|
Posted by jameshanley39@yahoo.co.uk on June 22, 2007, 1:50 pm
If you were Registered and logged in, you could reply and use other advanced thread options
is there a port scanner that says open/closed/stealth?
I know stealth isn't any better than closed. However, the reason why I
ask about one is because , for my LAN, suppose I have a comp on whome
I want to know if it's running a firewall.
There's an easy to check that works for comps on my LAN - it works
easily on my LAN 'cos it's not going through a router.
The windows firewall, and other software firewalls like sygate or
norton, stealth ports. And they tend to do so to all ports except ones
specified.
If I scan a comp and see a port e.g. 451 is CLOSED that indicates to
me that no software firewall is running. If I scan it and it says
STEALTH, then it indicates that it is.
This is useful.. Because for troubleshooting, sometimes, I wonder if a
comp is running a firewall.
e.g. I've had a comp that couldn't access the internet.. As far as
I knew it didn't have a firewall. It turned out that a broken software
firewall was stopping it. One that hadn't uninstalled properly
Another example. I had a laptop, I couldn't ping it for some
reason.
I didn't think it likely that it was running a firewall. But I was
aware that a firewall often blocks ping. I couldn't see one, and pre
sp2 there's no firewall icon. Turned out that win xp , pre xp2, has a
firewall - ICF. I wasn't aware of that. If I could have tested to see
if it had a firewall it'd have been quicker. A way to test would've
been to see if ports wre stealthed.
Up until now, I have tested this by opening some port on my router,
then scanning that port with an online port scanner, like GRC. But my
beloved current router, as nice as it is, working beautifully. It has
a nasty non-geeky user interface, and I really can't stand doing any
port forwarding on it. I'd much rather just test it from one comp on
my LAN, to another. Then I don't have to touch the router.
The online port scanners say open or closed or stealth. I'm wondering
if a software one does.
TIA
|
|
Posted by Ansgar -59cobalt- Wiechers on June 22, 2007, 6:37 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> is there a port scanner that says open/closed/stealth?
Most port scanners (nmap being the most prominent example) correctly
report ports as either open, closed or filtered. There's no such thing
as "stealth".
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
|
|
Posted by Sebastian G. on June 22, 2007, 8:08 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>> is there a port scanner that says open/closed/stealth?
>
> Most port scanners (nmap being the most prominent example) correctly
> report ports as either open, closed or filtered. There's no such thing
> as "stealth".
Sadly most port scanners, including some based on Nmap, have bad frontends
that are either broken (thus reporting stuff that has never been measures by
the backend, or belongs to a different session) or spill the reports
(including a mapping of words (open,closed)->"open, insecure, bad", closed
-> "stealth, secure, good" as well as bad filtering and transformation).
So better use Nmap directly or some known good frontend (like
<http://linux-sec.net/Audit/nmap.test.gwif.html>).
|
|
Posted by jameshanley39@yahoo.co.uk on June 23, 2007, 8:22 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> > is there a port scanner that says open/closed/stealth?
>
> Most port scanners (nmap being the most prominent example) correctly
> report ports as either open, closed or filtered. There's no such thing
> as "stealth".
>
> cu
> 59cobalt
thanks, that does work nicely.
|
| Similar Threads | Posted | | Firewall or Port Scanner | August 2, 2006, 5:51 am |
| Port 113 is closed | September 3, 2005, 4:12 am |
| IIS 5.0 installed. Port 80 closed | May 12, 2005, 1:05 pm |
| port 6112 closed due to security"? | March 15, 2005, 6:43 pm |
| Port closed but no firewall is running | March 21, 2007, 10:30 am |
| iptables port forwarding - port is filtered, needs to be open | March 11, 2005, 4:15 pm |
| Cannot Stealth port 113 | December 22, 2005, 4:18 pm |
| Firewall/antivirus software to detect stealth malware | February 5, 2007, 3:37 am |
| How to stealth Port 113 in my NAT Router | July 26, 2004, 12:44 pm |
| D-Link 624 - Cannot Stealth Port 445 | February 9, 2005, 1:32 pm |
|
XML site map