Odd result from Sheilds Up Common Port Scan

  OU812 19:30 01 Apr 2004

I have used the Sheilds Up site many times and have noted the following each time I run the Common Ports Scan.

The first time I run it Port 1025 is shown as open while all the rest are 'stealthed'. Running the test a second time shows all ports as stealthed.

My firewall (Norton Internet Security 2003) immediately informs me the first time I run the scan that there was an attempt to contact my PC which it identifies as a Netspy Trojan Horse and that it has been blocked (the IP address showing it comes from the Sheilds Up site).

Running the test again results in no further alerts and all ports are shown as stealthed for the time that I remain online.

If I then disconnect from the internet and then reconnect and run the port scan again I get the same result as described above.

For reference my PC is a 2.53 P4 running Win XP Professional (SP1) and I connect to the Internet via AOL Broadband (ver 9, 512kbps).

It may be that this is an example of adaptive behaviour on the part of my firewall but the result I get does leave me concerned as to whether I am protected or not.

I contacted the Sheilds up site and the response was as follows:

"Recent updates to several popular firewalls have added some "adaptive"
firewall technology. They decide that an IP address is "bad" and add it
(for some length of time) to a temporary bad list. This may explain the
changing behavior you are seeing. However, I would still be concerned by
the fact that your computer was *initially* unprotected."

So should I be concerned?

  Paranoid Android 20:05 01 Apr 2004

Some ISPs use port 1025 for email, I don't know if yours is one of them.

Your Firewall stopped it, which is what it's there for.


  TommyRed 20:20 01 Apr 2004

I had 2no. ports open after scanning with ShieldsUp. My firewall was Outpost. I managed to close one with help from here but was not able to 'stealth' 1025. The only way I found was by uninstalling Outpost and installing 'Zone Alarm' free edition. After a rescan it was shown to be 'stealthed'. HTH TR

  OU812 23:54 21 May 2004

I posted this issue as resolved a little time ago.

Should anyone care to have a look I would just like to add.

(1) Port 1025 is for use by internet blackjack (an online version of the card game).
(2) I am no longer concerned re the results the shields up scan since as was pointed out by Paronoid my firewall clearly is blocking it, shown by the fact that re-running the test at sheilds up all ports are shown as stealthed. How can I be so confident? well NIS2003 by default blocks any further contact from potentially dodgy sites after detecting an "attack" (ie a scan from sheilds up) for 30 mins.

It would still be nice to close this opening but I am not losing any sleep over it, I have got more real world probs to keep me awake at night!

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Samsung Galaxy A8 review: Hands-on

Illustrator Juan Esteban Rodriguez on creating highly detailed official film posters for Star Wars…

iMac Pro review

Comment savoir si quelqu'un a bloqué votre numéro de téléphone ?