Outpost blocks everything

That's what I have been doing, but SOME firewall checkers indicate port not stealthed. Does that matter. Outpost always indicated all were invisible.

No, I don't think it matters. What counts is that the port is closed. The stealth thing is a personal FW term that's hyped up. I myself would much rather have the port closed and an response sent back that the port is closed and have a scan move on as opposed stealthed and closed with nothing sent back, which to me is also and indication that something is there due to the non response. I don't think stealth buys you anything. And some clueless hacker may try to lock on and hammer instead of getting the response back all ports are closed and just moves on.

You want the machine to be stealthed, put the machine behind a packet filtering FW router -- then it's stealthed as unsolicited inbound traffic never reaches the machine for it to respond.

The only thing that the XP FW cannot do is stop outbound traffic but you can stop inbound or outbound by port, protocol or IP with IPsec to supplement the XP FW.

Duane :)

No, I don't think it matters. What counts is that the port is closed. The stealth thing is a personal FW term that's hyped up. I myself would much rather have the port closed and an response sent back that the port is closed and have a scan move on as opposed stealthed and closed with nothing sent back, which to me is also and indication that something is there due to the non response. I don't think stealth buys you anything. And some clueless hacker may try to lock on and hammer instead of getting the response back all ports are closed and just moves on.

You want the machine to be stealthed, put the machine behind a packet filtering FW router -- then it's stealthed as unsolicited inbound traffic never reaches the machine for it to respond.

The only thing that the XP FW cannot do is stop outbound traffic but you can stop inbound or outbound by port, protocol or IP with IPsec to supplement the XP FW.

Duane :)

The only thing that bothers me is that

me that port 80 is open and insecure as does a-squared while others including Shields-Up tell me all is fine. I am on ADSL broadband if that has any bearing.

So? Unless a port is OPEN, nothing can happen to you. "Stealth" is an invention of some crazy marketing people, it doesn't have anything to do with network security.

Juergen Nieveler

You don't need Outpost. Just use the Windows-Firewall.

Yours, VB.

Jim Scott wrote in news:b65jhf6zkd4o$. snipped-for-privacy@ID-104726.news.individual.net:

What kind of connection type the machine has to the Internet doesn't matter.

How can the port be open on one test and not the other one? I don't trust the scanners that much in the first place, which are often misleading and erroneous.

You could try some others scanners and what I would do is enable the XP FW logging and look at the log and see what's really happening with the scanner traffic. I doubt that the port is open.

You should look into IPsec with the AnalogX configuration file and enable the AnalogX rules and see what happens with the scans. Ipsec is very powerful. The only thing is that it blocks all high ports when trying to do a file download and either you disable IPsec or learn how to make the rules to open the port. But other than that, Ipsec is not going to interfere and is rock solid protection in supplementing the XP FW or any other PFW as far as that is concerned.

Duane :)

It would seem it does. I don't use a proxy, but 'auditmypc' tells me there is one. PCflank says it cannot determine my IP address, while Shields-Up seems to find one ok and gives it a clean bill of health (including no mention of open port 80) a-squared (I do NOT shutdown my XP firewall as it suggests) comes up with open ports at 8080, 80, 53, 22, 3128, none of which are mentioned in any other scan. Nor does it mention a proxy. Sygate Online clears the ports that a-squared says are open. Oh and it comes up with an IP address (same as Shields-up)

Confused? You bet!

Jim wrote on Tue, 30 Aug 2005 10:55:02 GMT:

Does your ISP force you through a proxy? If so, then the checks are done against the proxy, not your PC/router/modem/etc., and so will likely show port 80 open. What you need to do is check that the IP that is shown on these online tests really is your currently allocated IP address. It doesn't help that HackerWatch doesn't appear to tell you the IP that it's running the tests against.

Dan

If I 'run' that from here XP SP2 a dos box pops up and vanishes before O have time to blick.

Jim Scott wrote in news:1cr942phs370v$. snipped-for-privacy@ID-104726.news.individual.net:

You enter CMD in the Run box that takes you to DOS Command Prompt and then you enter the command.

You should hold off on IPsec :)

Duane :)

This works fine and gives me this but what am I looking for?

Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp.

C:\\Documents and Settings\\Jim>netstat -a

Active Connections

Proto Local Address Foreign Address State TCP a1jims:epmap a1jims:0 LISTENING TCP a1jims:microsoft-ds a1jims:0 LISTENING TCP a1jims:netbios-ssn a1jims:0 LISTENING TCP a1jims:2605 h-204-29-187-156.netscape.com:563 ESTABLISHED TCP a1jims:2606 h-204-29-187-156.netscape.com:563 ESTABLISHED TCP a1jims:1025 localhost:1026 ESTABLISHED TCP a1jims:1026 localhost:1025 ESTABLISHED TCP a1jims:1027 a1jims:0 LISTENING TCP a1jims:2076 localhost:2077 ESTABLISHED TCP a1jims:2077 localhost:2076 ESTABLISHED TCP a1jims:2599 localhost:2600 ESTABLISHED TCP a1jims:2600 localhost:2599 ESTABLISHED TCP a1jims:12025 a1jims:0 LISTENING TCP a1jims:12080 a1jims:0 LISTENING TCP a1jims:12110 a1jims:0 LISTENING TCP a1jims:12110 localhost:3085 TIME_WAIT TCP a1jims:12119 a1jims:0 LISTENING TCP a1jims:12143 a1jims:0 LISTENING UDP a1jims:microsoft-ds *:* UDP a1jims:isakmp *:* UDP a1jims:1041 *:* UDP a1jims:1051 *:* UDP a1jims:1052 *:* UDP a1jims:1053 *:* UDP a1jims:4500 *:* UDP a1jims:ntp *:* UDP a1jims:netbios-ns *:* UDP a1jims:netbios-dgm *:* UDP a1jims:1900 *:* UDP a1jims:ntp *:* UDP a1jims:1900 *:* UDP a1jims:2803 *:*

ShieldsUp uses a HTTPS-session to check your IP - transparent proxies usually ignore HTTPS as there's nothing to proxy.

If the other sites report the wrong IP, they probably only check your HTTP-request - which will show the proxy.

Juergen Nieveler

If my ISP is taking me through a proxy then won't they be using a firewall on it?

I will :o)

Volker Birk wrote in news: snipped-for-privacy@news.uni-ulm.de:

The last time I use *command* was on a Win9X too many years ago.

BTW, your link about the services is OK but for the non-technical types, I like to present the link below that is more user friendly in shutting down services that close ports, along other security implementation that can be done on the XP O/S.

I aso think that getting Win 2K, XP, or Win 2k3 Resource Kit book is very helpful also.

Duane :)

No, not at all.

It's impossible to "stealth" a computer in the Internet. This is just an advertizing gimmick.

Surprising?

Why this is, I explained in .

Yours, VB.

tell me:

--------------------------------- snip ------------------------------------ Closed but Unsecure

21 (FTP)

This port is not being blocked, but there is no program currently accepting connections on this port.

Secure

23 (Telnet)

This port is completely invisible to the outside world.

Secure

25 (SMTP Mail Server Port)

This port is completely invisible to the outside world.

Secure

79 (Finger)

This port is completely invisible to the outside world.

Secure

80 (HTTP)

This port is completely invisible to the outside world.

Secure

110 (POP3 Mail Server Port)

This port is completely invisible to the outside world.

Secure

139 (Net BIOS)

This port is completely invisible to the outside world.

Secure

143 (IMAP)

This port is completely invisible to the outside world.

Secure

443 (HTTPS)

This port is completely invisible to the outside world.

Test complete.

Reachable ports were found. If these ports were not deliberately left open, there may be a problem with your firewall operation or configuration.

--------------------------------- snap ------------------------------------

This is complete nonsense.

I'm running Debian GNU/Linux on an Apple Powerbook for this test. Nothing is filtered or dropped, but no network service is offered on any port on the NIC but the DHCP client:

--------------------------------- snip ------------------------------------ parametium:~ # lsof -i COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME dhclient 2260 root 5u IPv4 2542 UDP *:bootpc master 2614 root 11u IPv4 3127 TCP localhost:smtp (LISTEN) pmud 2822 root 7u IPv4 3445 TCP localhost:879 (LISTEN) ssh 3128 vb 3u IPv4 4182 TCP 192.168.1.65:35353->wallaby:ssh (ESTABLISHED) ssh 3131 vb 3u IPv4 4641 TCP

192.168.1.65:55264->wega.rz.uni:ssh (ESTABLISHED) mutt 3173 vb 3u IPv4 4674 TCP 192.168.1.65:48961->mail.logix:imaps (ESTABLISHED) ssh 3222 vb 3u IPv4 4653 TCP 192.168.1.65:32794->sifter.ath.cx:ssh (ESTABLISHED) ssh 3222 vb 4u IPv4 4676 TCP localhost:5000 (LISTEN) ssh 3222 vb 5u IPv4 4699 TCP localhost:5000->localhost:32769 (ESTABLISHED) vtund 3236 root 4u IPv4 4698 TCP localhost:32769->localhost:5000 (ESTABLISHED) ssh 3250 vb 3u IPv4 4720 TCP 10.23.3.10:57009->slater:ssh (ESTABLISHED) firefox-b 3256 vb 26u IPv4 4843 TCP 192.168.1.65:42919-> (ESTABLISHED) firefox-b 3256 vb 29u IPv4 5018 TCP 192.168.1.65:58439-> (ESTABLISHED) firefox-b 3256 vb 38u IPv4 4848 TCP 192.168.1.65:49988->probe.hackerwatch.org:www (ESTABLISHED) parametium:~ #

--------------------------------- snap ------------------------------------

What they're telling you, is just for the trashbin.

Yours, VB.

Please tell me, what operating system you're driving on this box. Usually, there is an OS command to see what's really goin' on.

With Windows and most of the *NIXes, this command is:

netstat -a

With Windows XP, you could use

netstat -ao

Yours, VB.