap-online.com
nmap classifies a port as open, closed, filtered or unfiltered. Most of the ports that pcflank identified as "visible", are classified as filtered by nmap. And the other are closed.
Filtered means that nmap could not determine if a port was open or closed, because some network device sitting between nmap and my router is blocking packets for these ports. And that is normal, because my ISP is blocking these ports for me. Even if these ports were open, they can't be connected to because my ISP "filters" (e.g. blocks) all traffic directed to these ports.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 n01paranoid

n01paranoid
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:13 AM

Posted 22 February 2012 - 04:35 PM

As I suspected. Those are virtually the same ports that pcflank says are visible on my system. Did you try their advanced port scanner test aswell? When I ran it these same ports suddenly become stealthed and invisible. Looks like pcflank is a scareware site trying to get people to buy their sponsor's products.

Thanks for the nmap info. When I've got more time I'll give it a go.

#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 AM

Posted 22 February 2012 - 04:45 PM

Did you try their advanced port scanner test aswell?

Yes, all ports closed.

Looks like pcflank is a scareware site trying to get people to buy their sponsor's products.

They use too much FUD in their texts.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 FlannelBack

FlannelBack

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 23 February 2012 - 01:54 AM

If I understand PC Flank correctly, by "visible" they mean not stealthed. But they strongly imply that a visible port is an open port which is not necessarily true. A port can be closed and still visible, at least according to Mr. Gibson. https://www.grc.com/su/portstatusinfo.htm

PC Flank tells me the ports 135, 137, 138, 139 are "visible" on mine. But ShieldsUP! says other wise and my logs agree with ShieldsUP!

FUD, indeed it is.

#8 n01paranoid

n01paranoid
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:13 AM

Posted 23 February 2012 - 05:09 AM

The identical ports I was told were visible but, like you, ShieldsUp says otherwise, as does pcflank's own advanced port scanner. And yes, pcflank's quick test is misleading, to say the least. Norton Safe Web cautions users about pcflank and gives 3 examples of malware, but other site checkers such as sucuri give it a clean bill of health. Best to avoid the site. ShieldsUp for me from now on.

Edited by n01paranoid, 23 February 2012 - 05:15 AM.


#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 AM

Posted 23 February 2012 - 07:11 AM

It's important to differentiate between a PC with a public IP address (e.g. a PC with a network interface that connects directly to the Internet) and a PC with a private IP address (e.g. a PC with a network interface that connects to a network device like a router).

I assumed you have a PC with a public IP address and wanted to know what ports were open and closed.
If you connect to the Internet via a router, than these scanning websites are actually scanning your router, not your PC.
Installing a firewall on your PC will not change which ports are open or closed or stealth on your router.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 FlannelBack

FlannelBack

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 23 February 2012 - 08:40 PM

Must agree with you Didier, especially since I'm not a network guru by any means. I fall into the second category of private IP hence I don't run these types of scans often for the reason you stated.

I guess the question is why does PC Flank flag ports that ShieldsUP says are stealthed? In my case PC Flank showed ports as "visible", not stealthed, but that they were closed. The router/firewall(<--hardware) logs recorded the ShieldsUP scans but not the PC Flank scans. :scratchhead:

#11 ranget

ranget

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:13 PM

Posted 24 February 2012 - 04:10 PM

grc is good tool for testing

also there is a controversy about having Ports Closed vs stealth
i think stealth is better but kaspersky inc. thinks that stealth is useless

anyway i will leave the judgment for more experienced user

A big thanks to Dider Stevens

sorry for not being around

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users