im sorry if already someone made this question, but when it says that a port is closed and not stealthed is that bad? what are the differences? thanx, and sorry for the dummy question..
Hey aerox There are a lot of false reports with a lot of Online Scanning Systems recently; there’s been some discussions few topics below about it… Try getting secondary opinion, use along with other Online Scanning Systems. Whether a closed port is bad it’ll depend if it’ll stay closed and not become open by some means in the future. Closed ports those indicates a Machine exists and normally means the port not being Firewalled and people sees this they could possibly attack you with flood packets which could easily take you out especially with Closed port responses, also could make them investigate you further with probes.
Hi aerox "Closed" is not bad. Open: In order for a port to be open on your system, a service or application has to be actively listening on it. Once an application or service is listening, holding open a port for connections, it is vulnerable to exploitation. Closed: Without any service or application listening on a specific port, any connection attempts to it will result in a closed response. Closed is the normal response your operating system would provide without a firewall. A closed port is secure from unwanted connection attempts and cannot be opened from the outside. Some firewalls can also be configured to provide this normal closed response to connection attempts (sometimes referred to as “reject”). Stealth: Stealth refers to firewalls “dropping” the packets from unwanted connection attempts and providing no response at all. This lack of response would make it appear there is no system there. Both “Closed” and “Stealth” are secure. Regards, weeNym
That is NOT a dummy question. Here is some interesting reading: http://w.hansenonline.net/Networking/stealth.html
I agree fully with the article mentioned above. If i'm running software (OS&Applications) i trust, then that means i trust it to keep closed ports closed and not to be attackable on closed ports. If i don't have that confidence, i can hardly console myself with a firewall. However, that's probably a matter of personal attitude and there's one (pro-"stealth") thing that the author of the above-mentioned articel doesn't mention and that could play a role in your considerations: The upstream router sending "host unreachable" messages back to the scanner if there really was no host presupposes that this router behaves fully protocol-compliant. This may not always be the case. While i don't know any router that drops these by default or can be configured to drop them - in fact i don't know any router at all close enough. But as i understand it protocol-compliance is something that is handled let's say rather flexibly, so it may well be that you have a router upstream which eouldn't spoil your stealth attempt. You'd have to try it out from a remote computer... HTHH, Andreas