scan.sygate.com gives me open ports ?!?

[Guest]

[Ivan]

somethin strange is happening...

Hacker watch - simple probe and port scan - everything is ok - stealthed
Shilds Up from grc.com - all tests - everything ok - stealth
PCFlank.com:
Advanced Port Scanner - all ports are stealthed except 21,135 just closed
Trojans test - stealthed except 123,146,623,901,902,903 - closed

scan.sygate.com:
Quick scan - stealthed
Stealth scan - stealthed
TCP scan - stealthed
and now !!!!!!!!!!!
UDP scan - "We have determined that you do not have any firewall blocking UDP ports!"
OPEN PORTS 21, 23, 25, 67, 79, 80, 110, 113, 139, 1080, 1900, 8080
Results from UDP scan of commonly used trojans at IP address xxx.xxx.xxx.xxx: OPEN PORTS 6776, 12345, 20034, 31337, 54320, 54321


should I worry ?!? is it some bug at sygate as I assume that this type of scan from scan.sygate.com is also performed at pcflank, shilds up, hacker watch and everything seems to be well ?!?

I'm using Comodo PF 2.3.5.62 , NOD32 2.51.30 , all windows xp sp2 Pro updates present, Spy Sweeper 5.0.7 (build 1608)

Thanks

[Júštiñ™]

Hi,

Can you please tell me what your Network Monitor settings are? Also are you behind a router firewall? Because if you are the scan will be testing your router's firewall not your Comodo Firewall.

[Ivan]

Hi,

I'm on Cable connection ... LAN ... is this the answer on your question

[Júštiñ™]

Hi,

I'm on Cable connection ... LAN ... is this the answer on your question

Hi,

Sorry I should have been more specific, I meant the network monitor settings in your Comodo Firewall.

[Ivan]

I did not touch rules created when installing comodo PF , just added 2 more rules to enable microtorrent and dc++ , I did it following instructions at comodo forum , just 3 ports are opened by this rules for incoming connections

[Ivan]

or I should make this rules at Application monitor

[Júštiñ™]

Hi,

Before ever making rules in the network monitor I would always recommend trying to get the program to work in the application monitor. First I would delete the rules you created and scan with your online test. If the online test is showing that the ports are closed like they should be then go to the application in the application monitor click on the application then click edit, then click Allow all activities for this application, then check the Allow Invisible Connection Attempts and Skip Advanced Security Checks boxes, then see if the program will work. However if your ports are still showing that they are opened after you have deleted the rules you have made then there is some setting in the network monitor that is allowing these connections through, and we may need to edit them.

[Ivan]

thanks, I'll try your suggestion

[Ivan]

I removed all DC++ and microtorrent rules from network monitor and application monitor, restarting PC 3 times, and again a strange situation:
every time i do the UDP scan i get different results about what ports are open, also once was " We have determined that you HAVE firewall blocking UDP ports!..." and after clearing the browser cache and restarting browser there is again "We have determined that you DO NOT HAVE any firewall blocking UDP ports! " and open ports - different from previous scan

[Júštiñ™]

I removed all DC++ and microtorrent rules from network monitor and application monitor, restarting PC 3 times, and again a strange situation:
every time i do the UDP scan i get different results about what ports are open, also once was " We have determined that you HAVE firewall blocking UDP ports!..." and after clearing the browser cache and restarting browser there is again "We have determined that you DO NOT HAVE any firewall blocking UDP ports! " and open ports - different from previous scan

Hi,

That is very strange indeed, could you please list the rules you have in your Network Monitor, and their settings?

[panic]

Hi,

I'm on Cable connection ... LAN ... is this the answer on your question

G'day,

Does your cable connection connect to a router and your LAN then connects to this?

Or does your connection connect to a modem which is connected directly to your PC?

If you are behind a router, then the scans are reporting the port status of the first filtering device it finds on the return path back to you, which would be your router, not the PC running CPF.

Hope this helps,
Ewen :-)

[Ivan]

attached jpg file

[Júštiñ™]

Hi,

This is very strange, your network monitor settings seem fine, the only thing I noticed that didn't make sense is Rules #4, and 5, #4 says that you will allow IP's to have outgoing connections, but Rule #5 says that you will not allow IP's to have incoming or outgoing connections, I would change Rule#5 to just blocking Incoming connections, other then that everything looks fine. I truly have no idea why your results are appearing the way they are, what Components in the Firewall do you have enabled? What is your Protection Strength rating?

[Ivan]

no the same thing again +
after 10-15 UDP scan in the same browser - Opera 9 - and allways getting different open ports and just once " We have determined that you have a firewall blocking UDP ports! We are unable to scan any more UDP ports on IP:xxxxxx "
I tried with this: I started IE6, Firefox 1.5.0.7 and Opera 9.02 and started test on all browsers - different opened ports on every results 
my component rules was at learn mode, i didn't add anything there comodo added components during my allow/deny to the programs , I tried with switch it to ON mode but the results are the same ..... I'll see tomorrow to reinstall comodo PF and see what will happen, thanks for your help !!!

[Júštiñ™]

no the same thing again +
after 10-15 UDP scan in the same browser - Opera 9 - and allways getting different open ports and just once " We have determined that you have a firewall blocking UDP ports! We are unable to scan any more UDP ports on IP:xxxxxx "
I tried with this: I started IE6, Firefox 1.5.0.7 and Opera 9.02 and started test on all browsers - different opened ports on every results 
my component rules was at learn mode, i didn't add anything there comodo added components during my allow/deny to the programs , I tried with switch it to ON mode but the results are the same ..... I'll see tomorrow to reinstall comodo PF and see what will happen, thanks for your help !!!

What port scans are you using for this? Is it possible that it is just the scan that is strange? Or are you using different port scans and they are coming up with the same open ports?

[Tags:]