Author Topic: scan.sygate.com gives me open ports ?!?  (Read 33003 times)

Offline Ivan

  • Newbie
  • *
  • Posts: 14
scan.sygate.com gives me open ports ?!?
« on: September 23, 2006, 08:49:31 PM »
somethin strange is happening...

Hacker watch - simple probe and port scan - everything is ok - stealthed
Shilds Up from grc.com - all tests - everything ok - stealth
PCFlank.com:
Advanced Port Scanner - all ports are stealthed except 21,135 just closed
Trojans test - stealthed except 123,146,623,901,902,903 - closed

scan.sygate.com:
Quick scan - stealthed
Stealth scan - stealthed
TCP scan - stealthed
and now !!!!!!!!!!!
UDP scan - "We have determined that you do not have any firewall blocking UDP ports!"
OPEN PORTS 21, 23, 25, 67, 79, 80, 110, 113, 139, 1080, 1900, 8080
Results from UDP scan of commonly used trojans at IP address xxx.xxx.xxx.xxx: OPEN PORTS 6776, 12345, 20034, 31337, 54320, 54321


should I worry ?!? is it some bug at sygate as I assume that this type of scan from scan.sygate.com is also performed at pcflank, shilds up, hacker watch and everything seems to be well ?!?

I'm using Comodo PF 2.3.5.62 , NOD32 2.51.30 , all windows xp sp2 Pro updates present, Spy Sweeper 5.0.7 (build 1608)

Thanks
« Last Edit: September 23, 2006, 08:54:26 PM by Ivan »

Offline Justin L.

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3124
Re: scan.sygate.com gives me open ports ?!?
« Reply #1 on: September 23, 2006, 09:02:08 PM »
Hi,

Can you please tell me what your Network Monitor settings are? Also are you behind a router firewall? Because if you are the scan will be testing your router's firewall not your Comodo Firewall.

Offline Ivan

  • Newbie
  • *
  • Posts: 14
Re: scan.sygate.com gives me open ports ?!?
« Reply #2 on: September 23, 2006, 09:11:26 PM »
Hi,

I'm on Cable connection ... LAN ... is this the answer on your question ???

Offline Justin L.

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3124
Re: scan.sygate.com gives me open ports ?!?
« Reply #3 on: September 23, 2006, 09:12:48 PM »
Hi,

I'm on Cable connection ... LAN ... is this the answer on your question ???

Hi,

Sorry I should have been more specific, I meant the network monitor settings in your Comodo Firewall.

Offline Ivan

  • Newbie
  • *
  • Posts: 14
Re: scan.sygate.com gives me open ports ?!?
« Reply #4 on: September 23, 2006, 09:20:29 PM »
I did not touch rules created when installing comodo PF , just added 2 more rules to enable microtorrent and dc++ , I did it following instructions at comodo forum , just 3 ports are opened by this rules for incoming connections

Offline Ivan

  • Newbie
  • *
  • Posts: 14
Re: scan.sygate.com gives me open ports ?!?
« Reply #5 on: September 23, 2006, 09:22:39 PM »
or I should make this rules at Application monitor ???

Offline Justin L.

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3124
Re: scan.sygate.com gives me open ports ?!?
« Reply #6 on: September 23, 2006, 09:28:25 PM »
Hi,

Before ever making rules in the network monitor I would always recommend trying to get the program to work in the application monitor. First I would delete the rules you created and scan with your online test. If the online test is showing that the ports are closed like they should be then go to the application in the application monitor click on the application then click edit, then click Allow all activities for this application, then check the Allow Invisible Connection Attempts and Skip Advanced Security Checks boxes, then see if the program will work. However if your ports are still showing that they are opened after you have deleted the rules you have made then there is some setting in the network monitor that is allowing these connections through, and we may need to edit them.

Offline Ivan

  • Newbie
  • *
  • Posts: 14
Re: scan.sygate.com gives me open ports ?!?
« Reply #7 on: September 23, 2006, 09:34:40 PM »
thanks, I'll try your suggestion

Offline Ivan

  • Newbie
  • *
  • Posts: 14
Re: scan.sygate.com gives me open ports ?!?
« Reply #8 on: September 23, 2006, 10:07:07 PM »
I removed all DC++ and microtorrent rules from network monitor and application monitor, restarting PC 3 times, and again a strange situation:
every time i do the UDP scan i get different results about what ports are open, also once was " We have determined that you HAVE firewall blocking UDP ports!..." and after clearing the browser cache and restarting browser there is again "We have determined that you DO NOT HAVE any firewall blocking UDP ports! " and open ports - different from previous scan

Offline Justin L.

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3124
Re: scan.sygate.com gives me open ports ?!?
« Reply #9 on: September 23, 2006, 10:09:46 PM »
I removed all DC++ and microtorrent rules from network monitor and application monitor, restarting PC 3 times, and again a strange situation:
every time i do the UDP scan i get different results about what ports are open, also once was " We have determined that you HAVE firewall blocking UDP ports!..." and after clearing the browser cache and restarting browser there is again "We have determined that you DO NOT HAVE any firewall blocking UDP ports! " and open ports - different from previous scan

Hi,

That is very strange indeed, could you please list the rules you have in your Network Monitor, and their settings?

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11825
  • Linux is free only if your time is worthless.;-)
Re: scan.sygate.com gives me open ports ?!?
« Reply #10 on: September 23, 2006, 10:13:49 PM »
Hi,

I'm on Cable connection ... LAN ... is this the answer on your question ???

G'day,

Does your cable connection connect to a router and your LAN then connects to this?

Or does your connection connect to a modem which is connected directly to your PC?

If you are behind a router, then the scans are reporting the port status of the first filtering device it finds on the return path back to you, which would be your router, not the PC running CPF.

Hope this helps,
Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline Ivan

  • Newbie
  • *
  • Posts: 14
Re: scan.sygate.com gives me open ports ?!?
« Reply #11 on: September 23, 2006, 10:19:37 PM »
attached jpg file

[attachment deleted by admin]

Offline Justin L.

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3124
Re: scan.sygate.com gives me open ports ?!?
« Reply #12 on: September 23, 2006, 10:33:31 PM »
Hi,

This is very strange, your network monitor settings seem fine, the only thing I noticed that didn't make sense is Rules #4, and 5, #4 says that you will allow IP's to have outgoing connections, but Rule #5 says that you will not allow IP's to have incoming or outgoing connections, I would change Rule#5 to just blocking Incoming connections, other then that everything looks fine. I truly have no idea why your results are appearing the way they are, what Components in the Firewall do you have enabled? What is your Protection Strength rating?
« Last Edit: September 23, 2006, 10:38:13 PM by justin1278 »

Offline Ivan

  • Newbie
  • *
  • Posts: 14
Re: scan.sygate.com gives me open ports ?!?
« Reply #13 on: September 23, 2006, 10:54:28 PM »
no the same thing again +
after 10-15 UDP scan in the same browser - Opera 9 - and allways getting different open ports and just once " We have determined that you have a firewall blocking UDP ports! We are unable to scan any more UDP ports on IP:xxxxxx "
I tried with this: I started IE6, Firefox 1.5.0.7 and Opera 9.02 and started test on all browsers - different opened ports on every results  (:AGY)
my component rules was at learn mode, i didn't add anything there comodo added components during my allow/deny to the programs , I tried with switch it to ON mode but the results are the same ..... I'll see tomorrow to reinstall comodo PF and see what will happen, thanks for your help !!!

Offline Justin L.

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3124
Re: scan.sygate.com gives me open ports ?!?
« Reply #14 on: September 23, 2006, 11:09:18 PM »
no the same thing again +
after 10-15 UDP scan in the same browser - Opera 9 - and allways getting different open ports and just once " We have determined that you have a firewall blocking UDP ports! We are unable to scan any more UDP ports on IP:xxxxxx "
I tried with this: I started IE6, Firefox 1.5.0.7 and Opera 9.02 and started test on all browsers - different opened ports on every results  (:AGY)
my component rules was at learn mode, i didn't add anything there comodo added components during my allow/deny to the programs , I tried with switch it to ON mode but the results are the same ..... I'll see tomorrow to reinstall comodo PF and see what will happen, thanks for your help !!!

What port scans are you using for this? Is it possible that it is just the scan that is strange? Or are you using different port scans and they are coming up with the same open ports?

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek