No Firewall & No attacks ?

Good for you to open this subject!

You will get flak... but not from me.

I use a 3rd party FW BUT not really for incoming packets or port stealth although that is certainly a good thing (IMHO).

Users don't HAVE to use a 3rd party product for outbound control if they have the latest Windows FW as it now has outbound as well as incoming control.

My primary reason is I WANT on MY setup to control/manage which exe can access the www. Many products ask for access BUT just because they ask doesn't mean (IMHO) that they need it or should have access.

I want to manage what leaves my setup it is a privacy tilt if you prefer.

You are right and have shown that router will provide protection against incoming.

 

after installing a firewall you get the same results i am pretty sure

please confirm

 

Agreed

Well i didn't uninstall my FW, just shut it down for the tests

With the FW running i get FULL stealth from grc.com without the FW i get all those ports tested as closed, except 135. If you look back at my screenies i show ones for both options

 

your modem act as some firewall and closing ports

that mean the software you install for usb modem make it closing ports that why it show blue ports of like router but its not router as your 1sp address is same so your usb software or some other software is blocking ports

but when you install any firewall on your system it over take and make it stealth

this would be never happened if you are using router base modem they still show you get open ports no matter which software you use what ever block unless you block them on router mode

what they does is NAT ie....... your isp IP address end (terminate) on router whereas your software base firewall work on your pvt address so your pvt address become stealth but isp address still show open ports as it terminate on router end

and your pvt address which is on your software firewall working is stealth mode but cannot read by grc because of natting


natting process of converting your ISP (public) address to private address (lan address)

or you can say hiding your real pvt address

but here in your case what ever security is blocking is software base and its not natting as you get same address not converted to pvt address

stealth mode means cannot know if your PC is on or off

close mode means you PC is on but blocking ports any open port vulnerability may to you in future problem

because he/she know your system is on and 135 port is open

so i highly recommended you use software firewall and make it stealth mode

 

Closed ports do not necessarily mean a NAT or a firewall. They can be simply non used ports by the OS or third party software that by default will be in a closed state. According to the user there is no conversion (same IP as external IP) so... no nat ... no firewall.

 

Before & after DCOMbobulator with FW



Rebooted & shutdown FW



Tested with -

.





As shown earlier, ALL other tested ports are stealthed with the FW running, & closed except for 135 without the FW. Now after using ****** 135 is also closed

@ mack_guy911

Thanks for posting

@ fax

Thanks for clarifying

 

Agree with you my friend

 

FWIW, right now as I post I have 21 ports "in use".

3 from SYSTEM,
2 from WININIT,
2 from SERVICES,
2 from LSASS,
11 from SVCHOST,
1 for FIREFOX.

So what is the difference twixt "in use" and "stealthed" ?

 

I think it's because you have services or programs "listening" on those ports, so they are "in use", but a firewall can still hide (stealth) those ports from the outside world.

BTW, I believe Wilders member Stem has tried very hard to emphasize and get across to people the importance of a firewall for properly handling network traffic, especially with regards to the way they detect and thus handle suspicious packets while a connection is in progress. Just sayin'

 

Exactly.

The issue for FW's in and out packets is filtering them. Stealth-ed is good but NOT the main point (IMHO)

Stem has not been as active as he once was which is not good for us BUT his posts remain to make these points.

How a 3rd party product handles or mishandles packets in my view determines a key quality or value item of that product.

The other is the ease of making rules including rules that apply to the vendors executables as well as browsers etc.

I have a 3rd party FW that only recently allowed me to block feedback to their home site.

 

Using WinXP SP3 on a laptop with built-in Toshiba Software Modem - I get the same result at GRC when I turn off my firewall.

I did the same test in 2005 with Win2K - I ran for 4 days with not a peep. I was hoping to catch MBlaster via the open port 135 but nothing...

I've always thought that the OS keeps ports closed except when services or applications do something. Port 135 is open for Microsoft Services - via Netbios , I think, and there is a way to close it but I don't remember.

Nonetheless, some type of inbound protection gives secure, easy control over everything w/o having to fiddle underneath in the OS, unless one is so inclined.

Running w/o such protection is certainly not for the faint of heart!


regards,

-rich

 

@ Rmus

If you look at my Post # 2 screenie, you can see without the FW it shows ALL except Port 135 Closed. 135 was OPEN

Well that's how it should be, so good to hear

Naughty

Once i'd used DCOMbobulator 135 is now closed too

When i had 98SE i disabled Netbios by renaming a DLL But on XP & maybe later OS's you can't AFAIK !

Thanks for testing

 

Just had a response to my Broadband USB stick modem Ports question on the other forum

It has not got NAT therefore all ports except SMTP and also several others are OPEN

I've asked for more info on this & will post if/when i get it

So it would "appear" that my OS had them All closed ? apart from initially 135 which i've now closed. If so

 

when not used they are closed, probably they mean that a certain number of ports can result open when used by the USB dongle

 

That being the case, LWM, then the folks who claim that stealth is a false sense of security, and no more secure than closed, may not be seeing the whole picture?

 

@LowWaterMark;

Very very nice explanation there. Reading the thread posts really got me confused into thinking what is the reason why CloneRanger has these ports closed in the first place.

@CloneRanger;

While doing that experiement that you did, were you by any chance running an application or a combination like media players or text/image editors editors as you were undergoing ShieldsUP testing?

 

Hi Low:

So when my FW SW shows certain ports as being "in use" for services etc can I assume that this is the same wording meaning these ports are being held "open" for possible traffic?

I have ports open that rarely or ever show any traffic at all. LSASS:EXE 680 local port 49155 for TCP and for TCPv6. SVCHOST.exe process id's 864,964 132 are other examples.

Comments?

 

Here is what my firewall is "Listening" to:



It's listening on Port 445 but that doesn't mean anything can get through without my permission, as my firewall log shows an attempted intrusion on that port being blocked:



Even without this rule, the firewall won't permit an inbound connection without permission. A rule just eliminates constant nag alerts!

The only port that I permit inbound is Port 53 for DNS, and the firewall rule specifies a specific IP address and application so that anything else attempting to intrude via that port is blocked:






Note that even though GRC shows my Port 135 OPEN when the firewall is turned off, when enabled, the firewall blocks any attempt to intrude through that port:



A firewall really simplifies protecting from internet intrusions.


-rich

 

It's my understanding that a computer unprotected by any kind of firewall, whether it be software or hardware based, is not necessarily exploitable from the outside as long as the services listening on the local ports are not currently exploitable. There was a Wilders member some years ago who openly invited anyone and everyone to try and breach his unfirewalled computer, offering up his ip address, but to my knowledge no one was ever successful. It came down to the fact there were no port-listening services or programs that were exploitable, or at least nothing anyone was able to exploit. I'm not suggesting to run firewall-free (I'm one of the biggest proponents of firewalls in this forum, in fact ), I'm only relating what I know took place some years ago, maybe around 2006, I believe. BTW, the Blaster worm in early 2000's exploited the Win XP DCOM RPC vulnerability. A simple firewall protected against this until MS patched it.

 

Hello,

You will still be getting the inbound, it is just that you are not monitoring it.

Not the correct software to monitor unsolicited inbound/outbound unless those inbounds/outbound make an actual connection.

If you want to monitor, then try Wireshark, it will show you any unsolicited inbound and how the OS responds to such.


A closed port is not actually closed as such. It is open and will allow unsolicited inbound, if there is no application awaiting an inbound, then the system will respond with a RST/ACK to that inbound, to reset/close the attempted connection. Scans, such as shields up see the RST/ACK response and declare it as a closed port.

 

@ fax

Thanks

No players, but i was just surfing as per usual, including to here. I did have Metapad open & using it, but doesn't update I was also using FSCapture/XnView/FastStone image etc viewers/editors, but they are set to not update either. Nothing on here Auto updates

Seems that way.

Ill PM you the link

OK

OK

Interesting that your Port 135 is also open, as mine was ! Wonder what it's for ?

@ wat0114

Thanks

Ooh, i thought i was but i take note of what you say about the Apps i used

I tried not long back, but for "some" reason/s i couldn't get it work, and/or i didn't know how to use it correctly

OH ! Sounds a bit confusing at first, but i see what you're saying.

*

Thanks to Everyone for your recent replys, even better than i had hoped for