GRC test failed............

Discussion in 'other firewalls' started by CRoz, Nov 26, 2009.

Thread Status:
Not open for further replies.
  1. CRoz

    CRoz Registered Member

    Joined:
    Jun 18, 2008
    Posts:
    38
    Hi
    Just checked GRC(ShildsUp) and all my Ports shows Closed and few are Open (Port 21,22,23,80) not Stealth.Now im using router Inteno X5668A which one i got from my ISP.

    In router Under
    Management
    Access control -----Services

    Services LAN WAN
    FTP Enabled (YES) Enabled (YES)
    HTTP Enabled (YES) Enabled (YES)
    ICMP Enabled (YES)
    SSH Not Enabled Not Enabled
    Telnet Enabled (YES) Enabled YES)
    TFTP Enabled (YES) Not Enabled
    these are the options
    but im not sure if i need to disable(Unchecked) something from here to get ports stealth.

    Im using Online Armor Premium v4.0.0.10 and thought OA will make all port stealth automatically ..i dont need to configure but now i see i need to configure maybe my router/Modem or OA to make port stealth.

    So if somebody can help me out how can i do this it will be appriciated


    Sorry for my bad English

    Thanks.......
     
  2. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    First, you need to disable all of those services on the WAN side. Then, if you don't need them on the LAN side (you will need HTTP enabled on the LAN side to admin the router) disable what you don't use.

    Closed ports are fine. If you want to try to stealth, OA on the PC won't be involved...it is the router that is being scanned. If the router has a firewall, enable that to see if it gets the ports reported as stealth. If not, there are other 'tricks' but closed will be fine for security purposes.
     
  3. CRoz

    CRoz Registered Member

    Joined:
    Jun 18, 2008
    Posts:
    38
    Thnaks for reply

    Now i disabled all of those services on the WAN side and LAN side except HTTP but still those ports open ...

    what is TFTP?
     
  4. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    Trivial file transfer protocol
    http://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol

    The HTTP should also be disabled on WAN side (again not LAN). These ports open on the WAN allow you (or others) to control functions on the router or pass through to the PC's on the LAN so they should only be allowed on the LAN side if you use them. Make sure you change the password to access the router as well.

    Once those are all disabled on the WAN I would expect the ports to be closed but sometimes a router supplied by the ISP will keep some ports open so they can update firmware or do other admin functions that they want. My ISP modem is also a router and would leave some ports open for the ISP. I ended up putting the modem in bridge mode and buying a router with more functionality. If you have a 'default server' setting to forward the ports to, you could forward those ports to it setting it to a IP that does not exist on your LAN. This would put traffic through the router but it would have nowhere to go and should make those ports look closed to the WAN. I don't know your actual router so I don't have info on the specific setup you would need.
     
  5. XPS743

    XPS743 Registered Member

    Joined:
    Nov 21, 2009
    Posts:
    24
    Shields Up tests your hardware firewall first/ Not your software firewall. They even tell you this.
     
Loading...
Thread Status:
Not open for further replies.