++ PC Flank のFirewall/Server Test と項目別のTest のメモです++

PC Flank のFirewall/Server Test と項目別の Test のメモです。

ご参考まで




Port Scan Results
Please wait. A Port Scan requires from 5 seconds to 3 minutes to complete.Your screen will automatically scroll as your port scan results are displayed. This free port scan will test 22 of the 500 most commonly used communication ports on your computer/server.

Automatic Connection Analyzer
Your computer reported an IP address of 220.28.xxx.xxx, but your actual IP address is xxx.xxx.xxx.xxx.

There is a router, proxy, or firewall between you and the Internet. Your port scan results may reflect the security of your router, firewall or proxy instead of your computer.
Program Port Status Explanation
FTP 21 Stealth File Transfer Protocol (FTP) allows users to transfer files to other computers over the Internet. A poorly configured FTP server allows hackers to copy your files, install trojan applications on your computer or obtain unauthorized remote command prompt access to your computer
SSH 22 Stealth Secure Shell (SSH) uses encryption to secure information sent over a network. While it typically improves security there are numerous problems with older versions of SSH which may allow brute force attacks.
Telnet 23 Stealth Telnet allows a remote user to access your computer and perform commands. It is suspectible to brute force attacks and clear text password sniffing. A computer is misconfigured if this port is open. Use SSH instead.
SMTP 25 Stealth SMTP is used to send email. There are numerous vulnerabilities with SMTP such as unauthorized hard disk file access, username verification or SPAM email redirection.
DNS 53 Stealth Domain Name Services are used to tell other computers what your IP address is. There are several exploits associated with this service.
Finger 79 Stealth Finger provides information such as usernames and usage information. Turn this service off or block this port to stop others from gaining valuable system information.
HTTP 80 Open World Wide Web services allow you to publish web pages to the Internet. There are hundreds of severe security vulnerabilities associated with this service. Keep your WWW server software updated.
POP3 110 Stealth Post Office Protocol(POP) software downloads email. Hackers may use weaknesses in POP to intercept your email, create fictitious mail accounts or gain remote access to your computer.
NetBIOS 139 Stealth NetBIOS is used by Microsoft Windows and some UNIX/Linux programs to share files. If your hard disk is shared improperly (write access to everyone without authentication) you may be giving the world access to your hard disk. (Trojan files can be copied to your computer.) Make sure this port is closed and your hard drive shares are configured properly.
SNMP 161 Stealth Simple Network Management Protocol (SNMP) port may allow a hacker to obtain information about your computer. There are also security vulnerabilities associated with this port. You should turn off this service if you don't need it.
SSL 443 Stealth HTTP servers use Secure Sockets Layer (SSL) to encrypt data from web browsers. There are hundreds of severe security vulnerabilities associated with this service. Keep your WWW server software updated.
MS DS 445 Stealth Microsoft Directory Services is used by Microsoft Networks for security authentication. Typically this port should not be exposed to the Internet.
Socks Proxy 1080 Stealth An unsecured SOCKS Proxy may disqualify you from IRC server access. Make sure this port is closed.
KaZaA 1214 Stealth KaZaA is a popular peer-to-peer file-sharing program with many known vulnerabilities and at least one known worm (Benjamin) targeting it.
UPnP 5000 Stealth Universal Plug and Play allows your computer to automatically integrate with other network devices. There are known security vulnerabilities associated with this service
HTTP Proxy 8080 Stealth HTTP Proxy provides a way for a hacker to pretend to be your computer. Others who may have been hacked may see your computer address and want you to justify why you hacked them.

Trojan Port Scan Results for: 220.28.xxx.xxx
Program Port Status Trojans Common to Port
Trojan 6776 Stealth 2000 Cracks, BackDoor-G, SubSeven, VP Killer
Trojan 7000 Stealth Exploit Translation Server, Kazimas, Remote Grab, SubSeven, SubSeven 2.1 Gold
Trojan 12345 Stealth Ashley, Cron/Crontab, Fat Bitch trojan, GabanBus, icmp_client.c, icmp_pipe.c, Mypic, NetBus, NetBus Toy, NetBus worm, Pie Bill Gates, Whack Job, X-bill
Trojan 20034 Stealth NetBus 2.0 Pro, NetBus 2.0 Pro Hidden, NetRex, Whack Job
Trojan 27374 Stealth Bad Blood, Ramen, Seeker, SubSeven, SubSeven 2.1 Gold, Subseven 2.1.4 DefCon 8, SubSeven Muie, Ttfloader
Trojan 31337 Stealth Back Fire, Back Orifice 1.20 patches, Back Orifice (Lm), Back Orifice Russian, Baron Night, Beeone, BO client, BO Facil, BO spy, BO2, Cron/Crontab, Freak88, Freak2k, icmp_pipe.c, Sockdmini


Stealth Test
With the help of the Stealth test you can determine if your computer is visible to the others on the Internet. You can also use this test to determine if your firewall is successful in making ports of your system stealthed.

To determine if your system is visible to the other on the Internet (or your firewall stealthes your system) we will send the following packets to TCP:1 port of your machine:

TCP ping packet
Description: An uniquely configured TCP packet with the ACK flag set to a probable port number
TCP NULL packet
Description: An uniquely configured TCP packet that contain a sequence number but no flags
TCP FIN packet
Description: The TCP FIN scanning is able to pass undetected through most personal firewalls, packet filters, and scan detection programs. The scan utilizes TCP packet with the FIN flag set to a probable port number.
TCP XMAS packet
Description: The TCP packet with the URG, PUSH(PSH) and FIN flags set to a probable port number.
UDP packet
Description: An uniquely configured UDP packet with empty datagram.
Each packet represents various scanning techniques (i.e. TCP NULL packet represents TCP NULL scanning technique). Most of the techniques are widely used by the hackers. If your system (or firewall) sends any response on any of the packets, it will mean that system is visible (non-stealthed) to the other on the Internet.

In the results of the test you will see the status(stealthed/non-stealthed) of each sent packet so you can determine what technique has tricked your system (firewall).

The test begins when you click on "Start Test".

ATTENTION!
By clicking the button "Start Test" you confirm your consent of the following statements:

Your computer will be scanned and checked by our scanner;
The results of your test will remain confidential and will not be given to any third party;
The test does not give a sound basis for legal claims of irreversible consequences to your computer;

IP Address test
The test has determined your IP address to be:
220.28.xxx.xxx

Please verify that this is your true IP address.

If the IP address determined by the test is not your true IP address please cancel the test as further results of the test would be incorrect. Commonly the test fails to determine your true IP address because of you are connected to the Internet through a proxy-server or your ISP uses Network Address Translation (NAT) to share IP addresses.

If this is your true IP address click on "Continue" to determine the settings of the test.

Note:if your computer or ISP uses a corporate firewall, ask your system administrator for permission for further scanning of your IP.

The results of Stealth Test


We have sent following packets to TCP:1 port of your machine:

TCP ping packet
TCP NULL packet
TCP FIN packet
TCP XMAS packet

UDP packet
Here is the description of possible results on each sent packet:
"Stealthed" - Means that your system (firewall) has successfuly passed the test by not responding to the packet we have sent to it.
"Non-stealthed" - Means that your system (firewall) responded to the packet we have sent to it. What is more important, is that it also means that your computer is visible to others on the Internet that can be potentially dangerous.

Packet' type Status
TCP "ping" stealthed
TCP NULL stealthed
TCP FIN stealthed
TCP XMAS stealthed
UDP stealthed

Recommendation:
Your computer is invisible to the others on the Internet!


Browser Test
This test will check if your browser reveals any of your personal information. This might be the sites you have visited, the region you live in, who your Internet Service Provider is, etc. The test will recommend specific settings of your browser for you to change.

The test begins when you click on "Start Test".

ATTENTION!
By clicking the button "Start Test" you confirm your consent of the following statements:


Your computer will be checked by our scanner;
The results of your test will remain confidential and will not be given to any third party;
The test does not give a sound basis for legal claims of irreversible consequences to your computer;

IP Address test
The test has determined your IP address to be:
220.28.xxx.xxx

Please verify that this is your true IP address.

If the IP address determined by the test is not your true IP address please cancel the test as further results of the test would be incorrect. Commonly the test fails to determine your true IP address because of you are connected to the Internet through a proxy-server or your ISP uses Network Address Translation (NAT) to share IP addresses.

If this is your true IP address click on "Continue" to determine the settings of the test.

Note:if your computer or ISP uses a corporate firewall, ask your system administrator for permission for further scanning of your IP.
Results of the test:
Cookies check


 Safe  Your computer does not save special cookies on your hard drive
Recommendation

Your browser (or firewall) set to block cookies so there is no risk to your privacy.
Referrer check

Danger!  While visiting web sites your browser reveals private information (called 'referrer') about previous sites you have visited.
Recommendation

We advise you to get personal firewall software. If you already have a firewall program adjust it to block the distribution of such information (referrer).
What is a referrer?
When you browse a web site, it can collect various data about you, such as the Internet address of your computer, your region, Operating System, browser type, browser version, etc. Your web browser automatically sends this information each time it locates a new web site. One of these data is the referrer, which is the location of the last site you visited. Sites keep track of this data, mostly in a general way for statistical data and marketing research. There is a growing concern that online privacy is being infringed. To safeguard your privacy we recommend getting competent firewall software to block your browser sending information about you and your computer.


Trojans Test
This test will scan your system for most dangerous and widespread Trojan horses. If a Trojan is found on your computer the test recommends actions to take.

The test will probe the ports used by the Trojans and if a port is "open" then your computer is infected.

The test begins when you click on "Start Test".

ATTENTION!
By clicking the button "Start Test" you confirm your consent of the following statements:


Your computer will be scanned and checked by our scanner;
The results of your test will remain confidential and will not be given to any third party;
The test does not give a sound basis for legal claims of irreversible consequences to your computer;

IP Address test
The test has determined your IP address to be:
220.28.xxx.xxx

Please verify that this is your true IP address.

If the IP address determined by the test is not your true IP address please cancel the test as further results of the test would be incorrect. Commonly the test fails to determine your true IP address because of you are connected to the Internet through a proxy-server or your ISP uses Network Address Translation (NAT) to share IP addresses.

If this is your true IP address click on "Continue" to determine the settings of the test.

Note:if your computer or ISP uses a corporate firewall, ask your system administrator for permission for further scanning of your IP.


Results of the test
We have scanned your computer' ports used by the most dangerous and widespread trojan horses. Here is the description of possible ports' statuses:

"Stealthed"(by a firewall) -Means that your computer is invisible to others on the Internet and protected by a firewall or other similiar software;
"Closed" (non-stealthed) - means that this port is closed, but your computer is visible to others on the Internet that can be potentially dangerous;
"Open" - Means that this port is ready to establish (or has already established) a connection with remote address. It also means that your computer is vulnerable to attacks and could have been already hacked or infected by a trojan/backdoor;

Trojan: Port Status
GiFt 123 stealthed
Infector 146 stealthed
RTB666 623 stealthed
Net-Devil 901 stealthed
Net-Devil 902 stealthed
Net-Devil 903 stealthed
Subseven 1243 stealthed
Duddies Trojan 1560 stealthed
Duddies Trojan 2001 stealthed
Duddies Trojan 2002 stealthed
Theef 2800 stealthed
Theef 3000 stealthed
Theef 3700 stealthed
Optix 5151 stealthed
Subseven 6776 stealthed
Theef 7000 stealthed
Phoenix II 7410 stealthed
Ghost 9696 stealthed
GiFt 10100 stealthed
Host Control 10528 stealthed
Host Control 11051 stealthed
NetBus 12345 stealthed
NetBus 12346 stealthed
BioNet 12348 stealthed
BioNet 12349 stealthed
Host Control 15094 stealthed
Infector 17569 stealthed
NetBus 20034 stealthed
MoonPie 25685 stealthed
MoonPie 25686 stealthed
Subseven 27374 stealthed
BO 31337 stealthed
Infector 34763 stealthed
Infector 35000 stealthed

All Trojans' ports we scanned are stealthed (probably by a firewall). This means your system is not infected by any of these Trojan horses.

Recommendation:

The absence of a Trojan horse on your system does not mean this problem cannot happen, of course. Anti-virus and/or anti-Trojan (we recommend Tauscan or PestPatrol) software should be installed and used on your system. If you already use this type of software on your system, its virus definitions (virus database) should regularly be updated.
We also recommend you to pass the Stealth test to determine if your system is absolutely stealthed and invisible to the others on the Internet.


Advanced Port Scanner
The Advanced Port Scanner will test your system for open ports that can be used in attacks on your computer.

You can select which scanning technique will be used during the test from the following:

TCP connect scanning (standard)
TCP SYN scanning

You can also select what ports of your system you want to scan: desired ports or range of ports, typical vulnerable and Trojan ports, 20 random ports or All ports


The test begins when you click on "Start Test".

ATTENTION!
By clicking the button "Start Test" you confirm your consent of the following statements:


Your computer will be scanned and checked by our scanner;
The results of your test will remain confidential and will not be given to any third party;
The test does not give a sound basis for legal claims of irreversible consequences to your computer;

IP Address test
The test has determined your IP address to be:
220.28.xxx.xxx

Please verify that this is your true IP address.

If the IP address determined by the test is not your true IP address please cancel the test as further results of the test would be incorrect. Commonly the test fails to determine your true IP address because of you are connected to the Internet through a proxy-server or your ISP uses Network Address Translation (NAT) to share IP addresses.

If this is your true IP address click on "Continue" to determine the settings of the test.

Note:if your computer or ISP uses a corporate firewall, ask your system administrator for permission for further scanning of your IP.

Advanced Port Scanner Type
Before the start of the test select the technique of scanning you want to perform and then click on "Continue" button.


TCP connect scanning (standard)
Description: The most basic form of TCP scanning.


TCP SYN scanning
Description: This technique is also known as "half-open" scanning, because the scanner doesn't open a full TCP connection. The scanner sends a SYN packet, as if it is going to open a real connection and waits for a response.

Advanced Port Scanner Settings
To start the test select the ports you want to check and then click on "Continue" button.


Scan typical vulnerable and Trojan ports


Scan desired ports and/or the range of ports.
Type in the port number and/or port range, separated by commas (example: 14, 80, 200-240).



Scan 20 random ports
Results of Advanced Port Scanner
TCP CONNECT scanning (scanned in 19 seconds)



We have scanned your computer' ports used by the most widespread trojan horses. Here is the description of possible ports' statuses:

"Stealthed" (by a firewall) -Means that your computer is invisible to others on the Internet and protected by a firewall or other similiar software;
"Closed" (non-stealthed) - means that this port is closed, but your computer is visible to others on the Internet that can be potentially dangerous;
"Open" - Means that this port is ready to establish (or has already established) a connection with remote address. It also means that your computer is vulnerable to attacks and could have been already hacked or infected by a trojan/backdoor;

Port: Status Service Description
21 stealthed FTP File Transfer Protocol is used to transfer files between computers
23 stealthed TELNET Telnet is used to remotely create a shell (dos prompt)
135 stealthed RPC Remote Procedure Call (RPC) is used in client/server applications based on MS Windows operating systems
137 stealthed NETBIOS Name Service NetBios is used to share files through your Network Neighborhood
138 stealthed NETBIOS Datagram Service NetBios is used to share files through your Network Neighborhood
139 stealthed NETBIOS Session Service NetBios is used to share files through your Network Neighborhood
1080 stealthed SOCKS PROXY Socks Proxy is an internet proxy service
1243 stealthed SubSeven SubSeven is one of the most widespread trojans
3128 stealthed Masters Paradise and RingZero Trojan horses
12345 stealthed NetBus NetBus is one of the most widespread trojans
12348 stealthed BioNet BioNet is one of the most widespread trojan
27374 stealthed SubSeven SubSeven is one of the most widespread trojans
31337 stealthed Back Orifice Back Orifice is one of the most widespread trojans
80 open HTTP HTTP web services publish web pages

Recommendation:

It is urgent that you install personal firewall software. If you have already installed and are using a firewall, check if it is set to make all the ports of your computer stealthed (invisible).
If you have any problems adjusting your firewall, get help from the firewall developer. If the firewall is correctly set but fails this test, replace the firewall software and redo this test.



TCP SYN scanning
Description: This technique is also known as "half-open" scanning, because the scanner doesn't open a full TCP connection. The scanner sends a SYN packet, as if it is going to open a real connection and waits for a response.
Advanced Port Scanner Settings
To start the test select the ports you want to check and then click on "Continue" button.


Scan typical vulnerable and Trojan ports


Scan desired ports and/or the range of ports.
Type in the port number and/or port range, separated by commas (example: 14, 80, 200-240).



Scan 20 random ports
Results of Advanced Port Scanner
TCP SYN scanning (scanned in 37 seconds)



We have scanned your computer' ports used by the most widespread trojan horses. Here is the description of possible ports' statuses:

"Stealthed" (by a firewall) -Means that your computer is invisible to others on the Internet and protected by a firewall or other similiar software;
"Closed" (non-stealthed) - means that this port is closed, but your computer is visible to others on the Internet that can be potentially dangerous;
"Open" - Means that this port is ready to establish (or has already established) a connection with remote address. It also means that your computer is vulnerable to attacks and could have been already hacked or infected by a trojan/backdoor;

Port: Status Service Description
21 stealthed FTP File Transfer Protocol is used to transfer files between computers
23 stealthed TELNET Telnet is used to remotely create a shell (dos prompt)
135 stealthed RPC Remote Procedure Call (RPC) is used in client/server applications based on MS Windows operating systems
137 stealthed NETBIOS Name Service NetBios is used to share files through your Network Neighborhood
138 stealthed NETBIOS Datagram Service NetBios is used to share files through your Network Neighborhood
139 stealthed NETBIOS Session Service NetBios is used to share files through your Network Neighborhood
1080 stealthed SOCKS PROXY Socks Proxy is an internet proxy service
1243 stealthed SubSeven SubSeven is one of the most widespread trojans
3128 stealthed Masters Paradise and RingZero Trojan horses
12345 stealthed NetBus NetBus is one of the most widespread trojans
12348 stealthed BioNet BioNet is one of the most widespread trojan
27374 stealthed SubSeven SubSeven is one of the most widespread trojans
31337 stealthed Back Orifice Back Orifice is one of the most widespread trojans
80 open HTTP HTTP web services publish web pages

Recommendation:

It is urgent that you install personal firewall software. If you have already installed and are using a firewall, check if it is set to make all the ports of your computer stealthed (invisible).
If you have any problems adjusting your firewall, get help from the firewall developer. If the firewall is correctly set but fails this test, replace the firewall software and redo this test.


Exploits Test
This test will detect how vulnerable your computer is to exploits attacks. This test can be also used to test firewalls and routers for stability and reactions to unexpected packets. Most of the exploits are in fact denial-of-service attacks and if your system is unable to pass this examination following actions can take place:

Some attacks may cause you computer to crash (so-called "blue screen of death") or reboot. So all unsaved data in open applications at the time of the attack may be lost.
The attacks can also consume large amounts of network bandwidth.
You computer may start operating very slowly as the attacks may consume most or all of the operating system's CPU resources.
Some attacks can break your Internet connection.
To learn more about exploits used in the test click here.

The test is started by clicking on "Exploits Test"

ATTENTION!
By clicking the button "Exploits Test" you confirm your consent of the following statements:


Your computer will be scanned and checked by our tests;
The results of your test will remain confidential and will not be given to any third party;
The test may cause your computer to hang and necessitate the rebooting of your system;
The test does not give a sound basis for legal claims of irreversible consequences to your computer;

IP Address test
The test has determined your IP address to be:

220.28.xxx.xxx
Please verify that this is your true IP address.

If the IP address determined by the test is not your true IP address please cancel the test as further results of the test would be incorrect. Commonly the test fails to determine your true IP address because of you are connected to the Internet through a proxy-server or your ISP uses Network Address Translation (NAT) to share IP addresses.

If this is your true IP address click on "Continue" to check for vulnerabilities at this IP address.

Note: if your computer or ISP uses a corporate firewall, ask your system administrator for permission for further scanning of your IP.
Exploits Test Settings:
To start the test select the attacks below and then click on "Exploits Test" button.

The test may take up to 5 minutes depending on speed of your Internet connection. If your system is unable to pass this examination the test should cause your computer to hang and/or necessitate the rebooting of your system. To learn more about the attacks used in the test click here

Select all


igmpsyn
targa3
fawx
kod
ssping
jolt2
twinge
moyari13
nuke
teardrop
nestea
land
synk4
opentear
stream
stream2
rfpoison
rst_flip
redir
Results of the test:
Exploits test

SafeYour system successfully defended itself from this attack!

ホームへ

ツイート