There's a number of sites that offers "online vulnerability scans", to check your computer for open ports and "stealth." I bet they get lots of traffic, and they probably manage to get someone to buy their product to replace whatever is already in use.
Make no mistake, these scans offered by companies who are selling personal (desktop) firewall are using these scans as a marketing tool. They tell you how vulnerable you are, and that you must buy their products to protect yourself from the evils of the Internet.
These online scans are only good for one thing: seeing how your firewall logs port scans! Everything else you can find out on your own on your computer. These tools simply tries to connect to your computer on a set of given ports, and tell you the status. You can test this yourself on your own computer using the netstat command that comes with all flavors of Windows and Linux.
"netstat -an" on a Windows computer will list all active ports, including those in a listening state and UDP ports in listening state. Other computers can only connect to ports that are in a listening state. A typical output on a Windows computer would look something like this:
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING TCP 0.0.0.0:1033 0.0.0.0:0 LISTENING TCP 192.168.0.10:139 0.0.0.0:0 LISTENING TCP 192.168.0.10:3031 192.168.0.11:22 ESTABLISHED UDP 0.0.0.0:135 *:* UDP 0.0.0.0:445 *:* UDP 192.168.0.10:137 *:* UDP 192.168.0.10:138 *:*
You'll probably see a number of other entries as well, most are harmless. If you do have a trojan installed, it would show up in a listening state (unless they've managed to replace the netstat command).
On a Linux box, the typical output of "netstat -tunap" would be something like this:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 529/sshd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 11520/sendmail tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 512/named tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 543/xinetd tcp 88 0 192.168.0.11:22 192.168.0.10:3031 ESTABLISHED 6628/sshd udp 0 0 0.0.0.0:514 0.0.0.0:* 19433/syslogd udp 0 0 127.0.0.1:53 0.0.0.0:* 512/named
You'll see a whole bunch of others as well, depending on what services you are running. This output conveniently lists the program that's listening on a port, with the exception of POP3, which is listed as xinetd. Again, unless someone has managed to replace the netstat command, this will list every port that is open for connections.
Unless the port is listed in the above outputs, no computer can connect to your computer on that port. Since the online scan tools does nothing but report what netstat has already determined, spending 20-40 minutes waiting for a scan to complete, is a waste of time and effort. Again, it's only useful to see how your firewall reports these scan attempts.
© 1999-2005 Lars M. Hansen