SG Security Scan

[Philip]

SpeedGuide.net now has a great tool - a remote Security portscan that detects many common vulnerabilities, trojans/backdoors, worms, etc.

Both the free and the premium scan are run by the same engine:

SG Security Scan

A list of the ports being scanned and their corresponding descriptions can be found - here -
A list of the most commonly open ports can be found - here -

A comprehensive searchable database of all official and unofficial port assignments, known vulnerabilities and more: SG Ports Database


The premium version of the scan detects twice as many vulnerabilities by testing many additional ports. It loads our servers more, so there is a fee associated with it to limit the number of scans. We believe it's a great value for real-world remote vulnerability testing. It is bundled together with image hosting and ad-free browsing of the site, more information can be found here: SG Premium Membership


If you have any questions, comments, suggestions or feedback about either version of our security scan, please post them in this thread.

Thanks,

Philip

[Lightstream]

Good feature man, keep up the good work.

[Philip]

Thanks Lightstream, we try.

The Security scan audits 100s of the most common ports, more are added to the "advanced" version daily.

Check it out and post any suggestions / problems / bugs (what bugs ?! ) in here.

[Philip]

Added a feature today, the security scan now correctly detects web proxy servers and adjusts the target IP accordingly.

Any other ideas / questions / comments / suggestions ?

[qball15j]

Philip, great work! Keep it up!

I currently run SmoothWall for my firewall/router and let me tell your. Your scan pointed out some odd ball UDP ports that were open with my box that were NOT found with a few other well known web-based port scanners.

[fjzeigler]

As a 65 year-old worried newbie, I used your SC Scan. It found 6 ports open. What do I do now? Do I close these ports and if so how?

Fred Zeigler

[msroge693]

Any firewall should close these open ports. Maybe you want to research the best one for you

[700mb80min]

Ports > xxxx are designated for dynamic allocation by Windows. When programs ask for the "next available" socket, they usually get sequential ports starting at xxxx.

this one was open each time i ran the test . sygate is configured to default settings but this one shows. is it ok to leave it ?....thanks

[Philip]

Originally posted by 700mb80min
this one was open each time i ran the test . sygate is configured to default settings but this one shows. is it ok to leave it ?....thanks

Yes and no... It is ok to leave it as long as you know what program is using it

I'd recommend closing applications that connect to the net other than IE and try again to find out what's using it.

[qball15j]

700mb80min, go to a friends house or somwhere that you can get net access and scan your IP from there. I really hate to say it but alot of the web scanners out there including the one here at SG give false results.

My post above, I mentioned the SG scanner found some open ports on my smoothwall box that were supposed to be closed. (well they are) After doing some other online scans and talking with some SmoothWall folks I was told not to use any of those online security scanners and to have some other external sources scan. I ended up having a few friends scan my box along with another scan I did from work, which turned up nothing.

[Philip]

The SG Security scan uses one of the best port-scanning technologies available today. In addition, we've implemented other internal special algorithms to distinguish open/closed UDP ports.

UDP is not a lossless protocol, in other words if a packet is lost it might never be reported back to a server as open. That makes UDP scanning more dificult than TCP (it's hard to distinguish between stealth/open ports in the presence of packet loss). However, if your system returns some packets and not others, our scan can differentiate and the results are as close as you can get with any portscan.

You can take or leave them as you wish. If you'd like to PM/email me your IP and the ports in question I'd be happy to double-check and provide further information as aplicable.

[Philip]

I've just added some new features to the Premium Members Security Scan:

- the ability to choose remote IP address to scan
- the ability to scan a custom port (or a range of ports)
- the ability to pick protocols to be scanned for the above custom ports.

[Philip]

Updated the SG Security scan to detect the latest trojans. A list of vulnerabilities being scanned can be found here: http://www.speedguide.net/ports.php

I've also added a Security information page to the main site that includes some feeds from Symantec and Sophos with the latest security threats. Here is a link: http://www.speedguide.net/security.php

[Cable Vision]

mi first scan without firewall reveal a port #30 open,and the second test with Outpost Firewall reveal no open ports,great firewall and great scanner too

[Philip]

mi first scan without firewall reveal a port #30 open,and the second test with Outpost Firewall reveal no open ports,great firewall and great scanner too

Thanks for the positive comments.

I've just added another 10+ new trojans to the list of detected vulnerabilities.

[partsfreak]

I get different results of the scan depending on whether im logged on as a member or just doing the scan whithout logging on. Why is that?

[Philip]

I get different results of the scan depending on whether im logged on as a member or just doing the scan whithout logging on. Why is that?

When logged in, the scan checks more ports on your system. You can see the number of scanned ports in the bottom section of the results.

Best,

Philip

[partsfreak]

The difference I'm talking about is as follows:
When I do the scan without logging in I get all filtered ports except for 135,137 & 139. which show open.
When I log in and do the scan All of my ports show as closed with the exception again of 135,137 & 139.
My question was how does the portscan go from filtered to closed from logging in to speedguide and why?

[Philip]

The difference I'm talking about is as follows:
When I do the scan without logging in I get all filtered ports except for 135,137 & 139. which show open.
When I log in and do the scan All of my ports show as closed with the exception again of 135,137 & 139.
My question was how does the portscan go from filtered to closed from logging in to speedguide and why?

Most likely the closed ports are still reported when you're not logged in, just without the detailed descriptions.

The way the portscan works, it only gives detailed descriptions for two of the open/closed/filtered subsets, the ones with fewer results. It only reports aggregate data for the third subset of ports, just a number in the summary on the bottom of the report. Please look at the number of closed ports when logged in/out and you'll most likely notice that the portscan is reporting them correctly. Probably just the number of closed ports is smaller than the number of filtered ports when you're logged in, and the other way arouund when you're not.

I hope this helps, please let me know if we need to look into this further.

You might also want to read:
Descriptions of all currently scanned ports - http://www.speedguide.net/ports.php
UDP Ports scanning info: http://www.speedguide.net/faq_in_q.php?category=97&qid=173


Philip

[partsfreak]

Phillip, Thanks for answering my post, I see that there are more ports scanned when logged in to Speedguide as a member. Also that they are described in greater detail.(I did a scan from my job today and was glad im not them. lol)
My own results are still under question tho, I only have 3 open udp ports, They remain constant thu both logged in/not logged in scans.
ALL of the other ports that are shown in the not logged in scan are filtered.
All of those same ports show as closed once I log in and rescan.
Try it on your systen and see if you get the same results.
Thanks again, Partsfreak.

[Philip]

Phillip, Thanks for answering my post, I see that there are more ports scanned when logged in to Speedguide as a member. Also that they are described in greater detail.(I did a scan from my job today and was glad im not them. lol)
My own results are still under question tho, I only have 3 open udp ports, They remain constant thu both logged in/not logged in scans.
ALL of the other ports that are shown in the not logged in scan are filtered.
All of those same ports show as closed once I log in and rescan.
Try it on your systen and see if you get the same results.
Thanks again, Partsfreak.

You seem to be logging in from multiple IPs. Please PM or email me your IP that is having the issue and I'd be happy to scan it...

[Philip]

Updated the portscan again, we're up to 474 separate ports (with complete descriptions of associated vulnerabilities) scanned for the premium version

[apple09]

thanks for this particular site wich guide you through this.

I need help

How can I protect my web site from a hack, somebody are telling me about Microsoft ISA. but I want to use XP not Win2000 server

[Philip]

The latest security threats as of today (both W32.Esbot.A and W32.Zotob.E) have been added and are now detectable by the basic version of the SG Security Scan.

I've also added 15+ other recent vulnerabilities and their descriptions to the list.

[mataku]

hey,i hope it's okay to post this here, but the SG security scan stoped working for me. when i press "scan" i get:
Total scanned ports: 0
Open ports: 0
Closed ports: 0
Filtered ports: 0

and i've tried a bounch of times with no luck. I'm using Firefox 1.5 if that's important.

[Philip]

hey,i hope it's okay to post this here, but the SG security scan stoped working for me. when i press "scan" i get:
Total scanned ports: 0
Open ports: 0
Closed ports: 0
Filtered ports: 0

and i've tried a bounch of times with no luck. I'm using Firefox 1.5 if that's important.

I upgraded the scan engine and some of the options to facilitate faster scans on the 29th. Seems in the process it lost its ability to scan hosts that do not respond to pings. Thanks for the constructive feedback, it's been fixed.

Please let me know if you're still having problems with it.

[mataku]

well,it's working now,but it took about 3 minutes before i got results.

[mataku]

okay,n/m it's working ok now.
but i have a question: i'm using Norton internet security 2005 and when i start the scan i get an intrusion detected window. in NIS2005 whenever there is an intrusion it blocks all connection from the intruder for a few minutes. does this affect the results of the scan?

[Philip]

Probably.

The only way we can effectively scan a large number of ports is by sending probes in parallel, a few milliseconds apart. This, combined with the fact we're probing the most vulnerable ports may trigger some intusion alerts...

[Philip]

I've updated the SG Ports database with information on all official ports from IANA, as well as known unofficial port assignments from Wikipedia, the Sans Institute, and other sources for a total of ~10,000 combined records:

SG Ports Database

Please let me know if you feel something is missing or unclear since I've updated the layout and links/search/scan as well.

[wujan]

I used the speedguide scan and the scan at broadbandsecurity.org and got different results???

BBsec uses nMAP and nessus to scan your IP.

[mataku]

hey,i hope it's okay to post this here, but the SG security scan stopped working for me. when i press "scan" i get:
Total scanned ports: 0
Open ports: 0
Closed ports: 0
Filtered ports: 0

and i've tried a bunch of times with no luck. I'm using Firefox 1.5 if that's important.

hey, came back 5 years later to post again - Zeros across the board. please fix
using FF3.6.6

[fashionever]

Security scanning audit of 100 of the most common ports, and more are added every day to the "Advanced" version.

[Alicewalters]

this one was open each time i ran the test . sygate is configured to default settings but this one shows. is it ok to leave it