scan.sygate.com gives me open ports ?!?

somethin strange is happening…

Hacker watch - simple probe and port scan - everything is ok - stealthed
Shilds Up from grc.com - all tests - everything ok - stealth
PCFlank.com:
Advanced Port Scanner - all ports are stealthed except 21,135 just closed
Trojans test - stealthed except 123,146,623,901,902,903 - closed

scan.sygate.com:
Quick scan - stealthed
Stealth scan - stealthed
TCP scan - stealthed
and now !!!
UDP scan - “We have determined that you do not have any firewall blocking UDP ports!”
OPEN PORTS 21, 23, 25, 67, 79, 80, 110, 113, 139, 1080, 1900, 8080
Results from UDP scan of commonly used trojans at IP address xxx.xxx.xxx.xxx: OPEN PORTS 6776, 12345, 20034, 31337, 54320, 54321

should I worry ?!? is it some bug at sygate as I assume that this type of scan from scan.sygate.com is also performed at pcflank, shilds up, hacker watch and everything seems to be well ?!?

I’m using Comodo PF 2.3.5.62 , NOD32 2.51.30 , all windows xp sp2 Pro updates present, Spy Sweeper 5.0.7 (build 1608)

Thanks

Hi,

Can you please tell me what your Network Monitor settings are? Also are you behind a router firewall? Because if you are the scan will be testing your router’s firewall not your Comodo Firewall.

Hi,

I’m on Cable connection … LAN … is this the answer on your question ???

Hi,

Sorry I should have been more specific, I meant the network monitor settings in your Comodo Firewall.

I did not touch rules created when installing comodo PF , just added 2 more rules to enable microtorrent and dc++ , I did it following instructions at comodo forum , just 3 ports are opened by this rules for incoming connections

or I should make this rules at Application monitor ???

Hi,

Before ever making rules in the network monitor I would always recommend trying to get the program to work in the application monitor. First I would delete the rules you created and scan with your online test. If the online test is showing that the ports are closed like they should be then go to the application in the application monitor click on the application then click edit, then click Allow all activities for this application, then check the Allow Invisible Connection Attempts and Skip Advanced Security Checks boxes, then see if the program will work. However if your ports are still showing that they are opened after you have deleted the rules you have made then there is some setting in the network monitor that is allowing these connections through, and we may need to edit them.

thanks, I’ll try your suggestion

I removed all DC++ and microtorrent rules from network monitor and application monitor, restarting PC 3 times, and again a strange situation:
every time i do the UDP scan i get different results about what ports are open, also once was " We have determined that you HAVE firewall blocking UDP ports!.." and after clearing the browser cache and restarting browser there is again "We have determined that you DO NOT HAVE any firewall blocking UDP ports! " and open ports - different from previous scan

Hi,

That is very strange indeed, could you please list the rules you have in your Network Monitor, and their settings?

G’day,

Does your cable connection connect to a router and your LAN then connects to this?

Or does your connection connect to a modem which is connected directly to your PC?

If you are behind a router, then the scans are reporting the port status of the first filtering device it finds on the return path back to you, which would be your router, not the PC running CPF.

Hope this helps,
Ewen :slight_smile:

attached jpg file

[attachment deleted by admin]

Hi,

This is very strange, your network monitor settings seem fine, the only thing I noticed that didn’t make sense is Rules #4, and 5, #4 says that you will allow IP’s to have outgoing connections, but Rule #5 says that you will not allow IP’s to have incoming or outgoing connections, I would change Rule#5 to just blocking Incoming connections, other then that everything looks fine. I truly have no idea why your results are appearing the way they are, what Components in the Firewall do you have enabled? What is your Protection Strength rating?

no the same thing again +
after 10-15 UDP scan in the same browser - Opera 9 - and allways getting different open ports and just once " We have determined that you have a firewall blocking UDP ports! We are unable to scan any more UDP ports on IP:xxxxxx "
I tried with this: I started IE6, Firefox 1.5.0.7 and Opera 9.02 and started test on all browsers - different opened ports on every results (:AGY)
my component rules was at learn mode, i didn’t add anything there comodo added components during my allow/deny to the programs , I tried with switch it to ON mode but the results are the same … I’ll see tomorrow to reinstall comodo PF and see what will happen, thanks for your help !!!

What port scans are you using for this? Is it possible that it is just the scan that is strange? Or are you using different port scans and they are coming up with the same open ports?

scan.sygate.com UDP scan - allways scan the same ports 20,21,22,23,25,53,59,67,79,80,110,…
on the first scan my open ports are - let’s say 20,21,25,67,100 other ports are closed
on the second scan my open ports are - 20,25,53,79,80 other ports closed
tha third scan - open ports 23,53,79,100,…

my connection is just my PC → cable modem —> internet

I think that something is wrong with sygate UDP scan , this shoul be impossible once to show that " We have determined that you have a firewall blocking UDP ports! We are unable to scan any more UDP ports on IP:xxxxxx " and for the next 5 scans to show allways different ports opened and after that " you have firewall…" and so on.
I will reinstall CPF and only allow Opera browser to connect to the internet and do the scan … with all set at default settings in CPF

UDP Scan is a very strange scan…
It showed that some of my ports are closed (the most). And there are the words: “This means that you are not running any application on this port, but it is still possible for someone to crash your computer through known TCP/IP stack vulnerabilities.”
But I know, that there is a running application on this port. Comodo blocked the connection.
Moreover, it has showed to me that I have NetBIOS port opened. That cannot be true, cause NetBIOS service has been stopped on my PC.
And more… Quick scan shows that I’m using OS Linux and browser IE 6.0. The fact is that they’re twice wrong. I use WinXP SP 2 and my browser is Opera 9.02!

PS
I have a direct connection to internet. No proxies (except local one, but when I was doing tests, I had turned it off), no NATs, no router firewalls.

I’m giving up, I reinstalled CPF and just allowed Opera 9.02 (any/any TCP/UDP Out ) . After 4 sygate UDP scans and " you have firewall" at the 5th scan " you don’t have firewall… " and many open ports. (:AGY)

Hey Ivan,

What do the CPF logs say when you are running this scan? If scan.sygate.com says these ports are open, but the CPF logs say access is denied to these ports then I would say it’s a problem with Sygate and not CPF.

UDP scanners work like this way:

1 - Try to connect a UDP port,
2- Wait for ICMP Port Unreachable message
3- If no ICMP message is received, then the port is OPEN or STEALTH.

If you have a LAN or 2 PCs connected to each other, I recommend using nmap port scanner downloadable from http://www.insecure.org(IMHO, the best hacker tool ever written).

Good luck,
Egemen