Shields Up Test And Avira Security Suite

I posted this question at the Avira forum this afternoon. Since no one has answered yet, I thought maybe someone here might know. Here's the question.........

Why is it when I run the Shields Up test at grc.com when running Avira Security Suite, I fail the the test? All ports are stealth except for one. Port 0, Service <nil>, Statis-Closed. Every other firewall I've tested using Shields Up, all ports, including Port 0, are stealth. Why can't Avira's firewall stealth that port?


Anyone know why this would happen?

 

A question for Stem I guess.

 

Port 0 fingerprinting consists of seven tests. The test are labeled P1 - P7 below.

P1: send tcp packet from source port 0 to port 0
P2: send tcp packet from source port X to port 0
P3: send tcp packet from source port 0 to open port
P4: send tcp packet from source port 0 to closed port
P5: send udp packet from source port 0 to port 0
P6: send udp packet from source port 53 to port 0
P7: send udp packet from source port 0 to closed port

Port X in test P2 is any port not equal to 0. Port 53 is used in test P6 as it is most likely to bypass a firewall configuration.

The standard reply expected to P1, P2 and P4 should be a RST packet as the port should be closed.

The standard reply to P3 should be SYN ACK as the port is open and port 0 is a valid port as described above.

The standard reply to P5, P6 and P7 should all be ICMP port unreachable as UDP port 0 / closed port should not have a program listening on it.

Although port 0 is a valid port number various OS's handle port 0 differently.


My English is far from being good,so I give you direct link:
http://www.networkpenetration.com/port0.html

BTW, stealth ports give very little benefit to security, because your ISP router always will tell an attacker, if any PC exists on given IP.

 

All I'm saying is, that with any other firewall, stand alone or part of a suite, that Port 0 is stealth. With Avira's firewall, set to High, Port 0 shows Closed. I just can't figure out why this port won't show stealth with Avira's firewall.

 

I did download/install to look at this.

As I mentioned, I did install the "Trial" of this, but the firewall will not function (windows logs show "Invalid licence" for attempted startup of the firewall).
I do remember when I beta tested this firewall (for only v1) that there was a need to allow inbound TCP for returned DNS lookups, I, at this time do not know if this is the problem(As I do not have a working installation)

Port "0" is classed as "Invalid", but, this is normally looked at as "Any available" with certain services. Inbound to this can be made on certain setups/firewalls.

I need to find a fully functional (firewall) trial version before I could give an answer.

 

I got a some replies over at the Avira forum. I'm not good when it comes to technical talk, so most of the stuff is over my head. I do know what makes me feel comfortable though. I just like the big green "Passed" boxes, and all the ports shown stealth at grc.com. I'm going to go back to the stand alone firewall and AV. I never was too happy with Avira's firewall anyway.

 

Hello Graystoke,
I do not mean to be unhelpfull on this issue, at this time I have no access to the current firewall build, so I cannot check/test for the problem.

Please give link to the replies made to you

 

Hi Stem. Please don't worry about being unhelpful. I understand. Here is the link............

http://forum.antivir.de/thread.php?threadid=22749

 

Hi,

Regarding getting a test key for the suite, and therefore the firewall, you can follow the instructions in this post on the Avira forums.

Cheers,

Steve

 

Avira Premium Security Suite Stealths All Ports here Also It Passes the Advanced Port Scan/Trojan Scan/ and Exploits effortlessly with the Firewall at Medium Settings According to these results I'm invisible

 

Is this from Shields Up's site or PCFlank?
Cuz those tests sound like PCFlank tests.

 

Both of them 100% Shieldsup and PCFlank