Page 1 of 2 12 LastLast
Results 1 to 20 of 34

Thread: SG Security Scan

  1. #1
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    10,288
    Blog Entries
    6

    SG Security Scan

    SpeedGuide.net now has a great tool - a remote Security portscan that detects many common vulnerabilities, trojans/backdoors, worms, etc.

    Both the free and the premium scan are run by the same engine:

    SG Security Scan

    A list of the ports being scanned and their corresponding descriptions can be found - here -
    A list of the most commonly open ports can be found - here -

    A comprehensive searchable database of all official and unofficial port assignments, known vulnerabilities and more: SG Ports Database


    The premium version of the scan detects twice as many vulnerabilities by testing many additional ports. It loads our servers more, so there is a fee associated with it to limit the number of scans. We believe it's a great value for real-world remote vulnerability testing. It is bundled together with image hosting and ad-free browsing of the site, more information can be found here: SG Premium Membership


    If you have any questions, comments, suggestions or feedback about either version of our security scan, please post them in this thread.

    Thanks,

    Philip

  2. #2
    Regular Member Lightstream's Avatar
    Join Date
    Nov 2002
    Location
    Okla.
    Posts
    199
    Good feature man, keep up the good work.
    The light of life.

  3. #3
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    10,288
    Blog Entries
    6
    Thanks Lightstream, we try.

    The Security scan audits 100s of the most common ports, more are added to the "advanced" version daily.

    Check it out and post any suggestions / problems / bugs (what bugs ?! ) in here.

  4. #4
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    10,288
    Blog Entries
    6
    Added a feature today, the security scan now correctly detects web proxy servers and adjusts the target IP accordingly.

    Any other ideas / questions / comments / suggestions ?
    Linux is user friendly, it's just picky about its friends...
    Disclaimer: Please use caution when opening messages, my grasp on reality may have shaken loose during transmission (going on rusty memory circuits).
    ๑۩۞۩๑

  5. #5
    SG Enthusiast qball15j's Avatar
    Join Date
    Nov 2001
    Location
    127.0.0.1
    Posts
    3,619
    Philip, great work! Keep it up!

    I currently run SmoothWall for my firewall/router and let me tell your. Your scan pointed out some odd ball UDP ports that were open with my box that were NOT found with a few other well known web-based port scanners.

  6. #6
    fjzeigler
    Guest
    As a 65 year-old worried newbie, I used your SC Scan. It found 6 ports open. What do I do now? Do I close these ports and if so how?

    Fred Zeigler

  7. #7
    msroge693
    Guest

    Talking open ports

    Any firewall should close these open ports. Maybe you want to research the best one for you

  8. #8
    Junior Member 700mb80min's Avatar
    Join Date
    Oct 2003
    Location
    Possum Dropping Lodge , Canada
    Posts
    20
    Ports > xxxx are designated for dynamic allocation by Windows. When programs ask for the "next available" socket, they usually get sequential ports starting at xxxx.

    this one was open each time i ran the test . sygate is configured to default settings but this one shows. is it ok to leave it ?....thanks

  9. #9
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    10,288
    Blog Entries
    6
    Originally posted by 700mb80min
    this one was open each time i ran the test . sygate is configured to default settings but this one shows. is it ok to leave it ?....thanks
    Yes and no... It is ok to leave it as long as you know what program is using it

    I'd recommend closing applications that connect to the net other than IE and try again to find out what's using it.

  10. #10
    SG Enthusiast qball15j's Avatar
    Join Date
    Nov 2001
    Location
    127.0.0.1
    Posts
    3,619
    700mb80min, go to a friends house or somwhere that you can get net access and scan your IP from there. I really hate to say it but alot of the web scanners out there including the one here at SG give false results.

    My post above, I mentioned the SG scanner found some open ports on my smoothwall box that were supposed to be closed. (well they are) After doing some other online scans and talking with some SmoothWall folks I was told not to use any of those online security scanners and to have some other external sources scan. I ended up having a few friends scan my box along with another scan I did from work, which turned up nothing.

  11. #11
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    10,288
    Blog Entries
    6
    The SG Security scan uses one of the best port-scanning technologies available today. In addition, we've implemented other internal special algorithms to distinguish open/closed UDP ports.

    UDP is not a lossless protocol, in other words if a packet is lost it might never be reported back to a server as open. That makes UDP scanning more dificult than TCP (it's hard to distinguish between stealth/open ports in the presence of packet loss). However, if your system returns some packets and not others, our scan can differentiate and the results are as close as you can get with any portscan.

    You can take or leave them as you wish. If you'd like to PM/email me your IP and the ports in question I'd be happy to double-check and provide further information as aplicable.

  12. #12
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    10,288
    Blog Entries
    6
    I've just added some new features to the Premium Members Security Scan:

    - the ability to choose remote IP address to scan
    - the ability to scan a custom port (or a range of ports)
    - the ability to pick protocols to be scanned for the above custom ports.
    Linux is user friendly, it's just picky about its friends...
    Disclaimer: Please use caution when opening messages, my grasp on reality may have shaken loose during transmission (going on rusty memory circuits).
    ๑۩۞۩๑

  13. #13
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    10,288
    Blog Entries
    6
    Updated the SG Security scan to detect the latest trojans. A list of vulnerabilities being scanned can be found here: http://www.speedguide.net/ports.php

    I've also added a Security information page to the main site that includes some feeds from Symantec and Sophos with the latest security threats. Here is a link: http://www.speedguide.net/security.php

  14. #14
    Regular Member Cable Vision's Avatar
    Join Date
    Oct 2004
    Location
    Puerto Rico
    Posts
    121
    mi first scan without firewall reveal a port #30 open,and the second test with Outpost Firewall reveal no open ports,great firewall and great scanner too

  15. #15
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    10,288
    Blog Entries
    6
    Quote Originally Posted by Cable Vision
    mi first scan without firewall reveal a port #30 open,and the second test with Outpost Firewall reveal no open ports,great firewall and great scanner too
    Thanks for the positive comments.

    I've just added another 10+ new trojans to the list of detected vulnerabilities.

  16. #16
    Junior Member partsfreak's Avatar
    Join Date
    Dec 2004
    Location
    North Carolina
    Posts
    4
    I get different results of the scan depending on whether im logged on as a member or just doing the scan whithout logging on. Why is that?

  17. #17
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    10,288
    Blog Entries
    6
    Quote Originally Posted by partsfreak
    I get different results of the scan depending on whether im logged on as a member or just doing the scan whithout logging on. Why is that?
    When logged in, the scan checks more ports on your system. You can see the number of scanned ports in the bottom section of the results.

    Best,

    Philip

  18. #18
    Junior Member partsfreak's Avatar
    Join Date
    Dec 2004
    Location
    North Carolina
    Posts
    4

    sg portscan

    The difference I'm talking about is as follows:
    When I do the scan without logging in I get all filtered ports except for 135,137 & 139. which show open.
    When I log in and do the scan All of my ports show as closed with the exception again of 135,137 & 139.
    My question was how does the portscan go from filtered to closed from logging in to speedguide and why?

  19. #19
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    10,288
    Blog Entries
    6
    Quote Originally Posted by partsfreak
    The difference I'm talking about is as follows:
    When I do the scan without logging in I get all filtered ports except for 135,137 & 139. which show open.
    When I log in and do the scan All of my ports show as closed with the exception again of 135,137 & 139.
    My question was how does the portscan go from filtered to closed from logging in to speedguide and why?
    Most likely the closed ports are still reported when you're not logged in, just without the detailed descriptions.

    The way the portscan works, it only gives detailed descriptions for two of the open/closed/filtered subsets, the ones with fewer results. It only reports aggregate data for the third subset of ports, just a number in the summary on the bottom of the report. Please look at the number of closed ports when logged in/out and you'll most likely notice that the portscan is reporting them correctly. Probably just the number of closed ports is smaller than the number of filtered ports when you're logged in, and the other way arouund when you're not.

    I hope this helps, please let me know if we need to look into this further.

    You might also want to read:
    Descriptions of all currently scanned ports - http://www.speedguide.net/ports.php
    UDP Ports scanning info: http://www.speedguide.net/faq_in_q.p...ory=97&qid=173


    Philip

  20. #20
    Junior Member partsfreak's Avatar
    Join Date
    Dec 2004
    Location
    North Carolina
    Posts
    4
    Phillip, Thanks for answering my post, I see that there are more ports scanned when logged in to Speedguide as a member. Also that they are described in greater detail.(I did a scan from my job today and was glad im not them. lol)
    My own results are still under question tho, I only have 3 open udp ports, They remain constant thu both logged in/not logged in scans.
    ALL of the other ports that are shown in the not logged in scan are filtered.
    All of those same ports show as closed once I log in and rescan.
    Try it on your systen and see if you get the same results.
    Thanks again, Partsfreak.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •