Perfect Stealth, yet no Firewall on, HOW?

I am running Vista and I have no firewall installed and the Vista firewall is turned OFF!

Let me please repeat this... NO FIREWALL INSTALLED AND VISTA FIREWALL IS 100% TURNED OFF!

But I get perfect stealth reports from grc.com SHields Up! and from pcflank.com

HOW IS THAT POSSIBLE WHEN I DO NOT HAVE ANY FIREWALL INSTALLED AND NO FIREWALL ON?

The only thing I can think about is that my modem/router is set to use NAPT. My modems Firewall is also OFF. So that only leaves NAPT.

Does NAPT act as a firewall? If so, why don't people just turn on NAPT in their router instead of using Firewalls?

from grc.com

"Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice."

from pcflank.com

"Stealthed"(by a firewall) -Means that your computer is invisible to others on the Internet and protected by a firewall or other similiar software;

" TCP "ping" stealthed
TCP NULL stealthed
TCP FIN stealthed
TCP XMAS stealthed
UDP stealthed"

Trojan: Port Status
GiFt 123 stealthed
Infector 146 stealthed
RTB666 623 stealthed
Net-Devil 901 stealthed
Net-Devil 902 stealthed
Net-Devil 903 stealthed
Subseven 1243 stealthed
Duddies Trojan 1560 stealthed
Duddies Trojan 2001 stealthed
Duddies Trojan 2002 stealthed
Theef 2800 stealthed
Theef 3000 stealthed
Theef 3700 stealthed
Optix 5151 stealthed
Subseven 6776 stealthed
Theef 7000 stealthed
Phoenix II 7410 stealthed
Ghost 9696 stealthed
GiFt 10100 stealthed
Host Control 10528 stealthed
Host Control 11051 stealthed
NetBus 12345 stealthed
NetBus 12346 stealthed
BioNet 12348 stealthed
BioNet 12349 stealthed
Host Control 15094 stealthed
Infector 17569 stealthed
NetBus 20034 stealthed
MoonPie 25685 stealthed
MoonPie 25686 stealthed
Subseven 27374 stealthed
BO 31337 stealthed
Infector 34763 stealthed
Infector 35000 stealthed

 

NAT is your answer. Your computer is on a private IP address that cant be accessed directly by someone outside your lan. Your router has your public IP address and that is where the shields up packets are hitting.

Cheers
Jeremy

 

While you are on GRC, I suggest you download the security now podcasts. Gibson tends to be good at explaining many of these security concepts. Do take some of his opinions with a grain of salt however, as many security professionals strongly disagree with him on some issues.

Cheers
Jeremy

 

Your answer was very interesting to me. Can you please elaborate in easy to understand terminology.

And are you saying that I don't need a firewall now?

 

So long as I dont have to prove anything

There are two kinds of IP addresses for our purposes, public and private. Private IP addresses are in the following ranges
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255

These are addresses set aside so that they can be used in internal lan networks such as the one you have created behing your router. (You may only have one computer attached to the router. This is means that your router and your computer are in their own private network). Private address have no routing information on the internet.

The remainder IP addresses are public (with the exception of 127.0.0.1). This means that these are addresses on the internet and there is routing information on them. So if you say to a router on the internet "please forward this packet to 210.12.56.100" the router would be ok doing that. However if you say to a router on the internet "please forward this packet to 192.168.1.2", unless it actually has a private network attached, it wont know what to do with it.

The way your router works is that it has 2 'interfaces'. A public internet interface and a private lan interface. When your computer sends out a packet from its private network to the public network, it first sends it to your router. Your router takes the packet from the private lan interface, and puts it on the public internet interface. Before it sends this packet off, it will put in a bit of extra information into the packet so that it can remember where in the private network it comes from. This is packet is sent out onto the public internet to the server you are communicating with. The server sends a packet back to your router. The router looks at the packet to see where in the private network it should go to. It routes it back to your computer.

Through this process, the server has no direct access with your computer at all. That is why when you run shields up, all the packets hit the router and are dropped and you get a stealth rating.

This means that NAT routers provide very good in bound protection. However if your computer ever connects to the internet directly (i.e. not through the router and thus will have a public address), will need to have the windows firewall turned on to get inbound protection.

As to outbound protection, it is still a subject of debate. Personally, I dont believe outbound protection is very important at all. Check https://www.wilderssecurity.com/showthread.php?t=212594 for other opinions.

Cheers
Jeremy

 

Jeremy, I will need to read your message twice to fully absorb it. Thanks for your time writing it.

Just a question.. When I go to www.getip.com it gives me a number like 125.105. 57.7

Is that my public or private IP? If public, then you mean all websites and all internet connections only communicate with that IP address, but once any data hits my modem, my modem says,

"STOP, NAPT IS TURNED ON AND ORDERING ME TO HALT ANY COMMUNICATION AND HALT YOU ACCESSING THE PC THAT IS CONNECTED"

If that is the case, then how can I even get internet webpages showing on my screen if it doesn't allow data or anyone to see my PC?

 

What you see in www.getip.com is your public ipaddress. If you want to check your private ip, goto start --> run --> cmd.exe and type ipconfig.

 

Ok, so seeing my public address is shown, why do I get stealth reporting when no firewall is installed and no firewall is on?

Because you said earlier, "This means that NAT routers provide very good in bound protection. However if your computer ever connects to the internet directly (i.e. not through the router and thus will have a public address), will need to have the windows firewall turned on to get inbound protection."

As you now know, my public address is shown. Yet I dont have a firewall on, yet still get stealth reports.

 

When computers outside your lan communicate with your computer, they do so through the your router and only see the public address e.g. www.getip.com is outside your lan so it is seening your public IP. This public IP is owned by your router and hence when you goto grc.com and ask them to scan you, it only sees your public IP and scans your router, which presumbaly doesn't respond at all and gets a "true stealth" rating.

Now when your computer connects to the internet directly, it is doing so without a router infront of it. This means that your computer will have a public IP and when you goto grc to scan, it will scan your computer and presumbly if you have your firewall turned off, it will find open ports.

 

What do you mean when you say "when your computer connects to the internet directly"? How can my PC connect to the internet "indirectly"?

And that's the thing, firewall is off, yet it doesn't find any open ports. WHY?

 

Your router is being scanned, not your computer so it doesn't matter if the firewall on your computer is turned off.

 

Think of the router as a middle man, who intercepts all communication between your computer and the internet. As all communication is intercepted, it is an indirect communication.

I think you may be confusing a "modem" with a "router", which is quite understandable, as they are often both contained in the same unit.

HTH

 

Right. Routers should not confused with modems. Modems can be internal (add-on circuit board) or external (self contained unit) to the PC. Routers are always outside the PC (self contained unit) and can direct communication traffic between networked computers. Modems can't do that (or at least none that I have ever come across).

 

all in one Router modems can Linksys makes them actiontec uses them constantly. it has a Firewall and the ability to DIAL UP even if needed. or use a DSL connection coming in. A lot of cable providers are going to the same type of thing to save IP address. they give you a 4 port modem/router basically.

 

Ok, thanks everyone for the info.

Then I have concluded... that with my router and NAPT enabled on it, I never need to install a firewall or use the Vista Firewall.

Because I get perfect stealth reporting even when no firewall is installed and even when Vista firewall is OFF.

And I do not need 2 way monitoring, because my PC has been checked and it came up clean according to the KasperSky scan I did, and I never install any 3rd party software anyway.

 

If it is a laptop I think it still may be good practice to keep the Vista firewall on just incase you move to an external network and forget that it is off.

 

Move to an external network? What do you mean?

 

I think he means public WiFi's such as Starbucks, etc.

 

You mean if I take my notebook and plug it into a router at Starbucks? LOL

 

Most laptops have wireless these days, maybe its time to get a new one?

 

By the way, usually with NAT you should get all ports closed and not stealthed.
So the router is more than a simple NAT device...

Fax

 

Mine has wireless, but I use broadband from home only, through my phone line.

 

Well all I can tell you is that NAPT is ON in my router, and grc, and plcflank reports STEALTH for all the tests.

 

Do you know the model?
Can you access to the router interface via http?

In any case, it should have more than NAT enabled to give stealth state.
Moreover if it rejects also WAN pings....

Cheers,
Fax

 

I believe that's incorrect. Having NAT enabled should show 'stealth' on all ports for the GRC test.