The Firewall MYSTERY….

I could not get it… and was very confused and puzzled. Tried out Look N’Stop, Kerio 4.1.3 & 4.2 and now Filseclab Firewall but still got same results!!! When I first installed them then re-booted, I scan for stealth tests - Shields Up grc.com and sygate.com I passed on all of the stealth tests and was very happy w the results, but when I restarts my pc and tried the stealth tests again… the results are failed, it didn’t passed on all of the steath tests this 2nd time. Then I tried changing some settings and scans again…but still didn’t pass it is not stealth.

I restarted my pc and didn’t touch anything in it and ‘m pretty that the settings was just the same when it passed on stealth tests scans, but why it always fails on stealth tests after the 2nd or 3rd re-boot?

I swear there’s only one Firewall running and my Windows Security Center (XP Pro SP2) always indicates what firewall was installed or running. And every time I uninstalls a firewall (or any programs) after the re-boot I always clean the registry w RegScrubXP and JV16 PowerTools registry cleaner and also optimized the registry w NTREGOPT before installing another firewall or any programs.

Now, I’m trying out Filseclab and installed also the patch, I changed rule no. 12 Protocol into UDP and hit apply (as Tom Liu said), using General Mode and Medium security level it passed on grc and sygate stealth tests (the system tray icon flashes in red during this 1st scan). But after I restarted (2nd & 3rd re-boot) my pc and scans again… the results shows it failed and this time during the scan the system tray icon aren’t flashing or turned into red, it remained blue.

It happened not only in Filseclab but on all firewalls that I’ve mentioned above. Is there anything I could do so that I can always pass on all stealth tests even after several restarts or re-boots? Or this was just a natural result that can possibly occur or possible consequence if we are connected or using a dial-up internet connection?

 

Hi,
Two things:
Try Sygate firewall and see what happens.
Block the non-stealthed ports manually (configure advanced rules).
By the way, are they just non-stealthed (closed) or open?
Mrk

 

I agree with Peter Outpost should help you. It is very informative.

Edit: Not that I say don't try Mrk's. By all means try it.

Thanks,

Chris

 

When it passed the tests in grc shields up the results were all stealth green (common ports and all ports), and in all sygate test it blocked all ports. In other words, perfectly stealth in grc and sygate.

But after the second re-boot, the results are all failed... in grc some ports are open and many are closed, then at sygate same thing some are open and many are closed. That is - it has failed.

I'm not really sure if this was natural if one is connected to dial-up internet.

 

Hi,
Closed ports is ok.
What you can do with open ports:
Go to Advanced rules, and start configuring them. You can set rules to block incoming traffic on open ports.
Mrk

P.S. I have a wild idea! Are you scanning your own machine? Do you sit behind university proxy or something? Cause if you do, then you might be scanning their ports and not your own?
Check your ip address vs. grc and sygate ip that is being scanned.
Likewise, Sygate should tell you if your ports are being scanned. If you get no message that your ports are being scanned during the test (you can also check the logs), then you're probably scanning some transparent or not so transparent proxy along the way.

 

Checking my very own IP Address against the results from grc and sygate scans…problem solved at last… the IP Addresses that grc and sygate are scanning for stealth are not all mine, my golly!!! That means all tests that I’ve done on my pc was all useless because I’m behind proxies. The results I got were not for me. Holy mackarell!!! Just imagined, sometimes the results are passed and sometimes failed, and this was also two different IP Addresses that’s not mine. That’s why everytime I visits pcflank.com it didn’t accept scanning my pc. I’m a beginner and didn’t know this IP Address thing… so pls forgive me for my ignorance, at least this was another additional knowledge I got here.

Learning this thing, then, that I’m behind proxies, I have to concentrate now more on an outbound protections and all outgoing application control rather than on focusing on inbound attacks.

If this was the case… is that mean that I am safer even if the results of stealth tests are failed coz it’s not my own IP Addresses? That hackers probe has no way to detect my pc, that even if I fail in every stealth tests I’m still invisible coz it’s not my IP Address?

 

Hi,
Where is a kiss and thank you for my wild idea??
Mrk

 

Are you a.... he, he, he just kidding.

Anyway, many tnx for that.

Well, if you can adds more answer for the above additional questions I have then again another tnx.

 

Hi,
More answers for more kisses:
If you're behind a proxy, that's a good thing. Because, you have another layer of protection in front of you, almost like a router. Proxies can be annoying sometimes, but if that's a transaprent proxy, then you'll most probably never feel anything.
Your personal computer can still be probed from within the network that is behind the proxy.
But you shouldn't be worried too much. If you run a good firewall (any of those you tried), you'll not be easily accessible. Still, to avoid any misunderstandings, if you're part of a let's say university network, then you might probably want to disable hidden shares and disable file and printer sharing...
Mrk

 

Many tnx for that...

Cheers...!!!

 

Hi,
YW sonny.
Mrk

P.S. Do you have to have Angel as your avatar? Buffy is much more ... buff