Steve Gibson (old timers knows him as the author of SpinRite for DOS)



Test your machine for online vulnerability.
By Bill Machrone, PC Magazine
October 20, 1999

A subtle configuration error or a setup default selection can leave your machine wide open to attacks. Hackers are constantly scanning the Internet for vulnerable machines. There's nothing particularly skillful or challenging about what they do; widely available scanning programs test huge blocks of IP addresses for a handful of ports that can give access to your system. Some ports may yield to more sophisticated hacking techniques, but the NetBIOS ports, if open, are invitations to come in, read and write to your hard disk, and freely use your machine.

A quick visit to Gibson Research Corp.'s ShieldsUP! Web site will determine whether your computer is vulnerable to common hack attacks while connected to the Internet. ShieldsUP! does a noninvasive test of both your NetBIOS ports and the TCP ports used for telnet, FTP, and other communication protocols. GRC performs these tests for free, as a public service, because proprietor Steve Gibson was appalled at the lack of security of most home and small-business systems, especially those with the persistent connections typical of cable modems and DSL lines.

Gibson, the author of the powerful SpinRite disk maintenance and disaster recovery utility, says he recently upgraded to a DSL line as well as a T1 connection to GRC's server. He was shocked to see the incessant bombardment of port probes and other attacks on both his server and his personal system. (We can confirm this; our cable modem-connected machine regularly logs six to ten NetBIOS attempts per hour, in addition to many other kinds of attacks.) Gibson is a fervent, passionate person, and he immediately set about the task of writing routines that would nondestructively test users' machines for vulnerability, at their request.

When you go to the ShieldsUP! Web site, Gibson's passion is immediately evident in the form of bold type, strongly emphasized words and phrases, and a blizzard of exclamation points. Don't mistake enthusiasm for hype, however. Reading Gibson's pages is like talking to him-they're crackling with energy but chock-full of technical knowledge. You can easily learn far more than the average IT support person knows about TCP stacks, NetBIOS, and other security issues as you traverse the dozen pages he's posted on the site. The wealth of knowledge here is easily more valuable than the tests, because the site offers prescriptive action based on the tests as well as information that helps you understand what you're doing and why you're doing it.

Using the site is as simple as Gibson could make it. You click on a button that says "Test my Shields," and his server attempts to connect to your machine via NetBIOS. Cable modem users and others who are behind proxy servers are advised to download IP Agent, a small program that notifies ShieldsUP! that it must look beyond the proxy server to find your machine. Testing machines behind proxy servers and network address translation (NAT) devices is still a dicey business. The good advice still applies, but ShieldsUP! may actually be testing an upstream server rather than your machine.

As part of the site's testing and educational mission, Gibson has an extensive page on TCP ports and port monitoring. He explains how port-monitoring software can, under the guise of listening for intruders, actually make your machine more of an inviting target for snoops. He explains the difference between port monitors and personal firewalls and has a noninvasive port probe button on the page that demonstrates the difference between monitored ports and ports that simply aren't there because you've removed anything that might activate them or because you've sealed them off with firewall software.

Gibson also reviews and comments on a number of software firewalls, including AtGuard and BlackICE Defender. Gibson points out that although you don't need a firewall if you're not running any IP services on your machine, having one gives you a log of activity against your machine as well as a layer of security that can't be subverted by changing your network settings or installing other software.

Rounding out the ShieldsUP! site is additional educational material, a message board, and an e-mail notification system for updates and additional information, as well as activity logs. The site logged more than 62,000 visits in its first week of operation (this is its second), and the aggregate logs are eye opening: One third of the machines exposed their names; one sixth of them allowed connections. More than 40 percent of them had exposed directories, and more than 10 percent had wide-open directories. As Gibson cautions at the site, however, a clean bill of health from ShieldsUP! is not a guarantee that you won't be hacked. Attacks can take many forms, including Trojan horses and viruses, which require different defenses.

As you might expect, some of the hackers out there are angry with Gibson for spoiling their fun and have mounted a variety of attacks against his server. He's sensibly mum on his security provisions but is confident that his system will withstand the dual onslaughts of hackers trying to bring him down and users eager to test their systems.

ShieldsUP! Price: Free. Requires: Windows PC with Internet connection. Gibson Research Corp., Laguna Hills, CA; 800-736-0637; Company Info.