Am I REALLY At Risk?

Just ran a Shields Up! test on my wireless laptop while evaluating a copy of Online Armor. I do not change software FWs very often, so I forget exactly what the test results were for other FWs I've used in the past (Kerio, ZAF, Comodo, McAfee), but I'm pretty sure that all ports were stealth. Now the report while using Online Armor comes back as follows:

Thanks, Jim

The report won't format correctly here, so:

1)Port
2)Service
3)Status
4)Security Implications

0 <nil> Stealth...There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

21 FTP...Closed...Your computer has responded that this port exists but is currently closed to connections.

22 SSH...Closed...Your computer has responded that this port exists but is currently closed to connections.

23 Telnet...Closed...Your computer has responded that this port exists but is currently closed to connections.

25 SMTP...Closed...Your computer has responded that this port exists but is currently closed to connections.

79 Finger...Closed...Your computer has responded that this port exists but is currently closed to connections.

80 HTTP...Closed...Your computer has responded that this port exists but is currently closed to connections.

110 POP3...Closed...Your computer has responded that this port exists but is currently closed to connections.

113 IDENT...Closed...Your computer has responded that this port exists but is currently closed to connections.

119 NNTP...Closed...Your computer has responded that this port exists but is currently closed to connections.

135 RPC...Stealth...There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

139 NetBIOS...Stealth...There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

143 IMAP...Closed...Your computer has responded that this port exists but is currently closed to connections.

389 LDAP...Closed...Your computer has responded that this port exists but is currently closed to connections.

443 HTTPS...Closed...Your computer has responded that this port exists but is currently closed to connections.

445 MSFT DS...Stealth...There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1002 ms-ils...Closed...Your computer has responded that this port exists but is currently closed to connections.

1024 DCOM...Closed...Your computer has responded that this port exists but is currently closed to connections.

1025 Host...Closed...Your computer has responded that this port exists but is currently closed to connections.

1026-1030 Host...Closed...Your computer has responded that this port exists but is currently closed to connections.

1720 H.323...Closed...Your computer has responded that this port exists but is currently closed to connections.

5000 UPnP...Closed...Your computer has responded that this port exists but is currently closed to connections.

 

Short answer: No, you are not at risk at all..

 

Long answer: You are not at risk at all, but you are kind of....sort of....just a little bit....I think.

 

I don't think 'stealthed' port really make you 'more secure'. It just means that your computer sends a packet back telling the machine scanning you that the port is closed instead of not responding at all. The person scanning your computer will know that there is a computer at your ip address. But nothing can be done to closed ports.

-----

Edit: Grammar/syntax

 

Exactly....

 

I thought OA was supposed to stealth ports. The idea behind stealth was that a port scan should not be able to detect there is a computer at that IP address. So, someone knows there is a computer at that IP address. Despite all this BS about DOS attacks on individual computers, I don't think anyone is going to bother unless its a server. Anyway, I agree with the others, find something else to worry about, or get a different firewall.

 

May be there is a router in-between?

Fax

 

Yes, I am using a 2wire wireless router with the laptop. Does that make a difference? When I was Kerio and Comodo it didn't seem to make a difference, as all ports were reported as "stealthed". Only using Online Armor are they not. But, like a previous poster on this thread stated, do I really care as long as the ports are closed?

Jim

 

No, you shouldn't care.

Blue

 

I always thought that Stealthing is when the computer (or router) does not reply at all to requests on ports that it wishes not to be detected on,in other words your computer is invisible

 

Well, yes and no. Since no "host unreachable" message is returned, you're there, but you're not talking.

Blue

 

But a stealthed port isnt sending a packet back telling the machine scanning you that the port is closed etc.

Thats what a closed port does surely.(refer post Huangker).

 

Quite correct, but to be invisible..., people can't know whether you are there or not. Clearly you are there since you're not "unreachable", hence, you're not "invisible" and therefore stealth doesn't accomplish the desired goal (invisibility).

Blue

 

Blue-thanks for that,was just pointing out the wrong definition given previously

Hairy

 

What does the actual RCF state should be done by a computer with a closed port and what does it state about a routers action if a computer isn't there?

 

I am confused by this issue.

At the site http://www.grc.com, a firewalled system or hardare firwalled system that reveals "open" or "closed" ports is designated as FAILED. Only port scans showing complete stealthing are designated as PASSED.

Is there no real advantage as Gibson argues to having ports stealthed instead of just closed? I ask this because my new hardware router reveals closed ports whereas my previous software firewall indicated complete stealthing.

 

I'm not an expert in the whole stealthing vs closed issue. But the bottomline is both stealthed and closed ports are somewhat analogous to doors of one's home being closed and locked.

However, it is my understanding that stealthed ports are useful because it hides the actual status (whether it is opened or closed) of the ports from hackers with port scanning PCs by acting as a blackhole. The port may be put on a stealth status towards some port scanning PCs but it is opened for communication for legitimate purposes (You may need to keep your PC malware free, otherwise, even malware's communication with the a remote server over the Internet is considered legitimate and can subject your PC to security risks.)

I'm here to be educated about issues like this so please correct me if I'm wrong.

 

Tested XP's Firewall on the Gibson site and the surprising results (to me anyways) was:

0 Ports Open

1 Port Closed

1055 Ports Stealth

Closed port was: 113

So I guess this partition is pretty safe even with only the XP homegrown firewall!!

To me this is astounding as I have heard so much negative flack directed at XP's firewall (or could it be that I am not understanding something correctly?)

 

XP firewall's inbound filtering is excellent. It just does not filter outbound traffic, which is not a concern for most pc users anyways. Are you behind a router by any chance? The closed status of 113 makes it seem so.

 

Yes, I do have a (hard wired) router just as you predicted!

This forum sure has informed members--thanks for you insights on XP's firewall as I was uninformed on it's outbound deficiencies--cortez

 

Thanks for the information.

This link provides a relevant discussion of the value of allowing stealthed versus closed ports:

http://www.dslreports.com/forum/remark,3490473

 

It's funny how we all seem to discuss the ports as though they were tangible objects, just like the physical doors in a building, doors that can either be opened or closed, when in reality we are actually dealing with huge numbers of electrons flowing in both directions down a set of wires, plus some sophisticated control software.

I'm not trying to sound paranoid here, but our ports are merely software structures that can filter information patterns. Suppose these ports aren't quite as real or as solid as we think? Suppose there are hidden ways "around" the ports? To go back to the building analogy, suppose we've got people peeking in through the windows, coming down the chimney or beaming radar right through the walls? Our "doors" are closed. Are we still safe?

 

No problems. Just so you know, it was your router being scanned and its ports responded (or actually didn't except 113) with the stealth status. Even 113 showing closed is nothing to worry about. You could disable XP's firewall since nothing unsolicited is getting past the router and XP's firewall is not even seeing the scans. This is ok as long as your pc is the only one connected to the router. If the pc has wireless and/or you plan on adding other pcs to the router to form a small LAN, then you should keep the XP firewall enabled or use a different, 3rd party software firewall.

 

Yes you are safe.

 

Thanks, I feel much better now!