SG Security Scan

General Network security, firewalls, port filtering/forwarding, wireless security, anti-spyware, as well as spam control and privacy discussions.
Post Reply
User avatar
Philip
SG VIP
Posts: 11554
Joined: Sat May 08, 1999 5:00 am
Location: Jacksonville, Florida

SG Security Scan

Post by Philip »

SpeedGuide.net now has a great tool - a remote Security portscan that detects many common vulnerabilities, trojans/backdoors, worms, etc.

Both the free and the premium scan are run by the same engine:

SG Security Scan

A list of the ports being scanned and their corresponding descriptions can be found - here -
A list of the most commonly open ports can be found - here -

A comprehensive searchable database of all official and unofficial port assignments, known vulnerabilities and more: SG Ports Database


The premium version of the scan detects twice as many vulnerabilities by testing many additional ports. It loads our servers more, so there is a fee associated with it to limit the number of scans. We believe it's a great value for real-world remote vulnerability testing. It is bundled together with image hosting and ad-free browsing of the site, more information can be found here: SG Premium Membership


If you have any questions, comments, suggestions or feedback about either version of our security scan, please post them in this thread.

Thanks,

Philip
User avatar
Lightstream
Regular Member
Posts: 199
Joined: Tue Nov 26, 2002 6:48 pm
Location: Okla.

Post by Lightstream »

Good feature man, keep up the good work.
The light of life.
User avatar
Philip
SG VIP
Posts: 11554
Joined: Sat May 08, 1999 5:00 am
Location: Jacksonville, Florida

Post by Philip »

Thanks Lightstream, we try.

The Security scan audits 100s of the most common ports, more are added to the "advanced" version daily.

Check it out and post any suggestions / problems / bugs (what bugs ?! :) ) in here.
User avatar
Philip
SG VIP
Posts: 11554
Joined: Sat May 08, 1999 5:00 am
Location: Jacksonville, Florida

Post by Philip »

Added a feature today, the security scan now correctly detects web proxy servers and adjusts the target IP accordingly.

Any other ideas / questions / comments / suggestions ?
Linux is user friendly, it's just picky about its friends...
Disclaimer: Please use caution when opening messages, my grasp on reality may have shaken loose during transmission (going on rusty memory circuits). I also eat whatever crayons are put in front of me.
๑۩۞۩๑
qball15j
Senior Member
Posts: 3619
Joined: Mon Nov 26, 2001 9:28 pm

Post by qball15j »

Philip, great work! Keep it up!

I currently run SmoothWall for my firewall/router and let me tell your. Your scan pointed out some odd ball UDP ports that were open with my box that were NOT found with a few other well known web-based port scanners.
fjzeigler

Post by fjzeigler »

As a 65 year-old worried newbie, I used your SC Scan. It found 6 ports open. What do I do now? Do I close these ports and if so how?

Fred Zeigler :confused:
msroge693

open ports

Post by msroge693 »

Any firewall should close these open ports. Maybe you want to research the best one for you
User avatar
700mb80min
Member
Posts: 20
Joined: Sat Oct 25, 2003 8:46 am
Location: Possum Dropping Lodge , Canada

Post by 700mb80min »

Ports > xxxx are designated for dynamic allocation by Windows. When programs ask for the "next available" socket, they usually get sequential ports starting at xxxx.



this one was open each time i ran the test . sygate is configured to default settings but this one shows. is it ok to leave it ?....thanks
User avatar
Philip
SG VIP
Posts: 11554
Joined: Sat May 08, 1999 5:00 am
Location: Jacksonville, Florida

Post by Philip »

Originally posted by 700mb80min
this one was open each time i ran the test . sygate is configured to default settings but this one shows. is it ok to leave it ?....thanks


Yes and no... It is ok to leave it as long as you know what program is using it :)

I'd recommend closing applications that connect to the net other than IE and try again to find out what's using it.
qball15j
Senior Member
Posts: 3619
Joined: Mon Nov 26, 2001 9:28 pm

Post by qball15j »

700mb80min, go to a friends house or somwhere that you can get net access and scan your IP from there. I really hate to say it but alot of the web scanners out there including the one here at SG give false results.

My post above, I mentioned the SG scanner found some open ports on my smoothwall box that were supposed to be closed. (well they are) After doing some other online scans and talking with some SmoothWall folks I was told not to use any of those online security scanners and to have some other external sources scan. I ended up having a few friends scan my box along with another scan I did from work, which turned up nothing.
User avatar
Philip
SG VIP
Posts: 11554
Joined: Sat May 08, 1999 5:00 am
Location: Jacksonville, Florida

Post by Philip »

The SG Security scan uses one of the best port-scanning technologies available today. In addition, we've implemented other internal special algorithms to distinguish open/closed UDP ports.

UDP is not a lossless protocol, in other words if a packet is lost it might never be reported back to a server as open. That makes UDP scanning more dificult than TCP (it's hard to distinguish between stealth/open ports in the presence of packet loss). However, if your system returns some packets and not others, our scan can differentiate and the results are as close as you can get with any portscan.

You can take or leave them as you wish. If you'd like to PM/email me your IP and the ports in question I'd be happy to double-check and provide further information as aplicable.
User avatar
Philip
SG VIP
Posts: 11554
Joined: Sat May 08, 1999 5:00 am
Location: Jacksonville, Florida

Post by Philip »

I've just added some new features to the Premium Members Security Scan:

- the ability to choose remote IP address to scan
- the ability to scan a custom port (or a range of ports)
- the ability to pick protocols to be scanned for the above custom ports.
Linux is user friendly, it's just picky about its friends...
Disclaimer: Please use caution when opening messages, my grasp on reality may have shaken loose during transmission (going on rusty memory circuits). I also eat whatever crayons are put in front of me.
๑۩۞۩๑
User avatar
Philip
SG VIP
Posts: 11554
Joined: Sat May 08, 1999 5:00 am
Location: Jacksonville, Florida

Post by Philip »

Updated the SG Security scan to detect the latest trojans. A list of vulnerabilities being scanned can be found here: http://www.speedguide.net/ports.php

I've also added a Security information page to the main site that includes some feeds from Symantec and Sophos with the latest security threats. Here is a link: http://www.speedguide.net/security.php
Cable Vision
Regular Member
Posts: 121
Joined: Thu Oct 21, 2004 10:06 am
Location: Puerto Rico

Post by Cable Vision »

mi first scan without firewall reveal a port #30 open,and the second test with Outpost Firewall reveal no open ports,great firewall and great scanner too
User avatar
Philip
SG VIP
Posts: 11554
Joined: Sat May 08, 1999 5:00 am
Location: Jacksonville, Florida

Post by Philip »

Cable Vision wrote:mi first scan without firewall reveal a port #30 open,and the second test with Outpost Firewall reveal no open ports,great firewall and great scanner too

Thanks for the positive comments.

I've just added another 10+ new trojans to the list of detected vulnerabilities.
User avatar
partsfreak
New Member
Posts: 4
Joined: Thu Dec 02, 2004 9:36 am
Location: North Carolina

Post by partsfreak »

I get different results of the scan depending on whether im logged on as a member or just doing the scan whithout logging on. Why is that?
User avatar
Philip
SG VIP
Posts: 11554
Joined: Sat May 08, 1999 5:00 am
Location: Jacksonville, Florida

Post by Philip »

partsfreak wrote:I get different results of the scan depending on whether im logged on as a member or just doing the scan whithout logging on. Why is that?

When logged in, the scan checks more ports on your system. You can see the number of scanned ports in the bottom section of the results.

Best,

Philip
User avatar
partsfreak
New Member
Posts: 4
Joined: Thu Dec 02, 2004 9:36 am
Location: North Carolina

sg portscan

Post by partsfreak »

The difference I'm talking about is as follows:
When I do the scan without logging in I get all filtered ports except for 135,137 & 139. which show open.
When I log in and do the scan All of my ports show as closed with the exception again of 135,137 & 139.
My question was how does the portscan go from filtered to closed from logging in to speedguide and why?
User avatar
Philip
SG VIP
Posts: 11554
Joined: Sat May 08, 1999 5:00 am
Location: Jacksonville, Florida

Post by Philip »

partsfreak wrote:The difference I'm talking about is as follows:
When I do the scan without logging in I get all filtered ports except for 135,137 & 139. which show open.
When I log in and do the scan All of my ports show as closed with the exception again of 135,137 & 139.
My question was how does the portscan go from filtered to closed from logging in to speedguide and why?

Most likely the closed ports are still reported when you're not logged in, just without the detailed descriptions.

The way the portscan works, it only gives detailed descriptions for two of the open/closed/filtered subsets, the ones with fewer results. It only reports aggregate data for the third subset of ports, just a number in the summary on the bottom of the report. Please look at the number of closed ports when logged in/out and you'll most likely notice that the portscan is reporting them correctly. Probably just the number of closed ports is smaller than the number of filtered ports when you're logged in, and the other way arouund when you're not.

I hope this helps, please let me know if we need to look into this further.

You might also want to read:
Descriptions of all currently scanned ports - http://www.speedguide.net/ports.php
UDP Ports scanning info: http://www.speedguide.net/faq_in_q.php?category=97&qid=173


Philip
User avatar
partsfreak
New Member
Posts: 4
Joined: Thu Dec 02, 2004 9:36 am
Location: North Carolina

Post by partsfreak »

Phillip, Thanks for answering my post, I see that there are more ports scanned when logged in to Speedguide as a member. Also that they are described in greater detail.(I did a scan from my job today and was glad im not them. lol)
My own results are still under question tho, I only have 3 open udp ports, They remain constant thu both logged in/not logged in scans.
ALL of the other ports that are shown in the not logged in scan are filtered.
All of those same ports show as closed once I log in and rescan.
Try it on your systen and see if you get the same results.
Thanks again, Partsfreak.
User avatar
Philip
SG VIP
Posts: 11554
Joined: Sat May 08, 1999 5:00 am
Location: Jacksonville, Florida

Post by Philip »

partsfreak wrote:Phillip, Thanks for answering my post, I see that there are more ports scanned when logged in to Speedguide as a member. Also that they are described in greater detail.(I did a scan from my job today and was glad im not them. lol)
My own results are still under question tho, I only have 3 open udp ports, They remain constant thu both logged in/not logged in scans.
ALL of the other ports that are shown in the not logged in scan are filtered.
All of those same ports show as closed once I log in and rescan.
Try it on your systen and see if you get the same results.
Thanks again, Partsfreak.

You seem to be logging in from multiple IPs. Please PM or email me your IP that is having the issue and I'd be happy to scan it...
User avatar
Philip
SG VIP
Posts: 11554
Joined: Sat May 08, 1999 5:00 am
Location: Jacksonville, Florida

Post by Philip »

Updated the portscan again, we're up to 474 separate ports (with complete descriptions of associated vulnerabilities) scanned for the premium version :)
apple09

my first step

Post by apple09 »

thanks for this particular site wich guide you through this.

I need help

How can I protect my web site from a hack, somebody are telling me about Microsoft ISA. but I want to use XP not Win2000 server
User avatar
Philip
SG VIP
Posts: 11554
Joined: Sat May 08, 1999 5:00 am
Location: Jacksonville, Florida

Post by Philip »

The latest security threats as of today (both W32.Esbot.A and W32.Zotob.E) have been added and are now detectable by the basic version of the SG Security Scan.

I've also added 15+ other recent vulnerabilities and their descriptions to the list.
Linux is user friendly, it's just picky about its friends...
Disclaimer: Please use caution when opening messages, my grasp on reality may have shaken loose during transmission (going on rusty memory circuits). I also eat whatever crayons are put in front of me.
๑۩۞۩๑
mataku
New Member
Posts: 4
Joined: Sun Dec 25, 2005 5:12 pm

Post by mataku »

hey,i hope it's okay to post this here, but the SG security scan stoped working for me. when i press "scan" i get:
Total scanned ports: 0
Open ports: 0
Closed ports: 0
Filtered ports: 0

and i've tried a bounch of times with no luck. I'm using Firefox 1.5 if that's important.
User avatar
Philip
SG VIP
Posts: 11554
Joined: Sat May 08, 1999 5:00 am
Location: Jacksonville, Florida

Post by Philip »

mataku wrote:hey,i hope it's okay to post this here, but the SG security scan stoped working for me. when i press "scan" i get:
Total scanned ports: 0
Open ports: 0
Closed ports: 0
Filtered ports: 0

and i've tried a bounch of times with no luck. I'm using Firefox 1.5 if that's important.

I upgraded the scan engine and some of the options to facilitate faster scans on the 29th. Seems in the process it lost its ability to scan hosts that do not respond to pings. Thanks for the constructive feedback, it's been fixed.

Please let me know if you're still having problems with it.
mataku
New Member
Posts: 4
Joined: Sun Dec 25, 2005 5:12 pm

Post by mataku »

well,it's working now,but it took about 3 minutes before i got results.
mataku
New Member
Posts: 4
Joined: Sun Dec 25, 2005 5:12 pm

Post by mataku »

okay,n/m it's working ok now.
but i have a question: i'm using Norton internet security 2005 and when i start the scan i get an intrusion detected window. in NIS2005 whenever there is an intrusion it blocks all connection from the intruder for a few minutes. does this affect the results of the scan?
User avatar
Philip
SG VIP
Posts: 11554
Joined: Sat May 08, 1999 5:00 am
Location: Jacksonville, Florida

Post by Philip »

Probably.

The only way we can effectively scan a large number of ports is by sending probes in parallel, a few milliseconds apart. This, combined with the fact we're probing the most vulnerable ports may trigger some intusion alerts...
User avatar
Philip
SG VIP
Posts: 11554
Joined: Sat May 08, 1999 5:00 am
Location: Jacksonville, Florida

Post by Philip »

I've updated the SG Ports database with information on all official ports from IANA, as well as known unofficial port assignments from Wikipedia, the Sans Institute, and other sources for a total of ~10,000 combined records:

SG Ports Database

Please let me know if you feel something is missing or unclear since I've updated the layout and links/search/scan as well.
wujan
New Member
Posts: 3
Joined: Mon Aug 10, 2009 6:45 pm

Post by wujan »

I used the speedguide scan and the scan at broadbandsecurity.org and got different results???

BBsec uses nMAP and nessus to scan your IP.
mataku
New Member
Posts: 4
Joined: Sun Dec 25, 2005 5:12 pm

Post by mataku »

mataku wrote:hey,i hope it's okay to post this here, but the SG security scan stopped working for me. when i press "scan" i get:
Total scanned ports: 0
Open ports: 0
Closed ports: 0
Filtered ports: 0

and i've tried a bunch of times with no luck. I'm using Firefox 1.5 if that's important.
hey, came back 5 years later to post again - Zeros across the board. please fix ;)
using FF3.6.6
fashionever
New Member
Posts: 3
Joined: Tue Sep 25, 2012 12:16 am

Post by fashionever »

Security scanning audit of 100 of the most common ports, and more are added every day to the "Advanced" version.
If you don't like something, change it. If you can't change it, change your attitude.
Alicewalters
New Member
Posts: 4
Joined: Wed Jun 11, 2014 3:15 am

Post by Alicewalters »

this one was open each time i ran the test . sygate is configured to default settings but this one shows. is it ok to leave it
jerry66
New Member
Posts: 1
Joined: Mon Jun 17, 2024 12:30 pm

Re: SG Security Scan

Post by jerry66 »

Sygate ? have not used sygate in 20 years
Post Reply