NETBIOS attacks: Network security test results

[NoMetadata]

Please post what you think about my machine Network Security Test results by Shields Up:

Attempting connection to your computer. . .
Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!

Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.

Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

 

[NoMetadata]

Hi, I invite every Windows OS developer that is seriously concerned about users privacy to collaborate in enhancing changes I have made to OS.

Please see above post: Network testing using Shields Up ran from the machine I used to post this thread, guarantees I am not posting nonsense.

My work is completely anticanonical (systen I am working on has no symbolic links, no Temporary Internet Files, History nor System Volume Information files inside folders, non globalized Boot, full timestamp managing, on demand file shreder instead of Recycle bin use, on the fly encrypted working area and many more privacy enhancenents)

If you are interested in this new aproach to resolve in some extent huge problem users have with privacy.

Please post here in order we can share ways to neutralize the many intrusive Windows features has.

 

[XavierMace]

ShieldsUp is an external pen test (sort of) and has nothing to do with the assorted babble you're spouting. In addition it's considered to be unreliable and filled with meaningless jargon much like your posts.

 

[NoMetadata]

Hello XavierMace

Would you kindly give me advice about which reliable external pen test can I use to test my machine penetrability in order not to insult your intelligence?

Thanks in advance

 

[Skunk-Works]

Hello XavierMace

Would you kindly give me advice about which reliable external pen test can I use to test my machine penetrability in order not to insult your intelligence?

Thanks in advance

Read about Nmap or Zenmap and use a VPN capable of all 65 thousand + ports to test your IP.

 

[NoMetadata]

As my system is aimed from low to no tech knowledge users as 99.99999 of users are, but at same time not just have a feeling of privacy but real privacy, I trimmed all enviroments and disabled all services that can put in risk their private data.

For example SMB that wannacry takes advantage from. (Neutralized System has no powershell files,, also wmic is stopped and taskscheduller is useless in addition many other services were disabled, distroyed or stopped including Microsoft.Net, .even though gpedit works fine.)

When system is connected to Internet only 19 services are running)

Nmap needs Visual basic installed in the machine and that is a user security risk.

Please give me advice of a good external online pen test, not software to be installed.

 

[Red Squirrel]

Lol not having port 139 open to the internet should hopefully be a standard thing by now on 100% of computers. Even a cheap SOHO NAT router will provide that protection.

If your port 139 or any Windows ports are facing the internet for even a short moment, consider your entire network compromised and rebuild everything.

The GRC one will give you a half decent overview, they have one that tests each port. I personally just use nmap from my web server when I want to double check what ports I have open. Note that open ports on it's own is not really a huge indication of security, if you are hosting anything then obviously you need ports open, but those specific applications need to be secured. Ex: patching Apache, or what not.

 

[Elixer]

As my system is aimed from low to no tech knowledge users as 99.99999 of users are, but at same time not just have a feeling of privacy but real privacy, I trimmed all enviroments and disabled all services that can put in risk their private data.

You are fooling yourself if you think that just by disabling services (which ones exactly?) will get you anywhere close to "real privacy"

For example SMB that wannacry takes advantage from. (Neutralized System has no powershell files,, also wmic is stopped and taskscheduller is useless in addition many other services were disabled, distroyed or stopped including Microsoft.Net, .even though gpedit works fine.)

When system is connected to Internet only 19 services are running)

Nmap needs Visual basic installed in the machine and that is a user security risk.

Please give me advice of a good external online pen test, not software to be installed.

Sounds like you just read a few articles, and, sorry, that isn't enough.
Security must be at all levels, disabling a few things here and there just won't work, and telling users they now have "real privacy" by what you have described is laughable.
Not trying to be mean or anything, but, you really need to read a ton more about actual Security practices. Hopefully this is not for a business, if it is, do yourself a favor and hire a consultant.

 

[NoMetadata]

hello Elixer

Is easier for me to tell you which services actually run in my machine (15) that telling you which ones are disabled, distroyed or stopped for 1440 min before new instance finds out must wait for 1440 min more to run.

No standard users wanted here

(on installation process I made built in administrator has full rights to modify components (comexp) and "critical" services at will in order to degrade security built in groups accounts and guest group account ( as a matter of fact before I deactivated notifications, windows cryed out could´t access to an important service and prompted me that as an Administrative user I should activate them it order "standard users" can gain access to my machine)

Current 15 active service list leading 19 processes related to them and that except explorer.exe have been degraded to low priority permanently is:

Extensible Authentication Protocol
Network Location Awareness
Network Store Interface Service
Power
Remote Procedure Call (RPC)
WLAN AutoConfig
Plug and Play
Network List Service
Network Connections
DCOM Server Process Launcher
Group Policy Client
Cryptographic Services
DHCP Client
RPC Endpoint Mapper
CNG Key Isolation

When reconfiguring services impersonating myself as TrustedInstaller by norestart switching at install time
I found out there were some services that were pre configured
by default to store logs for more than 49.000 days and restart
in 0 secs when stopped so they were degraded to store info for 0 days and restart after 1440 min in order not to show up in
a day´s working period.

Many others changes in OS in addition to degrading services and components including Security Accounts Manager service stopping were done like changing colorspace in system and font recompiling.