[Ti] Privacy

Trevor J. Hutley hutley at geneva-link.ch
Sun Jun 15 08:43:21 PDT 2003 

At 09:03 +0100 15-6-2003, Tarik Bilgin wrote:
>if you want a layman's review of your internet profile... try using 
>https://grc.com/x/ne.dll?bh0bkyd2 and click the "test my shields" 
>and "probe my ports" buttons to get an idea of what ports and 
>services your computer is offering.


Tarik - a very interesting URL !

I ran all the test options, and only got a completely positive and 
encouraging report (appended).

regards,  Trevor


Your Internet port ... does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! 
Standard Internet behavior requires port connection attempts to be 
answered with a success or refusal response. Therefore, only an 
attempt to connect to a nonexistent computer results in no response 
of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO 
RESPOND (that's very cool!) which represents advanced computer and 
port stealthing capabilities. A machine configured in this fashion is 
well hardened to Internet NetBIOS attack and intrusion.

Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED . 
(This is very uncommon for a Windows networking-based PC.) Relative 
to vulnerabilities from Windows networking, this computer appears to 
be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS 
networking protocol over the Internet.


Stealth!		There is NO EVIDENCE WHATSOEVER that a port
		(or even any computer) exists at this IP address!

If all of the tested ports were shown to have stealth status, then 
for all intents and purposes your computer doesn't exist to scanners 
on the Internet!

It means that either your computer is turned off or disconnected from 
the Net (which seems unlikely since you must be using it right now!) 
or an effective stealth firewall is blocking all unauthorized 
external contact with your computer. This means that it is completely 
opaque to random scans and direct assault. Even if this machine had 
previously been scanned and logged by a would-be intruder, a 
methodical return to this IP address will lead any attacker to 
believe that your machine is turned off, disconnected, or no longer 
exists. You couldn't ask for anything better.

There's one additional benefit: scanners are actually hurt by probing 
this machine! You may have noticed how slowly the probing proceeded. 
This was caused by your firewall! It was required, since your 
firewall is discarding the connection-attempt messages sent to your 
ports. A non-firewalled PC responds immediately that a connection is 
either refused or accepted, telling a scanner that it's found a live 
one ... and allowing it to get on with its scanning. But your 
firewall is acting like a black hole for TCP/IP packets! This means 
that it's necessary for a scanner to sit around and wait for the 
maximum round-trip time possible ‹ across the entire Net, into your 
machine, and back again ‹ before it can safely conclude that there's 
no computer at the other end. That's very cool.

More information about the Titanium mailing list