Author Topic: scan.sygate.com gives me open ports ?!?  (Read 33012 times)

Offline Ivan

  • Newbie
  • *
  • Posts: 14
Re: scan.sygate.com gives me open ports ?!?
« Reply #15 on: September 24, 2006, 05:49:11 AM »
scan.sygate.com UDP scan - allways scan the same ports 20,21,22,23,25,53,59,67,79,80,110,.......
on the first scan my open ports are - let's say 20,21,25,67,100 other ports are closed
on the second scan my open ports are - 20,25,53,79,80 other ports closed
tha third scan - open ports 23,53,79,100,......

my connection is just my PC --> cable modem ---> internet

I think that something is wrong with sygate UDP scan , this shoul be impossible once to show that " We have determined that you have a firewall blocking UDP ports! We are unable to scan any more UDP ports on IP:xxxxxx " and for the next 5 scans to show allways different ports opened and after that " you have firewall...." and so on.
I will reinstall CPF and only allow Opera browser to connect to the internet and do the scan ..... with all set at default settings in CPF
« Last Edit: September 24, 2006, 06:07:50 AM by Ivan »

Offline Denisss

  • Comodo Family Member
  • ***
  • Posts: 85
Re: scan.sygate.com gives me open ports ?!?
« Reply #16 on: September 24, 2006, 06:26:13 AM »
UDP Scan is a very strange scan...
It showed that some of my ports are closed (the most). And there are the words: "This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities."
But I know, that there is a running application on this port. Comodo blocked the connection.
Moreover, it has showed to me that I have NetBIOS port opened. That cannot be true, cause NetBIOS service has been stopped on my PC.
And more... Quick scan shows that I'm using OS Linux and browser IE 6.0. The fact is that they're twice wrong. I use WinXP SP 2 and my browser is Opera 9.02!

PS
I have a direct connection to internet. No proxies (except local one, but when I was doing tests, I had turned it off), no NATs, no router firewalls.
« Last Edit: October 01, 2006, 04:52:27 AM by Denisss »
Denisss
Moscow, Russia

Offline Ivan

  • Newbie
  • *
  • Posts: 14
Re: scan.sygate.com gives me open ports ?!?
« Reply #17 on: September 24, 2006, 09:36:09 AM »
I'm giving up, I reinstalled CPF and just allowed Opera 9.02 (any/any TCP/UDP  Out ) . After 4 sygate UDP scans and " you have firewall" at the 5th scan " you don't have firewall... " and many open ports.   (:AGY)

marc57

  • Guest
Re: scan.sygate.com gives me open ports ?!?
« Reply #18 on: September 24, 2006, 12:41:03 PM »
Hey Ivan,

What do the CPF logs say when you are running this scan? If scan.sygate.com says these ports are open, but the CPF logs say access is denied to these ports then I would say it's a problem with Sygate and not CPF.

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: scan.sygate.com gives me open ports ?!?
« Reply #19 on: September 29, 2006, 05:01:57 PM »
UDP scanners work like this way:

1 - Try to connect a UDP port,
2- Wait for ICMP Port Unreachable message
3- If no ICMP message is received, then the port is OPEN or STEALTH.

If you have a LAN or 2 PCs connected to each other, I recommend using nmap port scanner downloadable from http://www.insecure.org(IMHO, the best hacker tool ever written).

Good luck,
Egemen

Offline Denisss

  • Comodo Family Member
  • ***
  • Posts: 85
Re: scan.sygate.com gives me open ports ?!?
« Reply #20 on: October 01, 2006, 05:19:45 AM »
Hi,

I've passed the test! I've added the new rule to Network Monitor, so UDP Scan shows me that message: "We have determined that you have a firewall blocking UDP ports!
We are unable to scan any more UDP ports on IP: <here.is.my.ip> . . .

You have blocked all of our probes! We still recommend running this test both with
and without Sygate Personal Firewall enabled... so turn it off and try the test again.
"

The new rule is:
BLOCK ICMP OUT FROM IP [Any] TO IP [Any] WHERE ICMP MESSAGE IS PORT UNREACHABLE

Thanks!
Denisss
Moscow, Russia

Offline cprtech

  • Comodo Loves me
  • ****
  • Posts: 145
Re: scan.sygate.com gives me open ports ?!?
« Reply #21 on: October 01, 2006, 10:31:15 PM »
Hi,

I've passed the test! I've added the new rule to Network Monitor, so UDP Scan shows me that message: "We have determined that you have a firewall blocking UDP ports!
We are unable to scan any more UDP ports on IP: <here.is.my.ip> . . .

You have blocked all of our probes! We still recommend running this test both with
and without Sygate Personal Firewall enabled... so turn it off and try the test again.
"

The new rule is:
BLOCK ICMP OUT FROM IP [Any] TO IP [Any] WHERE ICMP MESSAGE IS PORT UNREACHABLE

Thanks!

I put my machine's ip on the router's DMZ, ran the Sygate UDP scan and it passed with flying colours, and I don't have that rule above.

Offline Ivan

  • Newbie
  • *
  • Posts: 14
Re: scan.sygate.com gives me open ports ?!?
« Reply #22 on: October 03, 2006, 10:32:17 PM »
Well ... interesting situation anyway... each time different ports opened and sometime (rare occasions) -  " You have firewall..."

I don't have a LAN or 2 PCs connected to each other... and as I said I tested PC with fresh CPF install without allowing any other app to connect internet except browser ( first time Opera 9.02 and second fresh CPF install Firefox 1.5.0.7 )

with CPF update to version 2.3.6.81  - the same situation
« Last Edit: October 03, 2006, 10:34:21 PM by Ivan »

Offline max2

  • Comodo Family Member
  • ***
  • Posts: 87
Re: scan.sygate.com gives me open ports ?!?
« Reply #23 on: October 09, 2006, 04:13:18 PM »
Hello Everyone,

I've been reading a lot of posts and I would really love it (I'm actually begging) if someone out there could sum up how I can stealth my ports with CPF. 

I too did the Sygate scan and only 3 of my ports showed as blocked (i.e. stealthed) while the rest are only closed.  This is the same result that I got when running the Trend Micro IS 2007 firewall which did not get favorable reviews especially compared to CPF.  Suprisingly enough, I tried the Look and Stop firewall and that gave me the best results thus far, blocking all ports that are most likely to be used for Trojans.  And it did without me tweaking anything on my computer, peripherals or the software itself.

I am running a cable modem through a Lingo voIP box which I assume functions the same way as a router.  From the posts I've read,  should I assume that the Sygate tests is deriving it's results from either my Modem or voIP router?  If this is so, should I contact my ISP to configure either one of these to achieve the stealth results?

One last thing:  whoever chooses to reply to my post please write in such a way that a 6th grader could comprehend it -- I am only slightly tech savvy!

Thanks,
Max
Intel Core 2 Quad Q8400, 4gb RAM: Win7 Ultimate (x64) SP1 - CISP v5.12.256249.2599,

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11825
  • Linux is free only if your time is worthless.;-)
Re: scan.sygate.com gives me open ports ?!?
« Reply #24 on: October 09, 2006, 06:04:25 PM »
Hello Everyone,

I've been reading a lot of posts and I would really love it (I'm actually begging) if someone out there could sum up how I can stealth my ports with CPF. 

I too did the Sygate scan and only 3 of my ports showed as blocked (i.e. stealthed) while the rest are only closed.  This is the same result that I got when running the Trend Micro IS 2007 firewall which did not get favorable reviews especially compared to CPF.  Suprisingly enough, I tried the Look and Stop firewall and that gave me the best results thus far, blocking all ports that are most likely to be used for Trojans.  And it did without me tweaking anything on my computer, peripherals or the software itself.

I am running a cable modem through a Lingo voIP box which I assume functions the same way as a router.  From the posts I've read,  should I assume that the Sygate tests is deriving it's results from either my Modem or voIP router?  If this is so, should I contact my ISP to configure either one of these to achieve the stealth results?

One last thing:  whoever chooses to reply to my post please write in such a way that a 6th grader could comprehend it -- I am only slightly tech savvy!

Thanks,
Max

Hey Max,

Before we can help, we would need to  see how your network rules are currently set up, as the default setup should set all ports to stealth.

Open CPF and click on the SECURITY button at the top of the window.
Now click on the NETWORK MONITOR button onthe left hand side of the window.
This will display the network rules.
Press and hold the ALT key and tap the PRT SCR button.
This will take a snapshot of the current window to the clipboard.
Open up whatever grahpics package, click EDIT - PASTE.
This will insert the snapshot of the Network Monitor window.
Save this image as a JPG.
Open up this topic and click REPLY.
Below where you type in the text is "AdditionalOptions" in red.
Clicking this displays the attachment options.
Attach the saved JPG of your network rules.
Add whatever text you feel may help and click POST.

Hope this helps,
Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline max2

  • Comodo Family Member
  • ***
  • Posts: 87
Re: scan.sygate.com gives me open ports ?!?
« Reply #25 on: October 09, 2006, 07:15:38 PM »
Ewen,

Thanks for the reply and I will be sending you the screenshot as soon as I get home which will be in the next few hours (around 7pm pst).  Hopefully, you'll be online still at that time.

Max
Intel Core 2 Quad Q8400, 4gb RAM: Win7 Ultimate (x64) SP1 - CISP v5.12.256249.2599,

Offline max2

  • Comodo Family Member
  • ***
  • Posts: 87
Re: scan.sygate.com gives me open ports ?!?
« Reply #26 on: October 09, 2006, 11:51:34 PM »
Ewen,

Hopefully you will see this still tonight -- attached is the .jpg of what you requested. 

You should know that when I came home tonight IE could not find any websites.  My connection to the internet was just fine but for some reason I couldn't go anywhere.  I decided to stop CPF, I re-enabled Trend's firewall, rebooted and when it came back up, IE connected again.  I should let you know now that I only disabled Trend's firewall but I did not uninstall the it.  Could this conflict with CPF?  In case you were wondering, Windows firewall is also disabled.  You should also know that as I type this I have once again disabled TM's firewall and re-enabled CPF and all seems to be well.  What does all this mean?

Thanks again,
Max

[attachment deleted by admin]
Intel Core 2 Quad Q8400, 4gb RAM: Win7 Ultimate (x64) SP1 - CISP v5.12.256249.2599,

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11825
  • Linux is free only if your time is worthless.;-)
Re: scan.sygate.com gives me open ports ?!?
« Reply #27 on: October 10, 2006, 12:36:57 AM »
Ewen,

Hopefully you will see this still tonight -- attached is the .jpg of what you requested. 

You should know that when I came home tonight IE could not find any websites.  My connection to the internet was just fine but for some reason I couldn't go anywhere.  I decided to stop CPF, I re-enabled Trend's firewall, rebooted and when it came back up, IE connected again.  I should let you know now that I only disabled Trend's firewall but I did not uninstall the it.  Could this conflict with CPF?  In case you were wondering, Windows firewall is also disabled.  You should also know that as I type this I have once again disabled TM's firewall and re-enabled CPF and all seems to be well.  What does all this mean?

Thanks again,
Max

Hey Max,

Does the Lingo VOIP box have an IP address? If so, you should define a zone that covers all the IPs used by your PCs and the VOIP box. This zone should then be set as trusted.

You really should only have one firewall installed at the one time. Simply disabling the other firewall may or not be the same as uninstalling it. For example, if you manage to terminate cmd.exe and cpfagent.exe (two of the main components of CPF), its system level driver (inspect.sys) is still running and enforcing the current rules.

I'd recommend that you uninstall one or the other (which is entirely up to you, but my natural preference is for CPF), reboot and retest before you try any other modifications to any firewall. Let's try and get back to a relatively know start position, before we start juggling options.

Hope this helps,
Ewen :-)


As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline max2

  • Comodo Family Member
  • ***
  • Posts: 87
Re: scan.sygate.com gives me open ports ?!?
« Reply #28 on: October 10, 2006, 02:47:30 AM »
Ok I figured that dualing firewalls wasn't a good idea so I uninstalled TM's and reinstalled CPF.  I went back to the Sygate test site and I still got the same results; quickscan shows only 4 out of a possible 27 ports are stealthed and 2 (ICMP & HTTP) are open.  The rest are closed. 

Any suggestions?
Intel Core 2 Quad Q8400, 4gb RAM: Win7 Ultimate (x64) SP1 - CISP v5.12.256249.2599,

Offline Shemp Howard

  • Comodo Loves me
  • ****
  • Posts: 174
Re: scan.sygate.com gives me open ports ?!?
« Reply #29 on: October 10, 2006, 05:32:45 AM »
Ok I figured that dualing firewalls wasn't a good idea so I uninstalled TM's and reinstalled CPF.  I went back to the Sygate test site and I still got the same results; quickscan shows only 4 out of a possible 27 ports are stealthed and 2 (ICMP & HTTP) are open.  The rest are closed. 

Any suggestions?

Hi, have looked at the cpf logs after a scan to see if any ports were indeed tested?
What brand name and model  modem are you using ?
« Last Edit: October 10, 2006, 05:39:32 AM by BorderlineCrazy »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek