GRC test failed............

Hi
Just checked GRC(ShildsUp) and all my Ports shows Closed and few are Open (Port 21,22,23,80) not Stealth.Now im using router Inteno X5668A which one i got from my ISP.

In router Under
Management
Access control -----Services

Services LAN WAN
FTP Enabled (YES) Enabled (YES)
HTTP Enabled (YES) Enabled (YES)
ICMP Enabled (YES)
SSH Not Enabled Not Enabled
Telnet Enabled (YES) Enabled YES)
TFTP Enabled (YES) Not Enabled
these are the options
but im not sure if i need to disable(Unchecked) something from here to get ports stealth.

Im using Online Armor Premium v4.0.0.10 and thought OA will make all port stealth automatically ..i dont need to configure but now i see i need to configure maybe my router/Modem or OA to make port stealth.

So if somebody can help me out how can i do this it will be appriciated


Sorry for my bad English

Thanks.......

 

First, you need to disable all of those services on the WAN side. Then, if you don't need them on the LAN side (you will need HTTP enabled on the LAN side to admin the router) disable what you don't use.

Closed ports are fine. If you want to try to stealth, OA on the PC won't be involved...it is the router that is being scanned. If the router has a firewall, enable that to see if it gets the ports reported as stealth. If not, there are other 'tricks' but closed will be fine for security purposes.

 

Thnaks for reply

Now i disabled all of those services on the WAN side and LAN side except HTTP but still those ports open ...

what is TFTP?

 

Trivial file transfer protocol
http://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol

The HTTP should also be disabled on WAN side (again not LAN). These ports open on the WAN allow you (or others) to control functions on the router or pass through to the PC's on the LAN so they should only be allowed on the LAN side if you use them. Make sure you change the password to access the router as well.

Once those are all disabled on the WAN I would expect the ports to be closed but sometimes a router supplied by the ISP will keep some ports open so they can update firmware or do other admin functions that they want. My ISP modem is also a router and would leave some ports open for the ISP. I ended up putting the modem in bridge mode and buying a router with more functionality. If you have a 'default server' setting to forward the ports to, you could forward those ports to it setting it to a IP that does not exist on your LAN. This would put traffic through the router but it would have nowhere to go and should make those ports look closed to the WAN. I don't know your actual router so I don't have info on the specific setup you would need.

 

Shields Up tests your hardware firewall first/ Not your software firewall. They even tell you this.