Hey,
I'm a newbie also.  I have a question.  Doesn't using these "testing" sites say;
hey, here I am come and get me?
I mean are they really to be trusted?  I know it's nice to know how secure you
are but I'm afraid to use them.

Glenn

Dan wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>    D I S C L A I M E R
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> I am a newb to this, but I am using the same system you guys are.  My
> response here is a "guess" to see if my thinking is correct.  Please don't
> confuse it with the well-informed
> input I hope it will draw :)
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> My first guess:  In looking thru my own filter rules, I notice the
> following:
>
>   0     0 REJECT     tcp  ------ 0xFF 0x00  eth0  0.0.0.0/0  0.0.0.0/0
>   * ->   137
>   0     0 REJECT     tcp  ------ 0xFF 0x00  eth0  0.0.0.0/0  0.0.0.0/0
>   * ->   135
> 257 20046 REJECT     udp  ------ 0xFF 0x00  eth0  0.0.0.0/0  0.0.0.0/0
>   * ->   137
>   0     0 REJECT     udp  ------ 0xFF 0x00  eth0  0.0.0.0/0  0.0.0.0/0
>   * ->   135
>   0     0 REJECT     tcp  ------ 0xFF 0x00  eth0  0.0.0.0/0  0.0.0.0/0
>   * ->   138:139
> 146 34019 REJECT     udp  ------ 0xFF 0x00  eth0  0.0.0.0/0  0.0.0.0/0
>   * ->   138
>
> ... and so forth.  My _guess_ is that the default config "rejects" these
> packets, which sends back a message to the probing machine that allows it to
> determine that the port in fact exists and is responding.  If the probe app
> is "dumb" it will report ANY reply as "vulnerable."  Most other filters in
> E2B seem to use DENY, but if I am correct, there are some comments in the
> E2B scripts related to Windows doing "braindead things" --- this may be part
> of the cure for that, as these are Windows default networking ports.
>
> As far as the 1080, that's SOCKS --- I don't know why it is showing for all
> of us (myself included).  I am definitely NOT running any such proxy here.
> Port 3128 is not one I can find any info on.
>
> My last guess is this:  the probe app is a POS, and not to be trusted.
>
> Dan
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Robert
> Chambers
> Sent: Tuesday, June 26, 2001 11:35 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Leaf-user] Firewall testing
>
> I have also tried this site, and the same for me open ports 135, 137, 138,
> 139 and visable ports 1080, 3128.  I am also running Eigerstien2beta.
> When I test my system with Steve Gibson's site grc.com it says that I am a
> hard target and all ports that are tested are in stealth mode.
> Robert Chambers
>
> Michael Leone wrote:
>
> > On 09 Jun 2001 08:55:01 -0400, Sean E. Covel wrote:
> > > To all,
> > >
> > > This is an interesting new test site.  Uses IP Spoofing, so it does not
> > > set off portsentry (first test that DIDN'T)  It was also the first test
> > > ever to say I had ports open/visible.  I'm using EB2 LRP, and have been
> > > on it awhile.  I'm no expert, so could some of you experts take a look
> > > at the tests (there are 2) and tell me what you see?
> >
> > This is the only scan I've ever taken (with EigerSteinBeta2) that told
> > me I have ports 135, 137, 138 and 139 open. And ESB2 by default closes
> > these ports.
> >
> > Also, it says port 21 (ftp), 80 (web) is open for me. This is true. Yet
> > somehow, the scan missed port 22 (SSH), and port 113 (ident), both of
> > which I am also running, and therefore should both show as open.
> >
> > Also says some of the 'scare' ports - 27374, 31337, etc (the ports that
> > SubSeven, Back Oriface, and others use) - are visible, but not open.
> >
> > Makes me wonder about this scan. It missed some blatent ones, and
> > reported on other ports that other scan sites did not.
> >
> > --
> >
> > ------------------------------------------------------------------
> > Michael J. Leone                  Registered Linux user #201348
> > <mailto:[EMAIL PROTECTED]>    ICQ: 50453890
> > PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
> >
> > Pysche closed for renovations.
> >
> > _______________________________________________
> > Leaf-user mailing list
> > [EMAIL PROTECTED]
> > http://lists.sourceforge.net/lists/listinfo/leaf-user
>
> _______________________________________________
> Leaf-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/leaf-user
>
> _______________________________________________
> Leaf-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/leaf-user


_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user

Reply via email to