Quoting Conor Wynne (weeboy at conorwynne.com):
> There are sites out there to do scanning of your external IP, that will
> give you a good idea.
>> Here is an example:
>http://scan.sygate.com/probe.html>http://scan.sygate.com/stealthscan.html>> Dont know how it compares to thing like nmap, but good for a start.
One serious limitation: Often, it turns out that some bandwidth
provider between you and that scanning service is (silently) filtering
or blocking traffic to or from certain ports. (I suppose other malarkey
might also be possible, like transparent proxying.) Therefore, your
scan results from those services may be actively misleading.
It's much, much more effective to just position a test box right where
your outside connection would otherwise be, and nmap your network from
there.
> Here is an example:
>http://scan.sygate.com/probe.html>http://scan.sygate.com/stealthscan.html
Also....
Completely separate from the issue of whether such services can
accurately scan you across Net connections that may be subject to
filtering at points in-between, I would advise taking with a big grain
of salt the services' _interpretations_ of what they claim to see.
E.g. (indented paragraphs being Sygate results, below):
FTP
21
OPEN
File Transfer Protocol is used to transfer files between computers. A
misconfigured FTP server can allow an attacker to transfer files, Trojan
horses, and virus programs at will.
Not if it's an anonymous-ONLY ftp daemon, which is the case, here.
Sygate doesn't bother to check such things, but just gives highly
generic and not-necessarily-accurate gloomy warnings.
SSH
22
OPEN
Secure Shell, a encrypted type of Telnet. If misconfigured it can allow for
brute-force attacks on your administration account.
A fairly dumbass comment, given that essentially all sshd setups default
to disallowing login to the root user.
TELNET
23
OPEN
Telnet is used to remotely create a shell (dos prompt), this can allow an
attacker to control your system as if he was sitting in front of it.
One problem: As Sygate actually _is_ able to see from the greeting
string, the service on port 23 is actually _not_ a telnetd of any
description, but rather another port being answered by the OpenSSH
daemon.
WEB PROXY
8080
OPEN
HTTP Web Proxy allows other people to bounce their web browser off of your
computer to fake their real IP address to web servers.
Except this is _not_ what's responding on port 8080, but rather the
OpenSSH daemon again.
SMTP
25
OPEN
SMTP is used to send email across the internet. This allows an attacker to
verify user accounts on your system, send anonymous (spam) email, or even
access files on your hard drive.
The only way an SMTPd could be exploited to "access files on your hard
drive" (in any meaningful sense of the phrase) would necessitate it
having very severe security flaws -- and be running with completely
unjustifiable levels of authority. If Sygate are going to warn about
the possibility of what amounts to total breakdown of system security,
they might as well just advise people to run nothing at all.
WEB
80
CLOSED
This port has responded to our probes. This means that you are not running
any application on this port, but it is still possible for someone to crash
your computer through known TCP/IP stack vulnerabilities.
Now, here's an irony: The machine in question's primary mission is
being a Web server. Its port 80 most definitely is _not_ closed.
Sygate completely blows this.
NetBIOS
139
CLOSED
This port has responded to our probes. This means that you are not running
any application on this port, but it is still possible for someone to crash
your computer through known TCP/IP stack vulnerabilities.
This is completely wrong: The host in question has nothing on port 139
or any other SMB port. (There are many similar false positives in the
list, which I will omit for length.)
In short, dunno about other remote-scanning services, but Sygate's seems
pathetically inaccurate.
--
This message falsely claims to have been scanned for viruses with F-Secure
Anti-Virus for Microsoft Exchange and to have been found clean.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
