I've been conversing with the "Expert Team" at PC Flank
(http://www.pcflank.com./) about their scanner. So far they have asked
for additional information about my firewall, but have not defended the
results.
So.... How can I verify that a certain port is/is not open? The report
I got noted port 3128 (which Firewall Forensics says is "squid") was
"open". Later in the report it said all the trojan ports were open
(27374, 12345, 1243, 31337, 12348) (I doubt it!) How can I be sure?
As far as the "spoofing" and why they would want to do it... Anyone
running portsentry? Ever gone up against "Shields Up" or "DSL Reports"
tests? What happens? After a few scans from the same IP, they end up
in hosts.deny and a firewall rule is added, both automatically. Once
that is done, further scanning is moot. My first run against PcFlank
noted more ports open than what I listed above, so I checked out my
network.conf. The variables EXTERN_UDP_PORTS and EXTERN_TCP_PORT had
some ports listed (_domain _ntp _bootpc)(_smtp). I cleaned those up
(had to leave _bootpc(?) for dnsclient) and the next scan listed fewer
ports. Neither "Shields Up" or "DSL Reports" got far enough along in
their scans before portsentry kicked in to see those other ports!
So, once again, how do I tell for sure if the above listed ports are
open/visible/stealth?
Thanks,
Sean
P.S. Did you run the "advanced" test. Take a look at your logs. What
a mess! What does it all mean. Did LRP really pass the test?
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
