SG Security Scan
SG Security Scan
SpeedGuide.net now has a great tool - a remote Security portscan that detects many common vulnerabilities, trojans/backdoors, worms, etc.
Both the free and the premium scan are run by the same engine:
SG Security Scan
A list of the ports being scanned and their corresponding descriptions can be found - here -
A list of the most commonly open ports can be found - here -
A comprehensive searchable database of all official and unofficial port assignments, known vulnerabilities and more: SG Ports Database
The premium version of the scan detects twice as many vulnerabilities by testing many additional ports. It loads our servers more, so there is a fee associated with it to limit the number of scans. We believe it's a great value for real-world remote vulnerability testing. It is bundled together with image hosting and ad-free browsing of the site, more information can be found here: SG Premium Membership
If you have any questions, comments, suggestions or feedback about either version of our security scan, please post them in this thread.
Thanks,
Philip
Both the free and the premium scan are run by the same engine:
SG Security Scan
A list of the ports being scanned and their corresponding descriptions can be found - here -
A list of the most commonly open ports can be found - here -
A comprehensive searchable database of all official and unofficial port assignments, known vulnerabilities and more: SG Ports Database
The premium version of the scan detects twice as many vulnerabilities by testing many additional ports. It loads our servers more, so there is a fee associated with it to limit the number of scans. We believe it's a great value for real-world remote vulnerability testing. It is bundled together with image hosting and ad-free browsing of the site, more information can be found here: SG Premium Membership
If you have any questions, comments, suggestions or feedback about either version of our security scan, please post them in this thread.
Thanks,
Philip
- Lightstream
- Regular Member
- Posts: 199
- Joined: Tue Nov 26, 2002 6:48 pm
- Location: Okla.
Added a feature today, the security scan now correctly detects web proxy servers and adjusts the target IP accordingly.
Any other ideas / questions / comments / suggestions ?
Any other ideas / questions / comments / suggestions ?
Linux is user friendly, it's just picky about its friends...
Disclaimer: Please use caution when opening messages, my grasp on reality may have shaken loose during transmission (going on rusty memory circuits). I also eat whatever crayons are put in front of me.
๑۩۞۩๑
Disclaimer: Please use caution when opening messages, my grasp on reality may have shaken loose during transmission (going on rusty memory circuits). I also eat whatever crayons are put in front of me.
๑۩۞۩๑
open ports
Any firewall should close these open ports. Maybe you want to research the best one for you
- 700mb80min
- Member
- Posts: 20
- Joined: Sat Oct 25, 2003 8:46 am
- Location: Possum Dropping Lodge , Canada
Ports > xxxx are designated for dynamic allocation by Windows. When programs ask for the "next available" socket, they usually get sequential ports starting at xxxx.
this one was open each time i ran the test . sygate is configured to default settings but this one shows. is it ok to leave it ?....thanks
Originally posted by 700mb80min
this one was open each time i ran the test . sygate is configured to default settings but this one shows. is it ok to leave it ?....thanks
Yes and no... It is ok to leave it as long as you know what program is using it
I'd recommend closing applications that connect to the net other than IE and try again to find out what's using it.
700mb80min, go to a friends house or somwhere that you can get net access and scan your IP from there. I really hate to say it but alot of the web scanners out there including the one here at SG give false results.
My post above, I mentioned the SG scanner found some open ports on my smoothwall box that were supposed to be closed. (well they are) After doing some other online scans and talking with some SmoothWall folks I was told not to use any of those online security scanners and to have some other external sources scan. I ended up having a few friends scan my box along with another scan I did from work, which turned up nothing.
My post above, I mentioned the SG scanner found some open ports on my smoothwall box that were supposed to be closed. (well they are) After doing some other online scans and talking with some SmoothWall folks I was told not to use any of those online security scanners and to have some other external sources scan. I ended up having a few friends scan my box along with another scan I did from work, which turned up nothing.
The SG Security scan uses one of the best port-scanning technologies available today. In addition, we've implemented other internal special algorithms to distinguish open/closed UDP ports.
UDP is not a lossless protocol, in other words if a packet is lost it might never be reported back to a server as open. That makes UDP scanning more dificult than TCP (it's hard to distinguish between stealth/open ports in the presence of packet loss). However, if your system returns some packets and not others, our scan can differentiate and the results are as close as you can get with any portscan.
You can take or leave them as you wish. If you'd like to PM/email me your IP and the ports in question I'd be happy to double-check and provide further information as aplicable.
UDP is not a lossless protocol, in other words if a packet is lost it might never be reported back to a server as open. That makes UDP scanning more dificult than TCP (it's hard to distinguish between stealth/open ports in the presence of packet loss). However, if your system returns some packets and not others, our scan can differentiate and the results are as close as you can get with any portscan.
You can take or leave them as you wish. If you'd like to PM/email me your IP and the ports in question I'd be happy to double-check and provide further information as aplicable.
I've just added some new features to the Premium Members Security Scan:
- the ability to choose remote IP address to scan
- the ability to scan a custom port (or a range of ports)
- the ability to pick protocols to be scanned for the above custom ports.
- the ability to choose remote IP address to scan
- the ability to scan a custom port (or a range of ports)
- the ability to pick protocols to be scanned for the above custom ports.
Linux is user friendly, it's just picky about its friends...
Disclaimer: Please use caution when opening messages, my grasp on reality may have shaken loose during transmission (going on rusty memory circuits). I also eat whatever crayons are put in front of me.
๑۩۞۩๑
Disclaimer: Please use caution when opening messages, my grasp on reality may have shaken loose during transmission (going on rusty memory circuits). I also eat whatever crayons are put in front of me.
๑۩۞۩๑
Updated the SG Security scan to detect the latest trojans. A list of vulnerabilities being scanned can be found here: http://www.speedguide.net/ports.php
I've also added a Security information page to the main site that includes some feeds from Symantec and Sophos with the latest security threats. Here is a link: http://www.speedguide.net/security.php
I've also added a Security information page to the main site that includes some feeds from Symantec and Sophos with the latest security threats. Here is a link: http://www.speedguide.net/security.php
-
- Regular Member
- Posts: 121
- Joined: Thu Oct 21, 2004 10:06 am
- Location: Puerto Rico
- partsfreak
- New Member
- Posts: 4
- Joined: Thu Dec 02, 2004 9:36 am
- Location: North Carolina
partsfreak wrote:I get different results of the scan depending on whether im logged on as a member or just doing the scan whithout logging on. Why is that?
When logged in, the scan checks more ports on your system. You can see the number of scanned ports in the bottom section of the results.
Best,
Philip
- partsfreak
- New Member
- Posts: 4
- Joined: Thu Dec 02, 2004 9:36 am
- Location: North Carolina
sg portscan
The difference I'm talking about is as follows:
When I do the scan without logging in I get all filtered ports except for 135,137 & 139. which show open.
When I log in and do the scan All of my ports show as closed with the exception again of 135,137 & 139.
My question was how does the portscan go from filtered to closed from logging in to speedguide and why?
When I do the scan without logging in I get all filtered ports except for 135,137 & 139. which show open.
When I log in and do the scan All of my ports show as closed with the exception again of 135,137 & 139.
My question was how does the portscan go from filtered to closed from logging in to speedguide and why?
partsfreak wrote:The difference I'm talking about is as follows:
When I do the scan without logging in I get all filtered ports except for 135,137 & 139. which show open.
When I log in and do the scan All of my ports show as closed with the exception again of 135,137 & 139.
My question was how does the portscan go from filtered to closed from logging in to speedguide and why?
Most likely the closed ports are still reported when you're not logged in, just without the detailed descriptions.
The way the portscan works, it only gives detailed descriptions for two of the open/closed/filtered subsets, the ones with fewer results. It only reports aggregate data for the third subset of ports, just a number in the summary on the bottom of the report. Please look at the number of closed ports when logged in/out and you'll most likely notice that the portscan is reporting them correctly. Probably just the number of closed ports is smaller than the number of filtered ports when you're logged in, and the other way arouund when you're not.
I hope this helps, please let me know if we need to look into this further.
You might also want to read:
Descriptions of all currently scanned ports - http://www.speedguide.net/ports.php
UDP Ports scanning info: http://www.speedguide.net/faq_in_q.php?category=97&qid=173
Philip
- partsfreak
- New Member
- Posts: 4
- Joined: Thu Dec 02, 2004 9:36 am
- Location: North Carolina
Phillip, Thanks for answering my post, I see that there are more ports scanned when logged in to Speedguide as a member. Also that they are described in greater detail.(I did a scan from my job today and was glad im not them. lol)
My own results are still under question tho, I only have 3 open udp ports, They remain constant thu both logged in/not logged in scans.
ALL of the other ports that are shown in the not logged in scan are filtered.
All of those same ports show as closed once I log in and rescan.
Try it on your systen and see if you get the same results.
Thanks again, Partsfreak.
My own results are still under question tho, I only have 3 open udp ports, They remain constant thu both logged in/not logged in scans.
ALL of the other ports that are shown in the not logged in scan are filtered.
All of those same ports show as closed once I log in and rescan.
Try it on your systen and see if you get the same results.
Thanks again, Partsfreak.
partsfreak wrote:Phillip, Thanks for answering my post, I see that there are more ports scanned when logged in to Speedguide as a member. Also that they are described in greater detail.(I did a scan from my job today and was glad im not them. lol)
My own results are still under question tho, I only have 3 open udp ports, They remain constant thu both logged in/not logged in scans.
ALL of the other ports that are shown in the not logged in scan are filtered.
All of those same ports show as closed once I log in and rescan.
Try it on your systen and see if you get the same results.
Thanks again, Partsfreak.
You seem to be logging in from multiple IPs. Please PM or email me your IP that is having the issue and I'd be happy to scan it...
my first step
thanks for this particular site wich guide you through this.
I need help
How can I protect my web site from a hack, somebody are telling me about Microsoft ISA. but I want to use XP not Win2000 server
I need help
How can I protect my web site from a hack, somebody are telling me about Microsoft ISA. but I want to use XP not Win2000 server
The latest security threats as of today (both W32.Esbot.A and W32.Zotob.E) have been added and are now detectable by the basic version of the SG Security Scan.
I've also added 15+ other recent vulnerabilities and their descriptions to the list.
I've also added 15+ other recent vulnerabilities and their descriptions to the list.
Linux is user friendly, it's just picky about its friends...
Disclaimer: Please use caution when opening messages, my grasp on reality may have shaken loose during transmission (going on rusty memory circuits). I also eat whatever crayons are put in front of me.
๑۩۞۩๑
Disclaimer: Please use caution when opening messages, my grasp on reality may have shaken loose during transmission (going on rusty memory circuits). I also eat whatever crayons are put in front of me.
๑۩۞۩๑
mataku wrote:hey,i hope it's okay to post this here, but the SG security scan stoped working for me. when i press "scan" i get:
Total scanned ports: 0
Open ports: 0
Closed ports: 0
Filtered ports: 0
and i've tried a bounch of times with no luck. I'm using Firefox 1.5 if that's important.
I upgraded the scan engine and some of the options to facilitate faster scans on the 29th. Seems in the process it lost its ability to scan hosts that do not respond to pings. Thanks for the constructive feedback, it's been fixed.
Please let me know if you're still having problems with it.
okay,n/m it's working ok now.
but i have a question: i'm using Norton internet security 2005 and when i start the scan i get an intrusion detected window. in NIS2005 whenever there is an intrusion it blocks all connection from the intruder for a few minutes. does this affect the results of the scan?
but i have a question: i'm using Norton internet security 2005 and when i start the scan i get an intrusion detected window. in NIS2005 whenever there is an intrusion it blocks all connection from the intruder for a few minutes. does this affect the results of the scan?
I've updated the SG Ports database with information on all official ports from IANA, as well as known unofficial port assignments from Wikipedia, the Sans Institute, and other sources for a total of ~10,000 combined records:
SG Ports Database
Please let me know if you feel something is missing or unclear since I've updated the layout and links/search/scan as well.
SG Ports Database
Please let me know if you feel something is missing or unclear since I've updated the layout and links/search/scan as well.
hey, came back 5 years later to post again - Zeros across the board. please fixmataku wrote:hey,i hope it's okay to post this here, but the SG security scan stopped working for me. when i press "scan" i get:
Total scanned ports: 0
Open ports: 0
Closed ports: 0
Filtered ports: 0
and i've tried a bunch of times with no luck. I'm using Firefox 1.5 if that's important.
using FF3.6.6
-
- New Member
- Posts: 3
- Joined: Tue Sep 25, 2012 12:16 am
-
- New Member
- Posts: 4
- Joined: Wed Jun 11, 2014 3:15 am