You have nothing to fear about grc.com. If anything Steve Gibson want's
to protect your privacy. He even goes as far as mailing a confirmation
email to you that you have to reply to. Once you reply, you are queued
for a scan. grc.com is an interesting site. The dude is into writing
most everything in assembler. He seems pretty picky and maybe his work
is more acturate. I keep meaning to scan my firewall with nmap. nmap
will look at the signature of your TCP stack and take a guess at your
OS.
Greg
"Glenn A. Thompson" wrote:
>
> Hey,
> I'm a newbie also. I have a question. Doesn't using these "testing" sites say;
> hey, here I am come and get me?
> I mean are they really to be trusted? I know it's nice to know how secure you
> are but I'm afraid to use them.
>
> Glenn
>
> Dan wrote:
>
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > D I S C L A I M E R
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > I am a newb to this, but I am using the same system you guys are. My
> > response here is a "guess" to see if my thinking is correct. Please don't
> > confuse it with the well-informed
> > input I hope it will draw :)
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > My first guess: In looking thru my own filter rules, I notice the
> > following:
> >
> > 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0
> > * -> 137
> > 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0
> > * -> 135
> > 257 20046 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0
> > * -> 137
> > 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0
> > * -> 135
> > 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0
> > * -> 138:139
> > 146 34019 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0
> > * -> 138
> >
> > ... and so forth. My _guess_ is that the default config "rejects" these
> > packets, which sends back a message to the probing machine that allows it to
> > determine that the port in fact exists and is responding. If the probe app
> > is "dumb" it will report ANY reply as "vulnerable." Most other filters in
> > E2B seem to use DENY, but if I am correct, there are some comments in the
> > E2B scripts related to Windows doing "braindead things" --- this may be part
> > of the cure for that, as these are Windows default networking ports.
> >
> > As far as the 1080, that's SOCKS --- I don't know why it is showing for all
> > of us (myself included). I am definitely NOT running any such proxy here.
> > Port 3128 is not one I can find any info on.
> >
> > My last guess is this: the probe app is a POS, and not to be trusted.
> >
> > Dan
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Robert
> > Chambers
> > Sent: Tuesday, June 26, 2001 11:35 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [Leaf-user] Firewall testing
> >
> > I have also tried this site, and the same for me open ports 135, 137, 138,
> > 139 and visable ports 1080, 3128. I am also running Eigerstien2beta.
> > When I test my system with Steve Gibson's site grc.com it says that I am a
> > hard target and all ports that are tested are in stealth mode.
> > Robert Chambers
> >
> > Michael Leone wrote:
> >
> > > On 09 Jun 2001 08:55:01 -0400, Sean E. Covel wrote:
> > > > To all,
> > > >
> > > > This is an interesting new test site. Uses IP Spoofing, so it does not
> > > > set off portsentry (first test that DIDN'T) It was also the first test
> > > > ever to say I had ports open/visible. I'm using EB2 LRP, and have been
> > > > on it awhile. I'm no expert, so could some of you experts take a look
> > > > at the tests (there are 2) and tell me what you see?
> > >
> > > This is the only scan I've ever taken (with EigerSteinBeta2) that told
> > > me I have ports 135, 137, 138 and 139 open. And ESB2 by default closes
> > > these ports.
> > >
> > > Also, it says port 21 (ftp), 80 (web) is open for me. This is true. Yet
> > > somehow, the scan missed port 22 (SSH), and port 113 (ident), both of
> > > which I am also running, and therefore should both show as open.
> > >
> > > Also says some of the 'scare' ports - 27374, 31337, etc (the ports that
> > > SubSeven, Back Oriface, and others use) - are visible, but not open.
> > >
> > > Makes me wonder about this scan. It missed some blatent ones, and
> > > reported on other ports that other scan sites did not.
> > >
> > > --
> > >
> > > ------------------------------------------------------------------
> > > Michael J. Leone Registered Linux user #201348
> > > <mailto:[EMAIL PROTECTED]> ICQ: 50453890
> > > PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
> > >
> > > Pysche closed for renovations.
> > >
> > > _______________________________________________
> > > Leaf-user mailing list
> > > [EMAIL PROTECTED]
> > > http://lists.sourceforge.net/lists/listinfo/leaf-user
> >
> > _______________________________________________
> > Leaf-user mailing list
> > [EMAIL PROTECTED]
> > http://lists.sourceforge.net/lists/listinfo/leaf-user
> >
> > _______________________________________________
> > Leaf-user mailing list
> > [EMAIL PROTECTED]
> > http://lists.sourceforge.net/lists/listinfo/leaf-user
>
> _______________________________________________
> Leaf-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/leaf-user
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user