No firewall will stealth my ports - no router stealth mode

Discussion in 'other firewalls' started by tscv11, Oct 16, 2012.

Thread Status:
Not open for further replies.
  1. tscv11

    tscv11 Registered Member

    Joined:
    Mar 7, 2012
    Posts:
    9
    Location:
    USA
    Well I guess the title of this post says it all. I test my ports with GNC Shields Up! and it shows most ports as closed, but several are shown as open. I've been using Comodo for a long time. I used to go to GNC and all of my ports would be stealthed. I have not changed anything in the router because there are no options for stealth (that I can see), other than blocking certain services, which according to ShieldsUp! doesn't make any difference.

    Can anyone tell me how to go about researching this and fixing the problem? I don't know where to start.

    Thanks!
     
    Last edited: Oct 16, 2012
  2. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,441
    There's no need to stealth ports as long as the critical ones are closed. With modern broadband modem/routers - its impossible to stay "cloaked" on the Internet. As long as your system is secure, it doesn't really matter who "sees" you online.
     
  3. tscv11

    tscv11 Registered Member

    Joined:
    Mar 7, 2012
    Posts:
    9
    Location:
    USA
    Thanks for the reply! You jumped on that immediately, which I appreciate. One more thing, if I may - does anyone know where I can find a list of the ports that should be closed?

    Thank you!
     
  4. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    If you have a router between your PC and the Internet, it is primarily that router that will determine the results you see when conducting a GRC ShieldsUp test. Given what you've said, two questions come to my mind:

    1) Is it normal for your particular router to respond to traffic on unused ports? IOW, is it expected that unused ports would be shown as closed rather than stealthed? A little research using your router's model number (and possibly firmware level) as keywords may answer that question. Curious is your "I used to go to GNC and all of my ports would be stealthed" comment. At the time you last got those results were you using the same router?

    2) What ports were reported as open and why? Is this due to an FTP or HTTP server running on the router, providing something that you don't want enabled? Is this due to UPnP being enabled on the PC & Router, with software on the PC punching holes in your router that you don't want opened?
     
  5. tscv11

    tscv11 Registered Member

    Joined:
    Mar 7, 2012
    Posts:
    9
    Location:
    USA
    Guess I've got my work cut out for me!

    To answer your questions:

    The scan showed these ports as open: 22, 53, 80, 81, 135, 137 and 444.
    I was using the same router when the scans showed stealth on all ports.

    I think I understand some of what I may need to do from your last post (thanks).

    Any other advice is certainly welcome!
     
  6. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    When you saw the more recent, unexpected results were you using a special browser to visit the GRC ShieldsUp site or were you configured to use a VPN/proxy?

    Down a bit on the ShieldsUp entry page it shows a machine name and then on the test results page it shows an IP Address. If you were directly connecting to the GRC server, that machine name and IP Address would correspond to your router's WAN/upstream interface and thus the test packets would be sent to you (what you want). If you were connecting through a VPN/proxy, its machine name and IP Address would be displayed and the test packets would be sent to it (what you don't want).
     
  7. Sir paranoids

    Sir paranoids Registered Member

    Joined:
    Oct 20, 2012
    Posts:
    101
    Depends what you use your computer for but imho block the following ports 1-1024~3389.
    --------------------------
    Do not block the following.

    20~21~22 ftp "optional"
    53 dns {web browser}
    80 http {web browser}
    443 HTTPS (Hypertext Transfer Protocol over SSL/TLS) {web browser}
    ---------------------------

    137~444 "NetBIOS ~telnet crap " block block block! o_O hackzor alert.

    I block more then that my self but that's just me

    Don't know why you have 81 and 135 ruining my self id block em. :cautious:

    Watch your back big time if you see port 23 and 3389 open up.

    As well if your roter behaving differently then it use to, my self id do a good once over and if i don't like the smell id probably do a full reinstall.

    Mind doing a {run ~ cmd.exe} netstat -a -n at the commend line ? and posting it ?

    btw if you have a static ip remember posting a road map for black hats that might be reading this could be a bad idea....
    block your home ip numbers ..their not needed just ports in the command line.

    edit:fixed typos.changed ftp port list
     
    Last edited: Oct 22, 2012
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    True. When you run these web "stealth" tests, it is your router that is being tested not your firewall.

    Whether your router "stealths" all ports usually depends on its built-in firewall and what settings are set pertaining to use if its WAN and LAN interfaces. On My Netopia 3347 router the firewall has three setings; stealth all ports; stealth all ports except the normal internal network ports; and block all traffic.

    If your router's firewall is set to stealth all ports and these web tests show open ports, then it is possible your router is hacked or malfunctioning. Best way to correct this is to do a hard reset on the router which will reset everything to factory default values. Just make sure your remember what your ISP provided login and password is since you will need to reenter them in the appropriate router GUI fields. Then you will need to reset any other options you had previously set up on the router including it's firewall running mode which should be the "stealth" option.
     
  9. DBone

    DBone Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    1,041
    Location:
    SoCal USA
    I have an ATT 2Wire router NAT firewall and it has an option to stealth all ports, which of course I use. Using the ShieldsUp! All Service Ports test I get:

    "Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice."
     
  10. guest

    guest Guest

    Here are my results using Look'nStop
    out going filter only and router
    could not upload more image's
     

    Attached Files:

Loading...
Thread Status:
Not open for further replies.