# The Ubuntu Forum Community > Ubuntu Specialised Support > Security > [ubuntu] Safe?

## Georgia boy

Hi. I ran a Shields Up and got the following on my Ubuntu, I do not have a router connected. This was a straight test on the Ubuntu. Please note that I didn't do the cookie nor the port thing due to not knowing what to put in. Below are the total results of the scan. Please advise as to if good or not.

Thanks for your help.
Tom


File sharing:

Please Stand By. . .
	Attempting connection to your computer. . .
Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!
	Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
	Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.


Common Ports:Total elapsed testing time: 5.054 seconds






Solicited TCP Packets: RECEIVED (FAILED)  As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.



Unsolicited Packets: PASSED  No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)



Ping Reply: RECEIVED (FAILED)  Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.


Port 	
Service 	
Status 	Security Implications

0 	
<nil> 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

21 	
FTP 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

22 	
SSH 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

23 	
Telnet 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

25 	
SMTP 	
Stealth 	There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

79 	
Finger 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

80 	
HTTP 	
Stealth 	There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

110 	
POP3 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

113 	
IDENT 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

119 	
NNTP 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

135 	
RPC 	
Stealth 	There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

139 	
Net
BIOS 	
Stealth 	There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

143 	
IMAP 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

389 	
LDAP 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

443 	
HTTPS 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

445 	
MSFT
DS 	
Stealth 	There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1002 	
ms-ils 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

1024 	
DCOM 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

1025 	
Host 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

1026 	
Host 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

1027 	
Host 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

1028 	
Host 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

1029 	
Host 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

1030 	
Host 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

1720 	
H.323 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.

5000 	
UPnP 	
Closed 	Your computer has responded that this port exists but is currently closed to connections.



You may click on the Text Summary button to receive a condensed textual report of the Common Ports Probe findings displayed above.

You may also click on any port number link above to jump to detailed information about that port contained in our Port Authority database.

For help and information about the meaning and importance of "Open", "Closed" and "Stealth" port statuses, please see our Internet Port Status Definitions page.

You may press your browser's BACK button to return to the previous page, Re-run the Common Ports Probe test by "refreshing" this page, or select from among the other services available:

All Service ports:

Determine the status of your
system's first 1056 ports
This Internet service ports "grid scan" determines the status   Open,  Closed, or  Stealth  of your system's first 1056 TCP ports.
	32 ports, represented by each horizontal row, are probed as a group. The results are posted as the next set of ports are probed.
	During off-peak hours the entire scan requires just over one minute.
	For guaranteed accuracy, the scanning time will increase during peak usage when many people are sharing our scanning bandwidth.
	A scan of a stealthed system is up to four times slower since many more probes must be sent to guarantee against Internet packet loss.
	The test may be abandoned at any time if you do not wish to wait for the scan to finish.
	You may hover your mouse cursor over any grid cell to determine which port it represents, or click on the cell to jump to the corresponding Port Authority database page to learn about the port's specific role, history, and security consequences. (Depress SHIFT when clicking to open new window and allow unfinished test to continue.)


0  	0 / <nil> / Reserved 	1 / tcpmux / TCP Port Service Multiplexer 	2 / compressnet / Management Utility 	3 / compressnet / Compression Process 	4 	5 / rje / Remote Job Entry 	6 	7 / echo / Echo 	8 	9 / discard / Discard 	10 	11 / systat / Active Users 	12 	13 / daytime / Daytime 	14 	15 	16 	17 / qotd / Quote of the Day 	18 / msp / Message Send Protocol 	19 / chargen / Character Generator 	20 / ftp-data / File Transfer Protocol / Default Data Channel 	21 / ftp / File Transfer Protocol / Control Channel 	22 / ssh / SSH Remote Login Protocol 	23 / telnet / Telnet 	24 / privmail / Private Mail System 	25 / smtp / Simple Mail Transfer Protocol 	26 	27 / nsw-fe / NSW User System FE 	28 / - / (Used by 'Amanda' Trojan) 	29 / msg-icp / MSG ICP 	30 / - / (Used by 'Agent 40421' Trojan) 	31 / msg-auth / MSG Authentication 	31
32  	32 	33 / dsp / Display Support Protocol 	34 	35 / privprnt / Private Printer Server 	36 	37 / time / Time 	38 / rap / Route Access Protocol 	39 / rlp / Resource Location Protocol 	40 	41 / graphics / Graphics 	42 / nameserver / Host Name Server 	43 / nicname / Who Is 	44 / mpm-flags / Message Processing Module / Flags 	45 / mpm / Message Processing Module / Receive 	46 / mpm-snd / Message Processing Module / Send 	47 / ni-ftp / NI FTP 	48 / auditd / Digital Audit Daemon 	49 / tacacs / Login Host Protocol 	50 / re-mail-ck / Remote Mail Checking Protocol 	51 / la-maint / IMP Logical Address Maintenance 	52 / xns-time / XNS Time Protocol 	53 / domain / Domain Name Server 	54 / xns-ch / XNS Clearinghouse 	55 / isi-gl / ISI Graphics Language 	56 / xns-auth / XNS Authentication 	57 / privterm / Private Terminal Access 	58 / xns-mail / XNS Mail 	59 / privfs / Private File Service 	60 	61 / ni-mail / NI MAIL 	62 / acas / ACA Services 	63 / whois++ / whois++ 	63
64  	64 / covia / Communications Integrator (CI) 	65 / tacacs-ds / TACACS-Database Service 	66 / sql*net / Oracle SQL*NET 	67 / bootps / Bootstrap Protocol Server 	68 / bootpc / Bootstrap Protocol Client 	69 / tftp / Trivial File Transfer 	70 / gopher / Gopher 	71 / netrjs-1 / Remote Job Service 	72 / netrjs-2 / Remote Job Service 	73 / netrjs-3 / Remote Job Service 	74 / netrjs-4 / Remote Job Service 	75 / privdial / Private Dial Out Service 	76 / deos / Distributed External Object Store 	77 / privRJE / Private RJE Service 	78 / vettcp / vettcp 	79 / finger / Finger 	80 / http / World Wide Web HTTP Protocol 	81 / hosts2-ns / HOSTS2 Name Server 	82 / xfer / XFER Utility 	83 / mit-ml-dev / MIT ML Device 	84 / ctf / Common Trace Facility 	85 / mit-ml-dev / MIT ML Device 	86 / mfcobol / Micro Focus Cobol 	87 / privlnk / Private Terminal Link 	88 / kerberos / Kerberos 	89 / su-mit-tg / SU/MIT Telnet Gateway 	90 / dnsix / DNSIX Securit Attribute Token Map 	91 / mit-dov / MIT Dover Spooler 	92 / npp / Network Printing Protocol 	93 / dcp / Device Control Protocol 	94 / objcall / Tivoli Object Dispatcher 	95 / supdup / SUPDUP 	95
96  	96 / dixie / DIXIE Protocol Specification 	97 / swift-rvf / Swift Remote Virtural File Protocol 	98 / tacnews / TAC News 	99 / metagram / Metagram Relay 	100 	101 / hostname / NIC Host Name Server 	102 / iso-tsap / ISO-TSAP Class 0 	103 / gppitnp / Genesis Point-to-Point Trans Net 	104 / acr-nema / ACR-NEMA Digital Imag. & Comm. 300 	105 / csnet-ns / Mailbox Name Nameserver 	106 / 3com-tsmux / 3COM-TSMUX 	107 / rtelnet / Remote Telnet Service 	108 / snagas / SNA Gateway Access Server 	109 / pop2 / Post Office Protocol - Version 2 	110 / pop3 / Post Office Protocol - Version 3 	111 / sunrpc / SUN Remote Procedure Call 	112 / mcidas / McIDAS Data Transmission Protocol 	113 / ident / Authentication Service 	114 / audionews / Audio News Multicast 	115 / sftp / Simple File Transfer Protocol 	116 / ansanotify / ANSA REX Notify 	117 / uucp-path / UUCP Path Service 	118 / sqlserv / SQL Services 	119 / nntp / Network News Transfer Protocol 	120 / cfdptkt / CFDPTKT 	121 / erpc / Encore Expedited Remote Pro.Call 	122 / smakynet / SMAKYNET 	123 / ntp / Network Time Protocol 	124 / ansatrader / ANSA REX Trader 	125 / locus-map / Locus PC-Interface Net Map Ser 	126 / nxedit / NXEdit 	127 / locus-con / Locus PC-Interface Conn Server 	127
128  	128 / gss-xlicen / GSS X License Verification 	129 / pwdgen / Password Generator Protocol 	130 / cisco-fna / cisco FNATIVE 	131 / cisco-tna / cisco TNATIVE 	132 / cisco-sys / cisco SYSMAINT 	133 / statsrv / Statistics Service 	134 / ingres-net / INGRES-NET Service 	135 / epmap / DCE endpoint resolution 	136 / profile / PROFILE Naming System 	137 / netbios-ns / NetBIOS Name Service 	138 / netbios-dgm / NetBIOS Datagram Service 	139 / netbios-ssn / NetBIOS Session Service 	140 / emfis-data / EMFIS Data Service 	141 / emfis-cntl / EMFIS Control Service 	142 / bl-idm / Britton-Lee IDM 	143 / imap / Internet Message Access Protocol 	144 / uma / Universal Management Architecture 	145 / uaac / UAAC Protocol 	146 / iso-tp0 / ISO-IP0 	147 / iso-ip / ISO-IP 	148 / jargon / Jargon 	149 / aed-512 / AED 512 Emulation Service 	150 / sql-net / SQL-NET 	151 / hems / HEMS 	152 / bftp / Background File Transfer Protocol 	153 / sgmp / SGMP 	154 / netsc-prod / NETSC 	155 / netsc-dev / NETSC 	156 / sqlsrv / SQL Service 	157 / knet-cmp / KNET/VM Command/Message Protocol 	158 / pcmail-srv / PCMail Server 	159 / nss-routing / NSS-Routing 	159
160  	160 / sgmp-traps / SGMP-TRAPS 	161 / snmp / SNMP 	162 / snmptrap / SNMPTRAP 	163 / cmip-man / CMIP Manager 	164 / cmip-agent / CMIP Agent 	165 / xns-courier / Xerox 	166 / s-net / Sirius Systems 	167 / namp / NAMP 	168 / rsvd / RSVD 	169 / send / SEND 	170 / print-srv / Network PostScript 	171 / multiplex / Network Innovations Multiplex 	172 / cl/1 / Network Innovations CL/1 	173 / xyplex-mux / Xyplex 	174 / mailq / MAILQ 	175 / vmnet / VMNET 	176 / genrad-mux / GENRAD-MUX 	177 / xdmcp / X Display Manager Control Protocol 	178 / nextstep / NextStep Window Server 	179 / bgp / Border Gateway Protocol 	180 / ris / Intergraph 	181 / unify / Unify 	182 / audit / Unisys Audit SITP 	183 / ocbinder / OCBinder 	184 / ocserver / OCServer 	185 / remote-kis / Remote-KIS 	186 / kis / KIS Protocol 	187 / aci / Application Communication Interface 	188 / mumps / Plus Five's MUMPS 	189 / qft / Queued File Transport 	190 / gacp / Gateway Access Control Protocol 	191 / prospero / Prospero Directory Service 	191
192  	192 / osu-nms / OSU Network Monitoring System 	193 / srmp / Spider Remote Monitoring Protocol 	194 / irc / Internet Relay Chat Protocol 	195 / dn6-nlm-aud / DNSIX Network Level Module Audit 	196 / dn6-smm-red / DNSIX Session Mgt Module Audit Redir 	197 / dls / Directory Location Service 	198 / dls-mon / Directory Location Service Monitor 	199 / smux / SMUX 	200 / src / IBM System Resource Controller 	201 / at-rtmp / AppleTalk Routing Maintenance 	202 / at-nbp / AppleTalk Name Binding 	203 / at-3 / AppleTalk Unused 	204 / at-echo / AppleTalk Echo 	205 / at-5 / AppleTalk Unused 	206 / at-zis / AppleTalk Zone Information 	207 / at-7 / AppleTalk Unused 	208 / at-8 / AppleTalk Unused 	209 / qmtp / The Quick Mail Transfer Protocol 	210 / z39.50 / ANSI Z39.50 	211 / 914c/g / Texas Instruments 914C/G Terminal 	212 / anet / ATEXSSTR 	213 / ipx / IPX 	214 / vmpwscs / VM PWSCS 	215 / softpc / Insignia Solutions 	216 / CAIlic / Computer Associates Int'l License Server 	217 / dbase / dBASE Unix 	218 / mpp / Netix Message Posting Protocol 	219 / uarps / Unisys ARPs 	220 / imap3 / Interactive Mail Access Protocol v3 	221 / fln-spx / Berkeley rlogind with SPX auth 	222 / rsh-spx / Berkeley rshd with SPX auth 	223 / cdc / Certificate Distribution Center 	223
224  	224 / masqdialer / masqdialer 	225 	226 	227 	228 	229 	230 	231 	232 	233 	234 	235 	236 	237 	238 	239 	240 	241 	242 / direct / Direct 	243 / sur-meas / Survey Measurement 	244 / inbusiness / inbusiness 	245 / link / LINK 	246 / dsp3270 / Display Systems Protocol 	247 / subntbcst_tftp / SUBNTBCST_TFTP 	248 / bhfhs / bhfhs 	249 	250 	251 	252 	253 	254 	255 	255
256  	256 / rap / RAP 	257 / set / Secure Electronic Transaction 	258 / yak-chat / Yak Winsock Personal Chat 	259 / esro-gen / Efficient Short Remote Operations 	260 / openport / Openport 	261 / nsiiops / IIOP Name Service over SSL 	262 / arcisdms / Arcisdms 	263 / hdap / HDAP 	264 / bgmp / BGMP 	265 / x-bone-ctl / X-Bone CTL 	266 / sst / SCSI on ST 	267 / td-service / Tobit David Service Layer 	268 / td-replica / Tobit David Replica 	269 	270 	271 	272 	273 	274 	275 	276 	277 	278 	279 	280 / http-mgmt / http-mgmt 	281 / personal-link / Personal Link 	282 / cableport-ax / Cable Port A/X 	283 / rescap / rescap 	284 / corerjd / corerjd 	285 / - / (Used by 'WCTrojan' Trojan) 	286 / fxp-1 / FXP-1 	287 / k-block / K-BLOCK 	287
288  	288 	289 	290 	291 	292 	293 	294 	295 	296 	297 	298 	299 	300 	301 	302 	303 	304 	305 	306 	307 	308 / novastorbakcup / Novastor Backup 	309 / entrusttime / EntrustTime 	310 / bhmds / bhmds 	311 / asip-webadmin / AppleShare IP WebAdmin 	312 / vslmp / VSLMP 	313 / magenta-logic / Magenta Logic 	314 / opalis-robot / Opalis Robot 	315 / dpsi / DPSI 	316 / decauth / decAuth 	317 / zannet / Zannet 	318 / pkix-timestamp / PKIX TimeStamp 	319 / ptp-event / PTP Event 	319
320  	320 / ptp-general / PTP General 	321 / pip / PIP 	322 / rtsps / RTSPS 	323 	324 	325 	326 	327 	328 	329 	330 	331 	332 	333 / texar / Texar Security Port 	334 / - / (Used by 'Backage' Trojan) 	335 	336 	337 	338 	339 	340 	341 	342 	343 	344 / pdap / Prospero Data Access Protocol 	345 / pawserv / Perf Analysis Workbench 	346 / zserv / Zebra server 	347 / fatserv / Fatmen Server 	348 / csi-sgwp / Cabletron Management Protocol 	349 / mftp / mftp 	350 / matip-type-a / MATIP Type A 	351 / matip-type-b / MATIP Type B 	351
352  	352 / dtag-ste-sb / DTAG 	353 / ndsauth / NDSAUTH 	354 / bh611 / bh611 	355 / datex-asn / DATEX-ASN 	356 / cloanto-net-1 / Cloanto Net 1 	357 / bhevent / bhevent 	358 / shrinkwrap / Shrinkwrap 	359 / nsrmp / Network Security Risk Management Protocol 	360 / scoi2odialog / scoi2odialog 	361 / semantix / Semantix 	362 / srssend / SRS Send 	363 / rsvp_tunnel / RSVP Tunnel 	364 / aurora-cmgr / Aurora CMGR 	365 / dtk / DTK 	366 / odmr / ODMR 	367 / mortgageware / MortgageWare 	368 / qbikgdp / QbikGDP 	369 / rpc2portmap / rpc2portmap 	370 / codaauth2 / codaauth2 	371 / clearcase / Clearcase 	372 / ulistproc / ListProcessor 	373 / legent-1 / Legent Corporation 	374 / legent-2 / Legent Corporation 	375 / hassle / Hassle 	376 / nip / Amiga Envoy Network Inquiry Proto 	377 / tnETOS / NEC Corporation 	378 / dsETOS / NEC Corporation 	379 / is99c / TIA/EIA/IS-99 modem client 	380 / is99s / TIA/EIA/IS-99 modem server 	381 / hp-collector / hp performance data collector 	382 / hp-managed-node / hp performance data managed node 	383 / hp-alarm-mgr / hp performance data alarm manager 	383
384  	384 / arns / A Remote Network Server System 	385 / ibm-app / IBM Application 	386 / asa / ASA Message Router Object Def. 	387 / aurp / Appletalk Update-Based Routing Pro. 	388 / unidata-ldm / Unidata LDM 	389 / ldap / Lightweight Directory Access Protocol 	390 / uis / UIS 	391 / synotics-relay / SynOptics SNMP Relay Port 	392 / synotics-broker / SynOptics Port Broker Port 	393 / meta5 / Meta5 	394 / embl-ndt / EMBL Nucleic Data Transfer 	395 / netcp / NETscout Control Protocol 	396 / netware-ip / Novell Netware over IP 	397 / mptn / Multi Protocol Trans. Net. 	398 / kryptolan / Kryptolan 	399 / iso-tsap-c2 / ISO Transport Class 2 Non-Control over TCP 	400 / work-sol / Workstation Solutions 	401 / ups / Uninterruptible Power Supply 	402 / genie / Genie Protocol 	403 / decap / decap 	404 / nced / nced 	405 / ncld / ncld 	406 / imsp / Interactive Mail Support Protocol 	407 / timbuktu / Timbuktu 	408 / prm-sm / Prospero Resource Manager Sys. Man. 	409 / prm-nm / Prospero Resource Manager Node Man. 	410 / decladebug / DECLadebug Remote Debug Protocol 	411 / rmt / Remote MT Protocol 	412 / synoptics-trap / Trap Convention Port 	413 / smsp / Storage Management Services Protocol 	414 / infoseek / InfoSeek 	415 / bnet / BNet 	415
416  	416 / silverplatter / Silverplatter 	417 / onmux / Onmux 	418 / hyper-g / Hyper-G 	419 / ariel1 / Ariel 1 	420 / smpte / SMPTE 	421 / ariel2 / Ariel 2 	422 / ariel3 / Ariel 3 	423 / opc-job-start / IBM Operations Planning and Control Start 	424 / opc-job-track / IBM Operations Planning and Control Track 	425 / icad-el / ICAD 	426 / smartsdp / smartsdp 	427 / svrloc / Server Location 	428 / ocs_cmu / OCS_CMU 	429 / ocs_amu / OCS_AMU 	430 / utmpsd / UTMPSD 	431 / utmpcd / UTMPCD 	432 / iasd / IASD 	433 / nnsp / NNSP 	434 / mobileip-agent / MobileIP-Agent 	435 / mobilip-mn / MobilIP-MN 	436 / dna-cml / DNA-CML 	437 / comscm / comscm 	438 / dsfgw / dsfgw 	439 / dasp / dasp Thomas Obermair 	440 / sgcp / sgcp 	441 / decvms-sysmgt / decvms-sysmgt 	442 / cvc_hostd / cvc_hostd 	443 / https / secure http protocol (SSL) 	444 / snpp / Simple Network Paging Protocol 	445 / microsoft-ds / Microsoft Directory Service 	446 / ddm-rdb / DDM-RDB 	447 / ddm-dfm / DDM-RFM 	447
448  	448 / ddm-ssl / DDM-SSL 	449 / as-servermap / AS Server Mapper 	450 / tserver / Computer Supported Telecomunication Applications 	451 / sfs-smp-net / Cray Network Semaphore server 	452 / sfs-config / Cray SFS config server 	453 / creativeserver / CreativeServer 	454 / contentserver / ContentServer 	455 / creativepartnr / CreativePartnr 	456 / macon-tcp / macon-tcp 	457 / scohelp / scohelp 	458 / appleqtc / apple quick time 	459 / ampr-rcmd / ampr-rcmd 	460 / skronk / skronk 	461 / datasurfsrv / DataRampSrv 	462 / datasurfsrvsec / DataRampSrvSec 	463 / alpes / alpes 	464 / kpasswd / kpasswd 	465 / urd / URL Rendesvous Directory for SSM 	466 / digital-vrc / digital-vrc 	467 / mylex-mapd / mylex-mapd 	468 / photuris / proturis 	469 / rcp / Radio Control Protocol 	470 / scx-proxy / scx-proxy 	471 / mondex / Mondex 	472 / ljk-login / ljk-login 	473 / hybrid-pop / hybrid-pop 	474 / tn-tl-w1 / tn-tl-w1 	475 / tcpnethaspsrv / tcpnethaspsrv 	476 / tn-tl-fd1 / tn-tl-fd1 	477 / ss7ns / ss7ns 	478 / spsc / spsc 	479 / iafserver / iafserver 	479
480  	480 / iafdbase / iafdbase 	481 / ph / Ph service 	482 / bgs-nsi / bgs-nsi 	483 / ulpnet / ulpnet 	484 / integra-sme / Integra Software Management Environment 	485 / powerburst / Air Soft Power Burst 	486 / avian / avian 	487 / saft / saft Simple Asynchronous File Transfer 	488 / gss-http / gss-http 	489 / nest-protocol / nest-protocol 	490 / micom-pfs / micom-pfs 	491 / go-login / go-login 	492 / ticf-1 / Transport Independent Convergence for FNA 	493 / ticf-2 / Transport Independent Convergence for FNA 	494 / pov-ray / POV-Ray 	495 / intecourier / intecourier 	496 / pim-rp-disc / PIM-RP-DISC 	497 / dantz / dantz 	498 / siam / siam 	499 / iso-ill / ISO ILL Protocol 	500 / isakmp / isakmp 	501 / stmf / STMF 	502 / asa-appl-proto / asa-appl-proto 	503 / intrinsa / Intrinsa 	504 / citadel / citadel 	505 / mailbox-lm / mailbox-lm 	506 / ohimsrv / ohimsrv 	507 / crs / crs 	508 / xvttp / xvttp 	509 / snare / snare 	510 / fcp / FirstClass Protocol 	511 / passgo / PassGo 	511
512  	512 / exec / remote process execution 	513 / login / remote login a la telnet 	514 / syslog / syslog 	515 / printer / spooler 	516 / videotex / videotex 	517 / talk / like tenex link 	518 	519 / utime / unixtime 	520 / efs / extended file name server 	521 / ripng / ripng 	522 / ulp / ULP 	523 / ibm-db2 / IBM-DB2 	524 / ncp / NCP 	525 / timed / timeserver 	526 / tempo / newdate 	527 / stx / Stock IXChange 	528 / custix / Customer IXChange 	529 / irc-serv / IRC-SERV 	530 / courier / rpc 	531 / conference / chat 	532 / netnews / readnews 	533 / netwall / for emergency broadcasts 	534 / mm-admin / MegaMedia Admin 	535 / iiop / iiop 	536 / opalis-rdv / opalis-rdv 	537 / nmsp / Networked Media Streaming Protocol 	538 / gdomap / gdomap 	539 / apertus-ldp / Apertus Technologies Load Determination 	540 / uucp / uucpd 	541 / uucp-rlogin / uucp-rlogin 	542 / commerce / commerce 	543 	543
544  	544 / kshell / krcmd 	545 / appleqtcsrvr / appleqtcsrvr 	546 / dhcpv6-client / DHCPv6 Client 	547 / dhcpv6-server / DHCPv6 Server 	548 / afpovertcp / AFP over TCP 	549 / idfp / IDFP 	550 / new-rwho / new-who 	551 / cybercash / cybercash 	552 / devshr-nts / DeviceShare 	553 / pirp / pirp 	554 / rtsp / Real Time Stream Control Protocol 	555 	556 / remotefs / rfs server 	557 / openvms-sysipc / openvms-sysipc 	558 / sdnskmp / SDNSKMP 	559 / teedtap / TEEDTAP 	560 / rmonitor / rmonitord 	561 	562 / chshell / chcmd 	563 / nntps / secure nntp protocol (SSL) (was snntp) 	564 / 9pfs / plan 9 file service 	565 / whoami / whoami 	566 / streettalk / streettalk 	567 / banyan-rpc / banyan-rpc 	568 / ms-shuttle / microsoft shuttle 	569 / ms-rome / microsoft rome 	570 / meter / demon 	571 / meter / udemon 	572 / sonar / sonar 	573 / banyan-vip / banyan-vip 	574 / ftp-agent / FTP Software Agent System 	575 / vemmi / VEMMI 	575
576  	576 / ipcd / ipcd 	577 / vnas / vnas 	578 / ipdd / ipdd 	579 / decbsrv / decbsrv 	580 / sntp-heartbeat / SNTP HEARTBEAT 	581 / bdp / Bundle Discovery Protocol 	582 / scc-security / SCC Security 	583 / philips-vc / Philips Video-Conferencing 	584 / keyserver / Key Server 	585 / imap4-ssl / IMAP4+SSL (use 993 instead) 	586 / password-chg / Password Change 	587 / submission / Submission 	588 / cal / CAL 	589 / eyelink / EyeLink 	590 / tns-cml / TNS CML 	591 / http-alt / FileMaker Inc. - HTTP Alternate (see Port 80) 	592 / eudora-set / Eudora Set 	593 / http-rpc-epmap / HTTP RPC Ep Map 	594 / tpip / TPIP 	595 / cab-protocol / CAB Protocol 	596 / smsd / SMSD 	597 / ptcnameservice / PTC Name Service 	598 / sco-websrvrmg3 / SCO Web Server Manager 3 	599 / acp / Aeolon Core Protocol 	600 / ipcserver / Sun IPC server 	601 / syslog-conn / Reliable Syslog Service 	602 / xmlrpc-beep / XML-RPC over BEEP 	603 / idxp / IDXP 	604 / tunnel / TUNNEL 	605 / soap-beep / SOAP over BEEP 	606 / urm / Cray Unified Resource Manager 	607 / nqs / nqs 	607
608  	608 / sift-uft / Sender-Initiated/Unsolicited File Transfer 	609 / npmp-trap / npmp-trap 	610 / npmp-local / npmp-local 	611 / npmp-gui / npmp-gui 	612 / hmmp-ind / HMMP Indication 	613 / hmmp-op / HMMP Operation 	614 / sshell / Secure SSLshell 	615 / sco-inetmgr / Internet Configuration Manager 	616 / sco-sysmgr / SCO System Administration Server 	617 / sco-dtmgr / SCO Desktop Administration Server 	618 / dei-icda / DEI-ICDA 	619 / compaq-evm / Compaq EVM 	620 / sco-websrvrmgr / SCO WebServer Manager 	621 / escp-ip / ESCP 	622 / collaborator / Collaborator 	623 / asf-rmcp / ASF Remote Management and Control Protocol 	624 / cryptoadmin / Crypto Admin 	625 / dec_dlm / DEC DLM 	626 / asia / ASIA 	627 / passgo-tivoli / PassGo Tivoli 	628 / qmqp / QMQP 	629 / 3com-amp3 / 3Com AMP3 	630 / rda / RDA 	631 / ipp / IPP (Internet Printing Protocol) 	632 / bmpp / bmpp 	633 / servstat / Service Status update (Sterling Software) 	634 / ginad / ginad 	635 / rlzdbase / RLZ DBase 	636 / ldaps / secure ldap protocol (SSL) (was sldap) 	637 / lanserver / lanserver 	638 / mcns-sec / mcns-sec 	639 / msdp / MSDP 	639
640  	640 / entrust-sps / entrust-sps 	641 / repcmd / repcmd 	642 / esro-emsdp / ESRO-EMSDP V1.3 	643 / sanity / SANity 	644 / dwr / dwr 	645 / pssc / PSSC 	646 / ldp / LDP 	647 / dhcp-failover / DHCP Failover 	648 / rrp / Registry Registrar Protocol (RRP) 	649 / cadview-3d / Cadview-3d - streaming 3d models over the internet 	650 / obex / OBEX 	651 / ieee-mms / IEEE MMS 	652 / hello-port / HELLO_PORT 	653 / repscmd / RepCmd 	654 / aodv / AODV 	655 / tinc / TINC 	656 / spmp / SPMP 	657 / rmc / RMC 	658 / tenfold / TenFold 	659 	660 / mac-srvr-admin / MacOS Server Admin 	661 / hap / HAP 	662 / pftp / PFTP 	663 / purenoise / PureNoise 	664 / asf-secure-rmcp / ASF Secure Remote Management and Control Protocol 	665 / sun-dr / Sun DR 	666 	667 / disclose / campaign contribution disclosures - SDR Technologies 	668 / mecomm / MeComm 	669 / meregister / MeRegister 	670 / vacdsm-sws / VACDSM-SWS 	671 / vacdsm-app / VACDSM-APP 	671
672  	672 / vpps-qua / VPPS-QUA 	673 / cimplex / CIMPLEX 	674 / acap / ACAP 	675 / dctp / DCTP 	676 / vpps-via / VPPS Via 	677 / vpp / Virtual Presence Protocol 	678 / ggf-ncp / GNU Generation Foundation NCP 	679 / mrm / MRM 	680 / entrust-aaas / entrust-aaas 	681 / entrust-aams / entrust-aams 	682 / xfr / XFR 	683 / corba-iiop / CORBA IIOP 	684 / corba-iiop-ssl / CORBA IIOP SSL 	685 / mdc-portmapper / MDC Port Mapper 	686 / hcp-wismar / Hardware Control Protocol Wismar 	687 / asipregistry / asipregistry 	688 / realm-rusd / REALM-RUSD 	689 / nmap / NMAP 	690 / vatp / VATP 	691 / msexch-routing / MS Exchange Routing 	692 / hyperwave-isp / Hyperwave-ISP 	693 / connendp / connendp 	694 / ha-cluster / ha-cluster 	695 / ieee-mms-ssl / IEEE-MMS-SSL 	696 / rushd / RUSHD 	697 / uuidgen / UUIDGEN 	698 / olsr / OLSR 	699 / accessnetwork / Access Network 	700 	701 	702 	703 	703
704  	704 / elcsd / errlog copy/server daemon 	705 / agentx / AgentX 	706 / silc / SILC 	707 / borland-dsj / Borland DSJ 	708 	709 / entrust-kmsh / Entrust Key Management Service Handler 	710 / entrust-ash / Entrust Administration Service Handler 	711 / cisco-tdp / Cisco TDP 	712 	713 	714 	715 	716 	717 	718 	719 	720 	721 	722 	723 	724 	725 	726 	727 	728 	729 / netviewdm1 / IBM NetView DM/6000 Server/Client 	730 / netviewdm2 / IBM NetView DM/6000 send 	731 / netviewdm3 / IBM NetView DM/6000 receive 	732 	733 	734 	735 	735
736  	736 	737 	738 	739 	740 	741 / netgw / netGW 	742 / netrcs / Network based Rev. Cont. Sys. 	743 	744 / flexlm / Flexible License Manager 	745 	746 	747 / fujitsu-dev / Fujitsu Device Control 	748 / ris-cm / Russell Info Sci Calendar Manager 	749 / kerberos-adm / kerberos administration 	750 	751 	752 	753 	754 / tell / send 	755 	756 	757 	758 	759 	760 	761 	762 	763 	764 	765 	766 	767 / phonebook / phone 	767
768  	768 	769 	770 	771 	772 	773 	774 	775 	776 	777 / multiling-http / Multiling HTTP 	778 	779 	780 	781 	782 	783 	784 	785 / - / (Used by 'Network Terrorist' Trojan) 	786 	787 	788 	789 	790 	791 	792 	793 	794 	795 	796 	797 	798 	799 	799
800  	800 	801 	802 	803 	804 	805 	806 	807 	808 / - / (Used by 'WinHole' Trojan) 	809 	810 / fcp-udp / FCP 	811 	812 	813 	814 	815 	816 	817 	818 	819 	820 	821 	822 	823 	824 	825 	826 	827 	828 / itm-mcell-s / itm-mcell-s 	829 / pkix-3-ca-ra / PKIX-3 CA/RA 	830 	831 / - / (Used by 'Neurotic Kat' Trojan) 	831
832  	832 	833 	834 	835 	836 	837 	838 	839 	840 	841 	842 	843 	844 	845 	846 	847 / dhcp-failover2 / dhcp-failover 2 	848 	849 	850 	851 	852 	853 	854 	855 	856 	857 	858 	859 	860 	861 	862 	863 	863
864  	864 	865 	866 	867 	868 	869 	870 	871 	872 	873 / rsync / rsync 	874 	875 	876 	877 	878 	879 	880 	881 	882 	883 	884 	885 	886 / iclcnet-locate / ICL coNETion locate server 	887 / iclcnet_svinfo / ICL coNETion server info 	888 / cddbp / CD Database Protocol 	889 	890 	891 	892 	893 	894 	895 	895
896  	896 	897 	898 	899 	900 / omginitialrefs / OMG Initial Refs 	901 / smpnameres / SMPNAMERES 	902 / ideafarm-chat / IDEAFARM-CHAT 	903 / ideafarm-catch / IDEAFARM-CATCH 	904 	905 	906 	907 	908 	909 	910 	911 / xact-backup / xact-backup 	912 / apex-mesh / APEX relay-relay service 	913 / apex-edge / APEX endpoint-relay service 	914 	915 	916 	917 	918 	919 	920 	921 	922 	923 	924 	925 	926 	927 	927
928  	928 	929 	930 	931 	932 	933 	934 	935 	936 	937 	938 	939 	940 	941 	942 	943 	944 	945 	946 	947 	948 	949 	950 	951 	952 	953 	954 	955 	956 	957 	958 	959 	959
960  	960 	961 	962 	963 	964 	965 	966 	967 	968 	969 	970 	971 	972 	973 	974 	975 	976 	977 	978 	979 	980 	981 	982 	983 	984 	985 	986 	987 	988 	989 / ftps-data / secure ftp protocol / data over SSL 	990 / ftps / secure ftp protocol / control over SSL 	991 / nas / Netnews Administration System 	991
992  	992 / telnets / secure telnet protocol over SSL 	993 / imaps / secure imap4 protocol over SSL 	994 / ircs / secure irc protocol over SSL 	995 / pop3s / secure pop3 protocol over SSL (was spop3) 	996 / vsinet / vsinet 	997 	998 	999 	1000 	1001 / - / (popular with Trojans - see details) 	1002 / ms-ils / Microsoft Netmeeting ILS Service 	1003 	1004 	1005 / - / (Used by 'Theef' Trojan) 	1006 	1007 	1008 / - / (Used by 'Lion' & 'AutoSpy' Trojans) 	1009 	1010 / surf / surf (also used by 'Doly' Trojan) 	1011 / - / (Used by 'Doly' Trojan) 	1012 / - / (Used by 'Doly' Trojan) 	1013 	1014 	1015 / - / (Used by 'Doly' Trojan) 	1016 / - / (Used by 'Doly' Trojan) 	1017 	1018 	1019 	1020 / - / (Used by 'Doly' Trojan) 	1021 	1022 	1023 / - / Reserved 	1023
1024  	1024 / ms-svchost / Microsoft Generic Service Host 	1025 / ms-svchost / Microsoft Generic Service Host 	1026 / ms-svchost / Microsoft Generic Service Host 	1027 / ms-svchost / Microsoft Generic Service Host 	1028 / ms-svchost / Microsoft Generic Service Host 	1029 / ms-svchost / Microsoft Generic Service Host 	1030 / ms-svchost / Microsoft Generic Service Host 	1031 / iad2 / BBN IAD 	1032 / iad3 / BBN IAD 	1033 / netinfo-local / local netinfo port 	1034 / activesync / ActiveSync Notifications 	1035 / - / (Used by 'Multidropper' Trojan) 	1036 / pcg-radar / RADAR Service Protocol 	1037 	1038 	1039 	1040 / netarx / Netarx 	1041 	1042 / - / (Used by 'BLA' Trojan) 	1043 	1044 	1045 / fpitp / Fingerprint Image Transfer Protocol 	1046 	1047 / neod1 / Sun's NEO Object Request Broker 	1048 / neod2 / Sun's NEO Object Request Broker 	1049 / td-postman / Tobit David Postman VPMN 	1050 / cma / CORBA Management Agent 	1051 / optima-vnet / Optima VNET 	1052 / ddt / Dynamic DNS Tools 	1053 / remote-as / Remote Assistant (RA) 	1054 / brvread / BRVREAD 	1055 / ansyslmd / ANSYS - License Manager 	1055
The port number of any location on the grid above may be determined by floating
your mouse over the square. Most web browsers will display a pop-up window to
identify the port. Otherwise, see the URL display at the bottom of your browser.

	Open     		Closed     		Stealth
Total elapsed testing time: 22.987 seconds 	






Solicited TCP Packets: RECEIVED (FAILED)  As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.



Unsolicited Packets: PASSED  No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)



Ping Reply: RECEIVED (FAILED)  Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

Why the first 1056 Ports?

Internet ports are numbered from 1 through 65535, but the first 1023 ports are special. By tradition, and some enforcement, ports 1 through 1023 are generally reserved for the acceptance of incoming connections by services running on the receiving system. Internet services "listen" on various standard low-numbered ports so that clients wishing to have access to those services know where they may be found. Web servers traditionally listen on port 80, eMail servers listen on ports 25 and 110, FTP servers listen on port 21 and Telnet servers listen on port 23. And the list goes on. Here's the official Internet Assigned Numbers Authority (IANA) port assignment list.

Although it is possible to have higher-numbered ports listening for incoming connections, our scan of the entire "service port range" will detect all standard services running and listening on the standard service ports.

Due to the insecure behavior of Microsoft's Windows operating systems, we have added an additional 33 ports to these first 1023 ports, bringing the total to 1056. Windows has a tendency to establish globally available listening services on the first few ports in the "client port" range which begins just past 1023. If you are not running a personal firewall, or you are allowing ShieldsUP! probes into your network, you may discover one or more additional open ports at, or just above, 1024.

Strange Results?
Personal firewalls are beginning to exhibit "adaptive behavior". The grid shown to the left starts off showing ports mostly closed with a few open (mostly blue with a few red cells). Then at some point it suddenly switches into "stealth mode". This can occur when a firewall "adapts" to the scanning IP and raises its defenses against just the attacker. This complicates the job of accurately checking a system's security.

Two things you can do: If you are not certain whether your firewall is adaptive, you can re-run any test here to compare the results. Differing behavior often indicates that your firewall has "learned" that it is being probed from our IP and is treating it differently. For the most accurate scan results, disable any adaptive behavior during the testing.

You can use these tests to learn exactly how your firewall deals with probes to specific ports, and to port ranges.
Beyond providing a comprehensive test of your
system's first 1056 ports, this service ports
scan can be used for additional research:

Service Ports Scan Application Guide
( Cool things you can do with our Service Ports Probe )

Detecting Ports Blocked by Your ISP

Internet service providers often block specific traffic entering their network before it reaches their customers, or after leaving their customers before it exits their network. This is sometimes done to block the exploitation of common security vulnerabilities, and sometimes to prevent their customers from offering proscribed Internet services.

As a customer, it can be useful and interesting to know which service ports, if any, an ISP has chosen to preemptively block in order to restrict their customers' global Internet traffic.

ISP port blocking can be easily tested, often quite rapidly, by arranging to allow the ShieldsUP! probe to have access to an unprotected computer. Since all non-stealth machines will respond to every open request  either affirmatively or negatively  ports appearing as STEALTH will be those blocked by your ISP, corporate firewall, or other external agency.

	  	If your system is unprotected, without any personal firewall or NAT router, any ports showing as stealth are being blocked somewhere between your computer and the public Internet. This is probably being done by your ISP. Internet traffic directed to your computer at the stealth ports will be dropped before reaching your machine.


	  	If your system has a personal firewall that can be instructed to "trust" a specific remote IP, you can temporarily instruct it to trust the ShieldsUP! probe IP of [4.79.142.206]. If, after doing so, most of the service ports change to either open or closed , you have succeeded and any which remain stealth are being blocked by your ISP.


	  	If your system is operating behind a residential "NAT" router, the router will be acting as a natural and excellent hardware firewall. But that's not what you want for the moment. You can temporarily remove your NAT router and connect an unprotected computer directly to your cable modem or DSL line. Or, if you are comfortable reconfiguring your NAT router, you may be able to point the router's "DMZ" at one of your computers which has been instructed to "trust" our probe IP of [4.79.142.206]. If, after doing so, most of the service ports change to either open or closed , you have succeeded and any remaining stealth are being blocked by your ISP.


	  	Finally, if your Internet security system, NAT router, personal firewall, or whatever, can produce detailed logs of incoming Internet packets, you could leave your existing security in place, clear your log, run the service ports scan, then carefully inspect your log for any consistently missing port probes. We send out four sets of probing packets because individual packets are sometimes dropped along the way. Therefore, it won't be unusual to see occasional missing packets from your logs. What you're looking for is a complete lack of packets bound for a specific port. A careful and detailed examination of your log will reveal any missing ports which are being blocked before they reach your logging tool. (Note that this technique is not quite as foolproof as the other approaches since ISPs could be blocking outbound packets from their customers, which the other approaches would detect but log-watching would not.)

After completing the experiments above, remember to return your system to its previous tight security and verify that everything is safe again by re-running any of our tests.




Checking a NAT Router's WAN Security

Residential broadband "NAT" routers which allow many computers to share a single Internet connection are becoming quite popular. We love them for the security they provide to the machines placed behind them since any NAT router functions as a natural and excellent hardware firewall.

However, the Internet or "WAN" (Wide Area Network) side connection of many NAT routers and DSL gateways is not as secure as it should be. Many routers ship with web, ftp, or Telnet management ports wide open! And many are still configured with their well-known default administrative passwords. Although the router may be protecting the machines behind it, it might not be protecting itself without your deliberate closing of remote "WAN" administration ports.

ShieldsUP! automatically tests your NAT router's WAN-side security because the router's WAN IP is the single public IP that connects your internal private network to the public Internet. When a test is initiated by any system behind a NAT router, we are testing the public-side security of the router itself and not the security of the individual machines which are located behind and protected by the router.




Adaptive IDENT Stealthing Experimentation

The IDENT protocol's port 113 is quite problematical and tricky to stealth. If the user's port 113 is completely stealthed, connections to some remote Internet servers such as eMail, Internet Relay Chat (IRC), and others, may be delayed or denied altogether. For this reason, many NAT routers and personal firewalls do not attempt to stealth port 113, they settle for leaving it closed. One of the first things that caught my eye about the ZoneAlarm personal firewall was that it was clever about handling port 113: It "adaptively stealthed" the port.

To understand the following discussion, you should familiarize yourself with the details of the IDENT protocol and port 113. Please read port 113's Port Authority database page before proceeding.

Even after many years, the (free) ZoneAlarm personal firewall from Zone Labs is the only personal firewall to "adaptively" stealth port 113. Unlike any other firewall or NAT router (any of which could also do the same) this allows port 113 to be stealthed to any passing Internet scanners or probes, but "unstealthed" for any valid IDENT connection attempts originating from remote servers with which the user's computer is attempting to connect. (Since this could easily be done by any personal firewall or even NAT routers, I am hopeful that this feature might yet appear in other products.)

"Adaptive Stealthing" means that when a TCP SYN packet arrives to request a connection to your machine's port 113, ZoneAlarm checks, on the fly, to see whether your machine currently has any sort of "relationship" with the remote machine (such as a pending outgoing connection attempt). If so, the remote machine is considered to be "friendly" and its IDENT request packet is allowed to pass through ZoneAlarm's firewall. But if the IDENT originating machine is not known to ZoneAlarm as a "friendly" machine, the connection requesting packet is dropped and discarded, rendering port 113 stealth to all unknown port scanners. It's very slick.

IDENT, ZoneAlarm, and ShieldsUP!

Even though your computer's web browser already has a relationship with the web server at GRC, our tests originate from a different "foreign" IP address. ZoneAlarm therefore drops incoming packets to port 113 from this different probing IP address and ZoneAlarm users see that port 113 is stealthed to passing Internet scans.

To demonstrate how ZoneAlarm (and perhaps someday other firewalls or NAT routers) selectively "unstealth" port 113  but only for known "friendly" machines  we simply initiate a connection from your web browser to the ShieldsUP! scanning IP. Even though the connection attempt will ultimately fail (since there's no web server at the probing address), ZoneAlarm will note the outgoing attempt and will unstealth port 113 for subsequent probes.

 Step One: Verify that our scan currently show port 113 stealthed. (You may wish to use one of the other remote port tests which will be faster than an entire 1056-port grid scan.)

 Step Two: Open a secondary web browser window to initiate a connection to the probing IP. (Users of Microsoft Internet Explorer can press Ctrl-N to "clone" their current browser window.)

 Step Three: In the secondary web browser window, click this URL or enter this address:

http://4.79.142.206

This second connection attempt will ultimately fail, but ZoneAlarm will notice the effort, which is all that's necessary.

 Step Four: Finally, refresh the port probe window or repeat the scan to check your system's current port status. You should find that port 113 is no longer "stealth" to the probing IP address because you are attempting to connect to it and it has been determined to be "friendly".

 Step Five: If you're curious, stop and close the secondary web browser window and periodically refresh your port probe window to see how long the "friendly" status persists before Zone Alarm returns the probing IP to unknown status and port 113 to full stealth.

NOTE: Clicking the "http" link above may convince a clever firewall that the remote scanning IP is "friendly" and help to demonstrate its adaptive IDENT handling. But the packets sent to us with that link will also trigger our "Unsolicited Packet" detection since those packets were not received in direct response to our probes.

In order to reset the memory of these deliberately unsolicited packets you must redisplay the initial ShieldsUP! "Greetings" page. (That link will take you there.)

Browser Headers:

Exploring Your Browser's
Web Server Requests

Introduction
A web browser's request to a remote server may contain information about the user and the computer system running the browser. The composition of this information is dependent upon the specific browser and version, the browser's security settings, and even  in the case of cookies  the browser's history of previous contact with the remote server being queried.

A web browser's request headers might also be modified by the request's passage through some other agent such as a privacy filter which deliberately removes potentially revealing information, or a proxy server which might add headers to identify the client on whose behalf the proxy's request is being made.

Information such as cookies, the URL of the web page which contained the link that referred the browser to the remote server (potential privacy/tracking concerns there), the identity and version of the browser, and the format of information that can be accepted for the server's reply  and more  are all transmitted by the user's browser for every request. In some cases, the user's screen display resolution and color depth or the operating system and version being used is also included. It is important to recognize that the user's web browser can send any sort of information it chooses and the typical web-surfing user is none the wiser. In some situations, as mentioned above, intermediate Internet servers, such as transparent caching proxies, may process and forward the browser's request while appending their own data to the query; typically a "Via" or "Client" tag.

On a world-wide Internet with increasing security concerns and rapidly diminishing privacy, this raises the question:
What is YOUR BROWSER disclosing
about you and your system?

Taking Control
Since a number of third-party browser "proxying" programs and other forms of browser and cookie "filters" now exist, you can take proactive control of what your browser is revealing to the world. Naturally, the starting point for any such pursuit is learning how your browser is configured and determining what is being sent.

This page was created to let you quickly determine exactly what identifying information is being sent from your browser when it asks for any object from an Internet web server. If you choose to experiment with any of the third-party proxy and cookie filters, this page allows you to easily perform configuration experiments and to quickly verify that filtering is present and functioning as you expect and intend.



Your Browser's Request for THIS Page:
Here is the entire contents of your browser's request for this page:

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Connection: keep-alive
Host: www.grc.com
Referer: http://www.grc.com/x/ne.dll?rh0dk2du
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3
Cookie: tpag=eao22hacjg4r2; ppag=eao22hacjg4r2; tico=jrw1ggm35ccw0; pico=jrw1ggm35ccw0; tcss=eao22hacjg4r2; pcss=eao22hacjg4r2
Content-Length: 30
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
FirstParty: https://www.grc.com
ThirdParty: https://www.grctech.com
Secure: https://www.grc.com
Nonsecure: http://www.grc.com
Session: az2angleu1fxa

This information may be easily marked and copied for subsequent pasting.




Anatomy of a Browser Request
A web browser's request to an Internet web server consists of the multi-line "Request Header" text block shown above. Each line contains information identified by the first phrase appearing on the line to the left of the colon ( :Smile:  followed by the data associated with that phrase. An empty line signals the end of the request.

What's the "Referer" header?
The web's HTTP protocol was designed with little concern for a web surfer's privacy and well before aggressive commercial interests decided to track surfers across the web, while storing and compiling any personal information that might leak from their browser.

Information is leaking from web browsers?
Yes, absolutely, and frighteningly so. The often repeated claims that "no user identifiable information is being sent or collected" is just so much nonsense. Those statements are meant to lull trusting and uninformed Internet users into a false sense of privacy and security.

When a web resource is requested from a server, the "Referer" header line provides the requested server with the URL of the web page that requested the item. But if an online web form has just been filled out and submitted using the most common "GET" method, the web surfer's potentially personal and private data will appear in the URL and it will be sent to any third-party servers, such as advertising, tracking, or web-bug servers, whose resources appear on the form's submission confirmation page!

The most common (mostly benign) example of this is search engine queries where the search terms appear in the "tail portion" of the search URL. What's not obvious to the casual surfer is that the sites of any links they follow from such a search system receive that entire URL which appears in the address window as the "referer" to the site. This means that sites can tell that you came from a web search site, which web search site, and what you entered into the search site to bring you to them.

This example, in itself, is probably not much cause for privacy concern, but it does demonstrate the potential for personal information leakage through filling out online web forms.




Secure versus Non-Secured Headers
Since some personal web browser filters and most web proxies are unable to intercept and filter secure communications between the remote web server and the browser, it is often useful to examine the headers received by remote servers when secure sockets layer (SSL) is employed.

The button below will flip this page back and forth between secure and non-secured connections. In each case you can examine the resulting headers which were received during the page request:



What about Cookies?
The GRC.COM web site is 100% cookie-free. It does not depend upon or require cookies for its operation. Therefore the browser's request header shown above will normally not contain a "Cookie:" header line. However, to enable you to see what browser cookies look like when your browser includes them in its request header, and perhaps to experiment with your own browser's or other program's cookie management settings, you can ask this one page to attempt to feed your browser a "session cookie" which will persist in your browser only until you shut down and restart your browser. In other words, only for the current browser use session.

A cookie consists of a text "name" joined by an equals (=) sign with a text "value". For example: "UserID=John_Doe". The name and value can be any text of your choosing. They will be returned by your browser with every subsequent query the browser makes to the same web domain (www.grc.com). It is possible for a single domain to have many different cookies associated with it simultaneously  simply use different "Names". The Values can also be changed while the Names remain the same.

You can experiment with web browser cookies to learn exactly how they operate by filling-in a non-blank name and value pair, then click on the "Feed Browser This Cookie" button.
PLEASE NOTE: To see the newly set cookie you must manually refresh once after setting the cookie. Since our web server sets the cookie as the page is first displayed after clicking the "Feed" button, the cookie-modified headers won't appear until after one additional page refresh.

Name: 	
Value: 	



Your Browser's Request for THIS Page:
Here is the entire contents of your browser's request for this page:

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Connection: keep-alive
Host: www.grc.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092510 Ubuntu/8.04 (hardy) Firefox/3.0.3
Cookie: tpag=id1husqp4wjxv; ppag=id1husqp4wjxv; tico=boe0muifxhkxu; pico=boe0muifxhkxu; tcss=id1husqp4wjxv; pcss=id1husqp4wjxv
Content-Length: 30
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
FirstParty: http://www.grc.com
ThirdParty: http://www.grctech.com
Secure: https://www.grc.com
Nonsecure: http://www.grc.com
Session: qtq3oen2xpejm

This information may be easily marked and copied for subsequent pasting.




Anatomy of a Browser Request
A web browser's request to an Internet web server consists of the multi-line "Request Header" text block shown above. Each line contains information identified by the first phrase appearing on the line to the left of the colon ( :Smile:  followed by the data associated with that phrase. An empty line signals the end of the request.

What's the "Referer" header?
The web's HTTP protocol was designed with little concern for a web surfer's privacy and well before aggressive commercial interests decided to track surfers across the web, while storing and compiling any personal information that might leak from their browser.

Information is leaking from web browsers?
Yes, absolutely, and frighteningly so. The often repeated claims that "no user identifiable information is being sent or collected" is just so much nonsense. Those statements are meant to lull trusting and uninformed Internet users into a false sense of privacy and security.

When a web resource is requested from a server, the "Referer" header line provides the requested server with the URL of the web page that requested the item. But if an online web form has just been filled out and submitted using the most common "GET" method, the web surfer's potentially personal and private data will appear in the URL and it will be sent to any third-party servers, such as advertising, tracking, or web-bug servers, whose resources appear on the form's submission confirmation page!

The most common (mostly benign) example of this is search engine queries where the search terms appear in the "tail portion" of the search URL. What's not obvious to the casual surfer is that the sites of any links they follow from such a search system receive that entire URL which appears in the address window as the "referer" to the site. This means that sites can tell that you came from a web search site, which web search site, and what you entered into the search site to bring you to them.

This example, in itself, is probably not much cause for privacy concern, but it does demonstrate the potential for personal information leakage through filling out online web forms.




Secure versus Non-Secured Headers
Since some personal web browser filters and most web proxies are unable to intercept and filter secure communications between the remote web server and the browser, it is often useful to examine the headers received by remote servers when secure sockets layer (SSL) is employed.

The button below will flip this page back and forth between secure and non-secured connections. In each case you can examine the resulting headers which were received during the page request:



All the colors except for the four or five for being green for stealth were blue for closed.
I was going to do the PC Flank test but for some  reason was having trouble.
Sorry for the garble, I did a copy and paste of the results and this is what came out.
Again, please advise.
Thanks
Tom

----------


## nubdora

http://ubuntuforums.org/showthread.php?t=959558

From the above topic:




> Re: TruStealth analys failed - solicited TCP sent
> 
> You do realize the www.grc.com is just a site set up to sell the owners products. Was this test run on your computer or on your router. If you are really concerned about this, run something like this:
> 
> 
> 
> ```
> sudo nmap -sS -sV -O -p- -PI -PT locallhost
> ```
> ...

----------

