Hey,
I'm a newbie also. I have a question. Doesn't using these "testing" sites say;
hey, here I am come and get me?
I mean are they really to be trusted? I know it's nice to know how secure you
are but I'm afraid to use them.
Glenn
Dan wrote:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> D I S C L A I M E R
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> I am a newb to this, but I am using the same system you guys are. My
> response here is a "guess" to see if my thinking is correct. Please don't
> confuse it with the well-informed
> input I hope it will draw :)
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> My first guess: In looking thru my own filter rules, I notice the
> following:
>
> 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0
> * -> 137
> 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0
> * -> 135
> 257 20046 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0
> * -> 137
> 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0
> * -> 135
> 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0
> * -> 138:139
> 146 34019 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0
> * -> 138
>
> ... and so forth. My _guess_ is that the default config "rejects" these
> packets, which sends back a message to the probing machine that allows it to
> determine that the port in fact exists and is responding. If the probe app
> is "dumb" it will report ANY reply as "vulnerable." Most other filters in
> E2B seem to use DENY, but if I am correct, there are some comments in the
> E2B scripts related to Windows doing "braindead things" --- this may be part
> of the cure for that, as these are Windows default networking ports.
>
> As far as the 1080, that's SOCKS --- I don't know why it is showing for all
> of us (myself included). I am definitely NOT running any such proxy here.
> Port 3128 is not one I can find any info on.
>
> My last guess is this: the probe app is a POS, and not to be trusted.
>
> Dan
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Robert
> Chambers
> Sent: Tuesday, June 26, 2001 11:35 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Leaf-user] Firewall testing
>
> I have also tried this site, and the same for me open ports 135, 137, 138,
> 139 and visable ports 1080, 3128. I am also running Eigerstien2beta.
> When I test my system with Steve Gibson's site grc.com it says that I am a
> hard target and all ports that are tested are in stealth mode.
> Robert Chambers
>
> Michael Leone wrote:
>
> > On 09 Jun 2001 08:55:01 -0400, Sean E. Covel wrote:
> > > To all,
> > >
> > > This is an interesting new test site. Uses IP Spoofing, so it does not
> > > set off portsentry (first test that DIDN'T) It was also the first test
> > > ever to say I had ports open/visible. I'm using EB2 LRP, and have been
> > > on it awhile. I'm no expert, so could some of you experts take a look
> > > at the tests (there are 2) and tell me what you see?
> >
> > This is the only scan I've ever taken (with EigerSteinBeta2) that told
> > me I have ports 135, 137, 138 and 139 open. And ESB2 by default closes
> > these ports.
> >
> > Also, it says port 21 (ftp), 80 (web) is open for me. This is true. Yet
> > somehow, the scan missed port 22 (SSH), and port 113 (ident), both of
> > which I am also running, and therefore should both show as open.
> >
> > Also says some of the 'scare' ports - 27374, 31337, etc (the ports that
> > SubSeven, Back Oriface, and others use) - are visible, but not open.
> >
> > Makes me wonder about this scan. It missed some blatent ones, and
> > reported on other ports that other scan sites did not.
> >
> > --
> >
> > ------------------------------------------------------------------
> > Michael J. Leone Registered Linux user #201348
> > <mailto:[EMAIL PROTECTED]> ICQ: 50453890
> > PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
> >
> > Pysche closed for renovations.
> >
> > _______________________________________________
> > Leaf-user mailing list
> > [EMAIL PROTECTED]
> > http://lists.sourceforge.net/lists/listinfo/leaf-user
>
> _______________________________________________
> Leaf-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/leaf-user
>
> _______________________________________________
> Leaf-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/leaf-user
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user