Am I REALLY At Risk?

Discussion in 'other firewalls' started by imaginos, Jan 5, 2008.

Thread Status:
Not open for further replies.
  1. imaginos

    imaginos Registered Member

    Joined:
    Dec 6, 2006
    Posts:
    9
    Just ran a Shields Up! test on my wireless laptop while evaluating a copy of Online Armor. I do not change software FWs very often, so I forget exactly what the test results were for other FWs I've used in the past (Kerio, ZAF, Comodo, McAfee), but I'm pretty sure that all ports were stealth. Now the report while using Online Armor comes back as follows:

    Thanks, Jim

    The report won't format correctly here, so:

    1)Port
    2)Service
    3)Status
    4)Security Implications

    0 <nil> Stealth...There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    21 FTP...Closed...Your computer has responded that this port exists but is currently closed to connections.

    22 SSH...Closed...Your computer has responded that this port exists but is currently closed to connections.

    23 Telnet...Closed...Your computer has responded that this port exists but is currently closed to connections.

    25 SMTP...Closed...Your computer has responded that this port exists but is currently closed to connections.

    79 Finger...Closed...Your computer has responded that this port exists but is currently closed to connections.

    80 HTTP...Closed...Your computer has responded that this port exists but is currently closed to connections.

    110 POP3...Closed...Your computer has responded that this port exists but is currently closed to connections.

    113 IDENT...Closed...Your computer has responded that this port exists but is currently closed to connections.

    119 NNTP...Closed...Your computer has responded that this port exists but is currently closed to connections.

    135 RPC...Stealth...There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    139 NetBIOS...Stealth...There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    143 IMAP...Closed...Your computer has responded that this port exists but is currently closed to connections.

    389 LDAP...Closed...Your computer has responded that this port exists but is currently closed to connections.

    443 HTTPS...Closed...Your computer has responded that this port exists but is currently closed to connections.

    445 MSFT DS...Stealth...There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

    1002 ms-ils...Closed...Your computer has responded that this port exists but is currently closed to connections.

    1024 DCOM...Closed...Your computer has responded that this port exists but is currently closed to connections.

    1025 Host...Closed...Your computer has responded that this port exists but is currently closed to connections.

    1026-1030 Host...Closed...Your computer has responded that this port exists but is currently closed to connections.

    1720 H.323...Closed...Your computer has responded that this port exists but is currently closed to connections.

    5000 UPnP...Closed...Your computer has responded that this port exists but is currently closed to connections.
     
    Last edited by a moderator: Jan 5, 2008
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Short answer: No, you are not at risk at all..
     
  3. HJam72

    HJam72 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    34
    Location:
    Kerrville, TX
    Long answer: You are not at risk at all, but you are kind of....sort of....just a little bit....I think. :p
     
  4. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    I don't think 'stealthed' port really make you 'more secure'. It just means that your computer sends a packet back telling the machine scanning you that the port is closed instead of not responding at all. The person scanning your computer will know that there is a computer at your ip address. But nothing can be done to closed ports.

    -----

    Edit: Grammar/syntax
     
    Last edited: Jan 5, 2008
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Exactly....
     
  6. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    I thought OA was supposed to stealth ports. The idea behind stealth was that a port scan should not be able to detect there is a computer at that IP address. So, someone knows there is a computer at that IP address. Despite all this BS about DOS attacks on individual computers, I don't think anyone is going to bother unless its a server. Anyway, I agree with the others, find something else to worry about, or get a different firewall.
     
  7. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    May be there is a router in-between?

    Fax
     
  8. imaginos

    imaginos Registered Member

    Joined:
    Dec 6, 2006
    Posts:
    9
    Yes, I am using a 2wire wireless router with the laptop. Does that make a difference? When I was Kerio and Comodo it didn't seem to make a difference, as all ports were reported as "stealthed". Only using Online Armor are they not. But, like a previous poster on this thread stated, do I really care as long as the ports are closed?

    Jim
     
  9. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    No, you shouldn't care.

    Blue
     
  10. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    I always thought that Stealthing is when the computer (or router) does not reply at all to requests on ports that it wishes not to be detected on,in other words your computer is invisible
     
  11. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Well, yes and no. Since no "host unreachable" message is returned, you're there, but you're not talking.

    Blue
     
  12. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    But a stealthed port isnt sending a packet back telling the machine scanning you that the port is closed etc.

    Thats what a closed port does surely.(refer post Huangker).
     
    Last edited: Jan 6, 2008
  13. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Quite correct, but to be invisible..., people can't know whether you are there or not. Clearly you are there since you're not "unreachable", hence, you're not "invisible" and therefore stealth doesn't accomplish the desired goal (invisibility).

    Blue
     
  14. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    Blue-thanks for that,was just pointing out the wrong definition given previously :)

    Hairy
     
  15. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    What does the actual RCF state should be done by a computer with a closed port and what does it state about a routers action if a computer isn't there?
     
  16. estervantes

    estervantes Registered Member

    Joined:
    Nov 15, 2007
    Posts:
    44
    I am confused by this issue.

    At the site http://www.grc.com, a firewalled system or hardare firwalled system that reveals "open" or "closed" ports is designated as FAILED. Only port scans showing complete stealthing are designated as PASSED.

    Is there no real advantage as Gibson argues to having ports stealthed instead of just closed? I ask this because my new hardware router reveals closed ports whereas my previous software firewall indicated complete stealthing.
     
  17. secured_pc

    secured_pc Registered Member

    Joined:
    Dec 9, 2007
    Posts:
    4
    I'm not an expert in the whole stealthing vs closed issue. But the bottomline is both stealthed and closed ports are somewhat analogous to doors of one's home being closed and locked.

    However, it is my understanding that stealthed ports are useful because it hides the actual status (whether it is opened or closed) of the ports from hackers with port scanning PCs by acting as a blackhole. The port may be put on a stealth status towards some port scanning PCs but it is opened for communication for legitimate purposes (You may need to keep your PC malware free, otherwise, even malware's communication with the a remote server over the Internet is considered legitimate and can subject your PC to security risks.)

    I'm here to be educated about issues like this so please correct me if I'm wrong.
     
    Last edited: Jan 7, 2008
  18. cortez

    cortez Registered Member

    Joined:
    Nov 19, 2006
    Posts:
    444
    Location:
    Chicago
    Tested XP's Firewall on the Gibson site and the surprising results (to me anyways) was:

    0 Ports Open

    1 Port Closed

    1055 Ports Stealth

    Closed port was: 113

    So I guess this partition is pretty safe even with only the XP homegrown firewall!!

    To me this is astounding as I have heard so much negative flack directed at XP's firewall (or could it be that I am not understanding something correctly?)
     
  19. wat0114

    wat0114 Guest

    XP firewall's inbound filtering is excellent. It just does not filter outbound traffic, which is not a concern for most pc users anyways. Are you behind a router by any chance? The closed status of 113 makes it seem so.
     
  20. cortez

    cortez Registered Member

    Joined:
    Nov 19, 2006
    Posts:
    444
    Location:
    Chicago
    Yes, I do have a (hard wired) router just as you predicted!

    This forum sure has informed members--thanks for you insights on XP's firewall as I was uninformed on it's outbound deficiencies--cortez
     
  21. estervantes

    estervantes Registered Member

    Joined:
    Nov 15, 2007
    Posts:
    44

    Thanks for the information.

    This link provides a relevant discussion of the value of allowing stealthed versus closed ports:

    http://www.dslreports.com/forum/remark,3490473
     
  22. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    It's funny how we all seem to discuss the ports as though they were tangible objects, just like the physical doors in a building, doors that can either be opened or closed, when in reality we are actually dealing with huge numbers of electrons flowing in both directions down a set of wires, plus some sophisticated control software.

    I'm not trying to sound paranoid here, but our ports are merely software structures that can filter information patterns. Suppose these ports aren't quite as real or as solid as we think? Suppose there are hidden ways "around" the ports? To go back to the building analogy, suppose we've got people peeking in through the windows, coming down the chimney or beaming radar right through the walls? Our "doors" are closed. Are we still safe?
     
  23. wat0114

    wat0114 Guest

    No problems. Just so you know, it was your router being scanned and its ports responded (or actually didn't except 113) with the stealth status. Even 113 showing closed is nothing to worry about. You could disable XP's firewall since nothing unsolicited is getting past the router and XP's firewall is not even seeing the scans. This is ok as long as your pc is the only one connected to the router. If the pc has wireless and/or you plan on adding other pcs to the router to form a small LAN, then you should keep the XP firewall enabled or use a different, 3rd party software firewall.
     
    Last edited by a moderator: Jan 8, 2008
  24. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Yes you are safe.
     
    Last edited: Jan 9, 2008
  25. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    Thanks, I feel much better now! :D
     
Thread Status:
Not open for further replies.