Failing Shields up, all the time now!

Discussion in 'other firewalls' started by Comp01, Mar 25, 2004.

Thread Status:
Not open for further replies.
  1. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    I tried 4 times tonight, re-testing my firewall on Shields up, and no matter what, I always have a BUNCH of random ports that are just marked as closed, here is my most recent test:
    Results from scan of ports: 0-1055

    0 Ports Open
    155 Ports Closed
    901 Ports Stealth
    ---------------------
    1056 Ports Tested

    NO PORTS were found to be OPEN.

    Ports found to be CLOSED were: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
    10, 11, 12, 13, 14, 15, 16, 17,
    18, 19, 20, 21, 22, 23, 24, 25,
    26, 27, 28, 29, 30, 31, 32, 33,
    34, 35, 36, 37, 38, 39, 40, 41,
    42, 43, 44, 45, 46, 47, 48, 49,
    50, 51, 52, 53, 54, 55, 56, 57,
    58, 59, 60, 61, 62, 63, 64, 65,
    66, 67, 68, 69, 70, 71, 72, 73,
    74, 75, 76, 77, 78, 79, 80, 81,
    82, 83, 84, 85, 86, 87, 88, 89,
    90, 160, 161, 162, 163, 164,
    165, 166, 167, 168, 169, 170,
    171, 172, 173, 174, 175, 176,
    177, 178, 179, 180, 181, 182,
    183, 184, 185, 186, 187, 188,
    189, 190, 191, 192, 193, 194,
    195, 196, 197, 198, 199, 200,
    201, 202, 203, 204, 205, 206,
    207, 208, 209, 210, 211, 212,
    213, 214, 215, 216, 217, 218,
    219, 220, 221, 222, 223

    Other than what is listed above, all ports are STEALTH.

    TruStealth: FAILED - NOT all tested ports were STEALTH,
    - NO unsolicited packets were received,
    - A PING REPLY (ICMP Echo) WAS RECEIVED.

    The only thing I have connected to the internet is Trillian (MSN, and AIM protocols only, I only have trillian so it can access through ports 5190, and 1863) and I have all ICMP's blocked (Set in advanced rules), I cannot figure out why i have alot of un-stealthed ports? Is it still safe? and also, I don't know of any other firewalls that I can run (Besides rule-based ones, which I don't want)
    *edit*
    and then after a bit, it'll work itself out, and I'll pass, argh, I don't understand firewalls! :mad:
     
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Try using alternative Online web-scans for secondary opinion....
     
  3. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Hi,

    You have also a look here, may find out something.

    http://www.pcflank.com/

    Gerard
     
  4. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Well, I tested again today, and I failed, the only thing I have running thats online is Mozilla Firefox 0.8, maybe thats what is holding ports so they're not stealth? (Though, I doubt it, as most the time its random ports that aren't stealthed), I am scanning at Sygates site right now, and am going to scan at PCflank in a minute, I justt don't understand this, is it possible its a problem with sygate? or is it I dont have it configed right? (I just use it as an ask/allow type thing, I don't have any advanced rules, except for one to block ALL ICMP traffic), here are my results again, I done the quick scan at Sygate, and I passed (It even scanned 2 of the ports I failed before on Shields up) heres my new test results:
    Results from scan of ports: 0-1055

    0 Ports Open
    47 Ports Closed
    1009 Ports Stealth
    ---------------------
    1056 Ports Tested

    NO PORTS were found to be OPEN.

    Ports found to be CLOSED were: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
    10, 11, 12, 13, 14, 15, 16, 17,
    18, 19, 20, 21, 22, 23, 24, 25,
    26, 27, 28, 29, 30, 31, 32, 33,
    34, 35, 36, 37, 38, 39, 40, 41,
    42, 43, 44, 45, 46

    Other than what is listed above, all ports are STEALTH.

    TruStealth: FAILED - NOT all tested ports were STEALTH,
    - NO unsolicited packets were received,
    - A PING REPLY (ICMP Echo) WAS RECEIVED.
     
  5. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    I tried PCflanks site, and I failed them too! I scanned from port 1 to 8500 it said over 4000 ports not stealthed (Just blocked)
     
  6. NanDog

    NanDog Registered Member

    Joined:
    Jan 22, 2004
    Posts:
    165
    Location:
    Tacoma, WA, USA
  7. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Ok, well, closed still protects my PC, am I not right? it prevents hackers/worms and trojans and viruses that use open ports to enter, am I correct? Also, I don't understand, if I scan more then 2 times on Shields Up, I pass, is it that Sygate has adaptive behaviour? I mean, now when I test, I test with JUST my webbrowser up, nothing else is connected, I don't understand why I keep failing...
     
  8. NanDog

    NanDog Registered Member

    Joined:
    Jan 22, 2004
    Posts:
    165
    Location:
    Tacoma, WA, USA
    IMHO, whether you're "stealthed" or "closed", you're still good! But to add to all the confusion and arguments about which is better, check out this old and very, very long thread at DSLR:

    http://www.dslreports.com/forum/remark,3490473~mode=flat

    I hope this sheds some light on the subject!
     
  9. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Comp01

    Have your results always been like this or is this something new?
    Made any changes recently?

    Regards,

    CrazyM
     
  10. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    I Suspect all you need to add is a few rule sets for example do you have an upper level (above Aps) rule which blocks all TCP out

    Description: Incoming TCP
    Protocol: TCP
    Direction: Incoming
    local endpoint: port = any & application = any
    Remote endpoint: address type = any & port type = any
    rule valid = always
    Action = deny

    In your Aps rule section ck the following:

    for firefox check to see if you have a TCP/UDP restrict both directions placed after your Firefox TCP allow out rule, if you don't you may want to add one.

    also I'm assuming you are not running a local proxy like proxomitron, so I won't get into the loopback issue. If you are more info available here:

    http://www.wilderssecurity.com/showthread.php?t=5367;start=msg120844#msg120844

    [hr]

    sounds like if you repost your config at sygate forum someone will help you there:

    http://forums.sygate.com/vb/showthread.php?s=c1f686bb8bac2ef14e0be705d51860f9&threadid=9173

    Good Luck ;)
     
  11. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    I agree this is the best bet to get the help you seek, Comp01.

    Just wanted to sort out a point or two:
    I agree that there is some argument over whether stealth vs. closed. Personally, I am convinced that closed is often "good enough", however I opt for stealth settings in Outpost. The real issue is that it would drive me a bit nuts if I were shooting for stealth and not achieving it. For that reason I wish Comp01 luck in solving the mystery.

    Also, running your browser, Comp1, (Mozilla or otherwise) isn't what's compromising your test results. Don't lkow if you ever got that question answered.

    I'm confident that you will get it sorted out quickly.

    Good Luck.
    Optigrab
     
  12. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    This sometihng fairly new, it's just now started to happen, the only changes I've done to my system is update the modem drivers, and then went back to the original drivers I had...
     
  13. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    I am running Sygate Pro (plus my router firewall) when I scan at GRC and Sygate SOS I have full stealth report form GRC and Blocked at SOS.

    I had quite a few advanced rules made in Sygate but after many weeks of testing my router firewall and then SPF I have been able to remove my advanced rules bar the one for my AV updater which Sygate's Anti-Application Hijack does not like and also one to allow my router to ping my internal network.

    I have removed 'Act as server' from my applications in Sygate's list, leaving 'Act as Client' for them. I wonder if you have done this as this may well help you get the 'stealth' report at GRC.

    One other thing make sure it is your IP address showing before you scan as this is important.
     
  14. controler

    controler Guest

    I am running only the Windows built in firewall (SP2) behind a Actiontec
    gateway and my scans show better then when I was using a software firewall :D
     
  15. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Is yiour PC behind a router? Is your ISP using a proxy server? If so, that can result in port scanning tests not actually testing your PC and software firewall but the router or ISP proxy in front of your PC/firewall.
     
Loading...
Thread Status:
Not open for further replies.