Hello Wilder forum. I see alot of good people here, and alot of good people using the same programs as I do.. So, here is the question.. You can see in my sig what I am running, I am also connected to a router, wireless. My main system, (this one), is wired in while the other two, (wifes' and sons' laptops), enjoy the wireless. A nice happy home network. When I try to go to any page to test my security settings, (stealth mode, open ports, ect), the tests will not give an accurate result because i never see my correct ip address displayed. However, the test sites seem to know my browser, and be able to pull info from it... so, how safe am I? Is my router doing its' job and scrambling the script kiddies, or do I need to dial in my firewall... As it stands now, I do NOT pass any of the tests, but I got a hella security set up, at least I thought I did. Any advice or wise words thrown my way would be appreciated, thank you.
what test site did you use and did you allow scripting? If yes that is how it gathers info. On the balance of probabilities I would say you are reasonably safe
Did you allow scripting? Yes, for some I did as the page would not operate properly. This I know, and mostly I do not allow scripting, so I feel secure in this area. What sites did you use? Now here opens up the can of worms so to speak. First, I used Gibson Shields Up. This scan I failed completely, as it showed ports closed not stealthed. I did a few of the most basic well known sites, mostly with same results, and while some did not report fail, all of them showed ports closed, not stealthed. Also all reported my ip as it was given from the router not from my actual system....with one notable exception. This one bothered me ALOT. Not only did it report the IP from the router, it was the only one that reported my ACTUAL system ip as you can see from the attachment. https://www.securitymetrics.com So, I guess I need to know how I can stealth my system.
papasmrf, there'e nothing to worry about. Your browser is known because of referrers or cookies (sorry, not actually sure which), the incorrect ip address is probably the one for your router's Wan (Internet) connection, because your pc's network adapter will be assigned a non-routable one from your router's built-in dhcp, and as for closed ports rather than stealthed, this is perfectly fine. Stealtgh tends to be overrated. Those ports will be your router's that were scanned. Outpost is probably providing stealth on your pc.
Port 53 (DNS) ist neither closed not stealth - why? Try first to stop and disable the DNS-Service in Windows. You work as admin? Why? What are your settings in Outpost - default? Why?
1. (DNS) is neither closed not stealth - why? Well, that is a good question. I guess I am relying on my firewall to make these decisions. I can stop and disable, but why has it been left on? 2. You work as admin? Why? Well, another good question. It is simply because my system controls the rights to the WAP and it is just easier to be in the admin account than having to remember to switch accounts every time I want to make a system adjustment. 3. What are your settings in Outpost - default? Why? Most of the settings are default. It was in "auto-learn", but I have recently put it into "block most". Any software that I have not used will have to ask my permmision.
1. DNS-Service makes no difference on a client computer, in bad conditions it may consume 100% cpu. normaly port requests IN are blocked by router if not allowed by rule. or is your router just a simple modem? some modem offer same dialogs although they are still a modem. 2. right click "run as admin" !!! 3. ok
Hi wat0114, Various info, such as browser used is sent/embedded in the TCP packet, specifically, in the "Get / http"(packet) sent after the initial 3 way handshake. Here is an example showing the "Get / HTTP" packet after initial connection to this forum. - Stem
Sites such as "Shildsup" only make scans againts the IP(in your case the router). Other checks made on some sites will scan your IP but also they can use scripts/java to extract data. One of the reasons to use such as Noscript(firefox) or similar when visiting unknown sites. As for the closed ports on your router. If the closed ports do bother you (they are not a security threat), then you will need to check your router settings and make sure the router is actually set as a gateway. If you cannot find any way to change, then you can "Port forward" those port numbers (that show as closed) to an internal IP that is not used. - Stem
Stem, Can you debrief me on the reason why anyone would still care if they are stealthed or not when a closed port is just as closed as a stealthed port? Am I wrong, or do most routers default configs (assuming NAT/SPI is in use) with no port forwarding or service ports opened, offer more than enough protection to make the whole open port scan a thing of the past? Granted, if you don't know if something is holding a port open, it can be good to learn. But even if your computer is holding many ports open, the router only passes solicited traffic. Any enlightenment? It is a serious question to the man that seems to stay on top of this sort of thing Sul.
Hi Sul, I think it is just down to the fact it is an easy test to make and being "Stealthed" which is incorrectly put forward as making you "Invisible" give most a warm fuzzy feeling of being more safe. A port will not show as open unless it is actively being listened to. So if a port shows as open then it is better to check what is actually listening on that port, as really, there should be no open ports to WAN unless specifically intended. One of the reasons that some put forward the use of a router, as even in misconfigs of software firewalls where service(windows services) ports are left open, by default the router will not(normally) allow inbound directly to those open ports. - Stem
Thanks Stem. I knew it was in the TCP packet somewhere (the header?) but didn't know how it got there.
Thank you all for the responses. So, what I have taken from this is the fact that my security is really ok after all. I do have script blockers, and I did allow that site thru to do the scan thing, so the fact that I had to allow it tells me that is working. My router is set up as a gateway, and I do have it keyed. The whole stealth thing I am glad to see does not really mean as much as I thought, (thank you for that), and closed ports are perfectly fine..I guess if it is closed, nothing gets in it. So, all in all I am feeling much better about my set up now. Again, thank you all.