I tried 4 times tonight, re-testing my firewall on Shields up, and no matter what, I always have a BUNCH of random ports that are just marked as closed, here is my most recent test:
Results from scan of ports: 0-1055

0 Ports Open
155 Ports Closed
901 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be CLOSED were: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
10, 11, 12, 13, 14, 15, 16, 17,
18, 19, 20, 21, 22, 23, 24, 25,
26, 27, 28, 29, 30, 31, 32, 33,
34, 35, 36, 37, 38, 39, 40, 41,
42, 43, 44, 45, 46, 47, 48, 49,
50, 51, 52, 53, 54, 55, 56, 57,
58, 59, 60, 61, 62, 63, 64, 65,
66, 67, 68, 69, 70, 71, 72, 73,
74, 75, 76, 77, 78, 79, 80, 81,
82, 83, 84, 85, 86, 87, 88, 89,
90, 160, 161, 162, 163, 164,
165, 166, 167, 168, 169, 170,
171, 172, 173, 174, 175, 176,
177, 178, 179, 180, 181, 182,
183, 184, 185, 186, 187, 188,
189, 190, 191, 192, 193, 194,
195, 196, 197, 198, 199, 200,
201, 202, 203, 204, 205, 206,
207, 208, 209, 210, 211, 212,
213, 214, 215, 216, 217, 218,
219, 220, 221, 222, 223

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

The only thing I have connected to the internet is Trillian (MSN, and AIM protocols only, I only have trillian so it can access through ports 5190, and 1863) and I have all ICMP's blocked (Set in advanced rules), I cannot figure out why i have alot of un-stealthed ports? Is it still safe? and also, I don't know of any other firewalls that I can run (Besides rule-based ones, which I don't want)
*edit*
and then after a bit, it'll work itself out, and I'll pass, argh, I don't understand firewalls! >:(

Try using alternative Online web-scans for secondary opinion....

Hi,

You have also a look here, may find out something.

http://www.pcflank.com/

Gerard

Well, I tested again today, and I failed, the only thing I have running thats online is Mozilla Firefox 0.8, maybe thats what is holding ports so they're not stealth? (Though, I doubt it, as most the time its random ports that aren't stealthed), I am scanning at Sygates site right now, and am going to scan at PCflank in a minute, I justt don't understand this, is it possible its a problem with sygate? or is it I dont have it configed right? (I just use it as an ask/allow type thing, I don't have any advanced rules, except for one to block ALL ICMP traffic), here are my results again, I done the quick scan at Sygate, and I passed (It even scanned 2 of the ports I failed before on Shields up) heres my new test results:
Results from scan of ports: 0-1055

0 Ports Open
47 Ports Closed
1009 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be CLOSED were: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
10, 11, 12, 13, 14, 15, 16, 17,
18, 19, 20, 21, 22, 23, 24, 25,
26, 27, 28, 29, 30, 31, 32, 33,
34, 35, 36, 37, 38, 39, 40, 41,
42, 43, 44, 45, 46

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

I tried PCflanks site, and I failed them too! I scanned from port 1 to 8500 it said over 4000 ports not stealthed (Just blocked)

Comp01, I too get a bit confused over the relative benefits of "stealthed" vs. "closed." Have you seen the thread over at DSLR about this argument? Seems everyone has a different opinion:

http://www.dslreports.com/forum/remark,9694737~mode=flat~days=9999

Ok, well, closed still protects my PC, am I not right? it prevents hackers/worms and trojans and viruses that use open ports to enter, am I correct? Also, I don't understand, if I scan more then 2 times on Shields Up, I pass, is it that Sygate has adaptive behaviour? I mean, now when I test, I test with JUST my webbrowser up, nothing else is connected, I don't understand why I keep failing...

IMHO, whether you're "stealthed" or "closed", you're still good! But to add to all the confusion and arguments about which is better, check out this old and very, very long thread at DSLR:

http://www.dslreports.com/forum/remark,3490473~mode=flat

I hope this sheds some light on the subject!

Hi Comp01

Have your results always been like this or is this something new?
Made any changes recently?

Regards,

CrazyM

-{ Quote: "Well, I tested again today, and I failed, ... I justt don't understand this, is it possible its a problem with sygate? or is it I dont have it configed right? (I just use it as an ask/allow type thing, I don't have any advanced rules, except for one to block ALL ICMP traffic), here are my results again, I done the quick scan at Sygate, and I passed (It even scanned 2 of the ports I failed before on Shields up) heres my new test results:
Results from scan of ports: 0-1055

0 Ports Open
47 Ports Closed
1009 Ports Stealth
---------------------
1056 Ports Tested " }-

I Suspect all you need to add is a few rule sets for example do you have an upper level (above Aps) rule which blocks all TCP out

Description: Incoming TCP
Protocol: TCP
Direction: Incoming
local endpoint: port = any & application = any
Remote endpoint: address type = any & port type = any
rule valid = always
Action = deny

In your Aps rule section ck the following:

for firefox check to see if you have a TCP/UDP restrict both directions placed after your Firefox TCP allow out rule, if you don't you may want to add one.

also I'm assuming you are not running a local proxy like proxomitron, so I won't get into the loopback issue. If you are more info available here:

http://www.wilderssecurity.com/showthread.php?t=5367;start=msg120844#msg120844

[hr]

sounds like if you repost your config at sygate forum someone will help you there:

http://forums.sygate.com/vb/showthread.php?s=c1f686bb8bac2ef14e0be705d51860f9&threadid=9173

Good Luck ;)

-{ Quote: " quoting: peakaboo link=board=23;threadid=25678;start=0#msg150091 date=1080315631]
sounds like if you repost your config at sygate forum someone will help you there:

http://forums.sygate.com/vb/showthread.php?s=c1f686bb8bac2ef14e0be705d51860f9&threadid=9173

" }-

I agree this is the best bet to get the help you seek, Comp01.

Just wanted to sort out a point or two:
I agree that there is some argument over whether stealth vs. closed. Personally, I am convinced that closed is often "good enough", however I opt for stealth settings in Outpost. The real issue is that it would drive me a bit nuts if I were shooting for stealth and not achieving it. For that reason I wish Comp01 luck in solving the mystery.

Also, running your browser, Comp1, (Mozilla or otherwise) isn't what's compromising your test results. Don't lkow if you ever got that question answered.

I'm confident that you will get it sorted out quickly.

Good Luck.
Optigrab

This sometihng fairly new, it's just now started to happen, the only changes I've done to my system is update the modem drivers, and then went back to the original drivers I had...

I am running Sygate Pro (plus my router firewall) when I scan at GRC and Sygate SOS I have full stealth report form GRC and Blocked at SOS.

I had quite a few advanced rules made in Sygate but after many weeks of testing my router firewall and then SPF I have been able to remove my advanced rules bar the one for my AV updater which Sygate's Anti-Application Hijack does not like and also one to allow my router to ping my internal network.

I have removed 'Act as server' from my applications in Sygate's list, leaving 'Act as Client' for them. I wonder if you have done this as this may well help you get the 'stealth' report at GRC.

One other thing make sure it is your IP address showing before you scan as this is important.

I am running only the Windows built in firewall (SP2) behind a Actiontec
gateway and my scans show better then when I was using a software firewall ;D

Is yiour PC behind a router? Is your ISP using a proxy server? If so, that can result in port scanning tests not actually testing your PC and software firewall but the router or ISP proxy in front of your PC/firewall.