Firewalls - HELPPPPPPP!!!!!!

Discussion in 'Windows Desktop Systems' started by contender, Nov 28, 2002.

  1. contender

    contender Guest

    Are there any sites available that compare and test firewalls on a continuous basis?

    I have been a long time user of Sygate Personal Firewall and Pro version. But with some of the sites I use to do a security check on my pc it doesnt show on a regular basis that UDP ports 53 and 137-139 are closed/stealthed.

    I am currently in a toss up between 3 firewalls - Agnitum Outpost Firewall Pro, Tiny Personal Firewall 4.0 and Kerio Personal Firewall 3.0 Beta 5. These 3 firewalls I like very much and they report those ports mentioned above closed/stealthed on a regular basis for the port scan on No firewall I try shows those mentioned ports above closed on the Sygate site.

    Why do I get a different result with each security scan on these sites? Are their scans they perform different?

    Is there a firewall that is really good at providing IPs for every connection and port open/connected to? The 3 firewalls I am in a toss up between are fairly decent, but not as good as I would like. If there isnt a firewall which is good at this, is there an extra piece of software I can download that would do this job and do it well?
  2. Iceman

    Iceman Moderator

    no software firewall will be anywhere close to an hardware firewall. Having said that I have used Sygate Personal Firewall for years, but I am also behind a router which has a built-in firewall, you really have nothing to worry about, hackers don't really want access to your machine, basically, you don't have anything they want. The ones you need to worry about are script kiddies and they aren't capable for the most part to get past a simple firewall. Don't worry.

  3. Gus K

    Gus K NTFS abuser

    Unless something has changed, Tiny didn't stealth the ports.

    Outpost (free) is what I use, stealths all ports. Pro versions do not provide any more protection.

    Had no problems with Sygate test, the ports you mention were all steathed, except 80 which was closed.
  4. damnyank

    damnyank I WILL NOT FORGET 911

    Petal, Mississippi
    I use Zone Alarm (freebie) and the Sygate test showed 53, 80 and 139 blocked and stealthed. :D
  5. dave holbon

    dave holbon Moderator

    London England
    Port 80 stealthed? are you sure?
  6. Geffy

    Geffy Moderator Folding Team

    United Kingdom
  7. damnyank

    damnyank I WILL NOT FORGET 911

    Petal, Mississippi
    Dave if you are asking me - yes - I am sure - both ShieldsUp and Sygate say Port 80 is stealthed!;)
  8. Gus K

    Gus K NTFS abuser

    Having Sygate test competitors firewalls is kinda like Intel benchmarking AMD.

    This site is also good for info and independant testing.
  9. Iceman

    Iceman Moderator

    complete nonsense


  10. dave holbon

    dave holbon Moderator

    London England
    This was posted about three servers ago: -

    Look at port 80 (PC)

    Stealthed Ports (TCP/IP):-

    I’ve always wondered what this means and in fact found out some time ago that all stealthier ports are, are ports that do not respond to anything thrown at them by port scans. This does not mean they can’t be accessed.

    Go here for a list of ports accessed by some well-known programmes like Napster, Msn messenger, Kaza etc use: -

    As you will observe there are many ports that can be accessed under this protocol.

    In relation to Internet usage the following ports can be used: -

    Assigned Internet Protocol Numbers

    Decimal Keyword Protocol References
    ------- ------- -------- ----------
    0 HOPOPT IPv6 Hop-by-Hop Option [RFC1883]
    1 ICMP Internet Control Message [RFC792]
    2 IGMP Internet Group Management [RFC1112]
    3 GGP Gateway-to-Gateway [RFC823]
    4 IP IP in IP (encapsulation) [RFC2003]
    5 ST Stream [RFC1190,RFC1819]
    6 TCP Transmission Control [RFC793]
    7 CBT CBT [Ballardie]
    8 EGP Exterior Gateway Protocol [RFC888,DLM1]
    9 IGP any private interior gateway [IANA]
    (used by Cisco for their IGRP)
    10 BBN-RCC-MON BBN RCC Monitoring [SGC]
    11 NVP-II Network Voice Protocol [RFC741,SC3]
    14 EMCON EMCON [BN7]
    15 XNET Cross Net Debugger [IEN158,JFH2]
    16 CHAOS Chaos [NC3]
    17 UDP User Datagram [RFC768,JBP]
    18 MUX Multiplexing [IEN90,JBP]
    19 DCN-MEAS DCN Measurement Subsystems [DLM1]
    20 HMP Host Monitoring [RFC869,RH6]
    21 PRM Packet Radio Measurement [ZSU]
    23 TRUNK-1 Trunk-1 [BWB6]
    24 TRUNK-2 Trunk-2 [BWB6]
    25 LEAF-1 Leaf-1 [BWB6]
    26 LEAF-2 Leaf-2 [BWB6]
    27 RDP Reliable Data Protocol [RFC908,RH6]
    28 IRTP Internet Reliable Transaction [RFC938,TXM]
    29 ISO-TP4 ISO Transport Protocol Class 4 [RFC905,RC77]
    30 NETBLT Bulk Data Transfer Protocol [RFC969,DDC1]
    31 MFE-NSP MFE Network Services Protocol [MFENET,BCH2]
    32 MERIT-INP MERIT Internodal Protocol [HWB]
    33 SEP Sequential Exchange Protocol [JC120]
    34 3PC Third Party Connect Protocol [SAF3]
    35 IDPR Inter-Domain Policy Routing Protocol [MXS1]
    36 XTP XTP [GXC]
    37 DDP Datagram Delivery Protocol [WXC]
    38 IDPR-CMTP IDPR Control Message Transport Proto [MXS1]
    39 TP++ TP++ Transport Protocol [DXF]
    40 IL IL Transport Protocol [Presotto]
    41 IPv6 Ipv6 [Deering]
    42 SDRP Source Demand Routing Protocol [DXE1]
    43 IPv6-Route Routing Header for IPv6 [Deering]
    44 IPv6-Frag Fragment Header for IPv6 [Deering]
    45 IDRP Inter-Domain Routing Protocol [Sue Hares]
    46 RSVP Reservation Protocol [Bob Braden]
    47 GRE General Routing Encapsulation [Tony Li]
    48 MHRP Mobile Host Routing Protocol[David Johnson]
    49 BNA BNA [Gary Salamon]
    50 ESP Encap Security Payload for IPv6 [RFC1827]
    51 AH Authentication Header for IPv6 [RFC1826]
    52 I-NLSP Integrated Net Layer Security TUBA [GLENN]
    53 SWIPE IP with Encryption [JI6]
    54 NARP NBMA Address Resolution Protocol [RFC1735]
    55 MOBILE IP Mobility [Perkins]
    56 TLSP Transport Layer Security Protocol [Oberg]
    using Kryptonet key management
    57 SKIP SKIP [Markson]
    58 IPv6-ICMP ICMP for IPv6 [RFC1883]
    59 IPv6-NoNxt No Next Header for IPv6 [RFC1883]
    60 IPv6-Opts Destination Options for IPv6 [RFC1883]
    61 any host internal protocol [IANA]
    63 any local network [IANA]
    64 SAT-EXPAK SATNET and Backroom EXPAK [SHB]
    65 KRYPTOLAN Kryptolan [PXL1]
    66 RVD MIT Remote Virtual Disk Protocol [MBG]
    67 IPPC Internet Pluribus Packet Core [SHB]
    68 any distributed file system [IANA]
    69 SAT-MON SATNET Monitoring [SHB]
    70 VISA VISA Protocol [GXT1]
    71 IPCV Internet Packet Core Utility [SHB]
    72 CPNX Computer Protocol Network Executive [DXM2]
    73 CPHB Computer Protocol Heart Beat [DXM2]
    74 WSN Wang Span Network [VXD]
    75 PVP Packet Video Protocol [SC3]
    76 BR-SAT-MON Backroom SATNET Monitoring [SHB]
    77 SUN-ND SUN ND PROTOCOL-Temporary [WM3]
    78 WB-MON WIDEBAND Monitoring [SHB]
    80 ISO-IP ISO Internet Protocol [MTR]
    81 VMTP VMTP [DRC3]
    84 TTP TTP [JXS]
    86 DGP Dissimilar Gateway Protocol [DGP,ML109]
    87 TCF TCF [GAL5]
    90 Sprite-RPC Sprite RPC Protocol [SPRITE,BXW]
    91 LARP Locus Address Resolution Protocol [BXH]
    92 MTP Multicast Transport Protocol [SXA]
    93 AX.25 AX.25 Frames [BK29]
    94 IPIP IP-within-IP Encapsulation Protocol [JI6]
    95 MICP Mobile Internetworking Control Pro. [JI6]
    96 SCC-SP Semaphore Communications Sec. Pro. [HXH]
    97 ETHERIP Ethernet-within-IP Encapsulation [RFC3378]
    98 ENCAP Encapsulation Header [RFC1241,RXB3]
    99 any private encryption scheme [IANA]
    100 GMTP GMTP [RXB5]
    101 IFMP Ipsilon Flow Management Protocol [Hinden]
    102 PNNI PNNI over IP [Callon]
    103 PIM Protocol Independent Multicast [Farinacci]
    104 ARIS ARIS [Feldman]
    105 SCPS SCPS [Durst]
    106 QNX QNX [Hunter]
    107 A/N Active Networks [Braden]
    108 IPComp IP Payload Compression Protocol [RFC2393]
    109 SNP Sitara Networks Protocol [Sridhar]
    110 Compaq-Peer Compaq Peer Protocol [Volpe]
    111 IPX-in-IP IPX in IP [Lee]
    112 VRRP Virtual Router Redundancy Protocol [Hinden]
    113 PGM PGM Reliable Transport Protocol [Speakman]
    114 any 0-hop protocol [IANA]
    115 L2TP Layer Two Tunneling Protocol [Aboba]
    116 DDX D-II Data Exchange (DDX) [Worley]
    117 IATP Interactive Agent Transfer Protocol [Murphy]
    118 STP Schedule Transfer Protocol [JMP]
    119 SRP SpectraLink Radio Protocol [Hamilton]
    120 UTI UTI [Lothberg]
    121 SMP Simple Message Protocol [Ekblad]
    122 SM SM [Crowcroft]
    123 PTP Performance Transparency Protocol [Welzl]
    124 ISIS over IPv4 [Przygienda]
    125 FIRE [Partridge]
    126 CRTP Combat Radio Transport Protocol [Sautter]
    127 CRUDP Combat Radio User Datagram [Sautter]
    128 SSCOPMCE [Waber]
    129 IPLT [Hollbach]
    130 SPS Secure Packet Shield [McIntosh]
    131 PIPE Private IP Encapsulation within IP [Petri]
    132 SCTP Stream Control Transmission Protocol [Stewart]
    133 FC Fibre Channel [Rajagopal]
    134 RSVP-E2E-IGNORE [RFC3175]
    135-254 Unassigned [IANA]
    255 Reserved [IANA]

    As you can see things are more complicated than at first appears. As this is a long post I’ll end it now.