Perfect Stealth, yet no Firewall on, HOW?

Discussion in 'other firewalls' started by truthseeker, Jun 23, 2008.

Thread Status:
Not open for further replies.
  1. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    I am running Vista and I have no firewall installed and the Vista firewall is turned OFF!

    Let me please repeat this... NO FIREWALL INSTALLED AND VISTA FIREWALL IS 100% TURNED OFF!

    But I get perfect stealth reports from grc.com SHields Up! and from pcflank.com

    HOW IS THAT POSSIBLE WHEN I DO NOT HAVE ANY FIREWALL INSTALLED AND NO FIREWALL ON?

    The only thing I can think about is that my modem/router is set to use NAPT. My modems Firewall is also OFF. So that only leaves NAPT.

    Does NAPT act as a firewall? If so, why don't people just turn on NAPT in their router instead of using Firewalls?

    from grc.com

    "Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice."

    from pcflank.com

    "Stealthed"(by a firewall) -Means that your computer is invisible to others on the Internet and protected by a firewall or other similiar software;

    " TCP "ping" stealthed
    TCP NULL stealthed
    TCP FIN stealthed
    TCP XMAS stealthed
    UDP stealthed"

    Trojan: Port Status
    GiFt 123 stealthed
    Infector 146 stealthed
    RTB666 623 stealthed
    Net-Devil 901 stealthed
    Net-Devil 902 stealthed
    Net-Devil 903 stealthed
    Subseven 1243 stealthed
    Duddies Trojan 1560 stealthed
    Duddies Trojan 2001 stealthed
    Duddies Trojan 2002 stealthed
    Theef 2800 stealthed
    Theef 3000 stealthed
    Theef 3700 stealthed
    Optix 5151 stealthed
    Subseven 6776 stealthed
    Theef 7000 stealthed
    Phoenix II 7410 stealthed
    Ghost 9696 stealthed
    GiFt 10100 stealthed
    Host Control 10528 stealthed
    Host Control 11051 stealthed
    NetBus 12345 stealthed
    NetBus 12346 stealthed
    BioNet 12348 stealthed
    BioNet 12349 stealthed
    Host Control 15094 stealthed
    Infector 17569 stealthed
    NetBus 20034 stealthed
    MoonPie 25685 stealthed
    MoonPie 25686 stealthed
    Subseven 27374 stealthed
    BO 31337 stealthed
    Infector 34763 stealthed
    Infector 35000 stealthed
     
    Last edited: Jun 23, 2008
  2. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    NAT is your answer. Your computer is on a private IP address that cant be accessed directly by someone outside your lan. Your router has your public IP address and that is where the shields up packets are hitting.

    Cheers
    Jeremy
     
  3. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    While you are on GRC, I suggest you download the security now podcasts. Gibson tends to be good at explaining many of these security concepts. Do take some of his opinions with a grain of salt however, as many security professionals strongly disagree with him on some issues.

    Cheers
    Jeremy
     
  4. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Your answer was very interesting to me. Can you please elaborate in easy to understand terminology.

    And are you saying that I don't need a firewall now?
     
  5. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    So long as I dont have to prove anything :p

    There are two kinds of IP addresses for our purposes, public and private. Private IP addresses are in the following ranges
    10.0.0.0 – 10.255.255.255
    172.16.0.0 – 172.31.255.255
    192.168.0.0 – 192.168.255.255

    These are addresses set aside so that they can be used in internal lan networks such as the one you have created behing your router. (You may only have one computer attached to the router. This is means that your router and your computer are in their own private network). Private address have no routing information on the internet.

    The remainder IP addresses are public (with the exception of 127.0.0.1). This means that these are addresses on the internet and there is routing information on them. So if you say to a router on the internet "please forward this packet to 210.12.56.100" the router would be ok doing that. However if you say to a router on the internet "please forward this packet to 192.168.1.2", unless it actually has a private network attached, it wont know what to do with it.

    The way your router works is that it has 2 'interfaces'. A public internet interface and a private lan interface. When your computer sends out a packet from its private network to the public network, it first sends it to your router. Your router takes the packet from the private lan interface, and puts it on the public internet interface. Before it sends this packet off, it will put in a bit of extra information into the packet so that it can remember where in the private network it comes from. This is packet is sent out onto the public internet to the server you are communicating with. The server sends a packet back to your router. The router looks at the packet to see where in the private network it should go to. It routes it back to your computer.

    Through this process, the server has no direct access with your computer at all. That is why when you run shields up, all the packets hit the router and are dropped and you get a stealth rating.

    This means that NAT routers provide very good in bound protection. However if your computer ever connects to the internet directly (i.e. not through the router and thus will have a public address), will need to have the windows firewall turned on to get inbound protection.

    As to outbound protection, it is still a subject of debate. Personally, I dont believe outbound protection is very important at all. Check https://www.wilderssecurity.com/showthread.php?t=212594 for other opinions.

    Cheers
    Jeremy
     
  6. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Jeremy, I will need to read your message twice to fully absorb it. Thanks for your time writing it.

    Just a question.. When I go to www.getip.com it gives me a number like 125.105. 57.7

    Is that my public or private IP? If public, then you mean all websites and all internet connections only communicate with that IP address, but once any data hits my modem, my modem says,

    "STOP, NAPT IS TURNED ON AND ORDERING ME TO HALT ANY COMMUNICATION AND HALT YOU ACCESSING THE PC THAT IS CONNECTED"

    If that is the case, then how can I even get internet webpages showing on my screen if it doesn't allow data or anyone to see my PC?
     
  7. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    What you see in www.getip.com is your public ipaddress. If you want to check your private ip, goto start --> run --> cmd.exe and type ipconfig.
     
  8. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Ok, so seeing my public address is shown, why do I get stealth reporting when no firewall is installed and no firewall is on?

    Because you said earlier, "This means that NAT routers provide very good in bound protection. However if your computer ever connects to the internet directly (i.e. not through the router and thus will have a public address), will need to have the windows firewall turned on to get inbound protection."

    As you now know, my public address is shown. Yet I dont have a firewall on, yet still get stealth reports.
     
  9. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    When computers outside your lan communicate with your computer, they do so through the your router and only see the public address e.g. www.getip.com is outside your lan so it is seening your public IP. This public IP is owned by your router and hence when you goto grc.com and ask them to scan you, it only sees your public IP and scans your router, which presumbaly doesn't respond at all and gets a "true stealth" rating.

    Now when your computer connects to the internet directly, it is doing so without a router infront of it. This means that your computer will have a public IP and when you goto grc to scan, it will scan your computer and presumbly if you have your firewall turned off, it will find open ports.
     
  10. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    What do you mean when you say "when your computer connects to the internet directly"? How can my PC connect to the internet "indirectly"?

    And that's the thing, firewall is off, yet it doesn't find any open ports. WHY?
     
    Last edited: Jun 24, 2008
  11. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Your router is being scanned, not your computer so it doesn't matter if the firewall on your computer is turned off.
     
  12. argus tuft

    argus tuft Registered Member

    Joined:
    Sep 20, 2006
    Posts:
    280
    Location:
    Australia
    Think of the router as a middle man, who intercepts all communication between your computer and the internet. As all communication is intercepted, it is an indirect communication.

    I think you may be confusing a "modem" with a "router", which is quite understandable, as they are often both contained in the same unit.

    HTH :)
     
  13. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Right. Routers should not confused with modems. Modems can be internal (add-on circuit board) or external (self contained unit) to the PC. Routers are always outside the PC (self contained unit) and can direct communication traffic between networked computers. Modems can't do that (or at least none that I have ever come across).
     
  14. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812

    all in one Router modems can Linksys makes them actiontec uses them constantly. it has a Firewall and the ability to DIAL UP even if needed. or use a DSL connection coming in. A lot of cable providers are going to the same type of thing to save IP address. they give you a 4 port modem/router basically.
     
  15. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Ok, thanks everyone for the info.

    Then I have concluded... that with my router and NAPT enabled on it, I never need to install a firewall or use the Vista Firewall.

    Because I get perfect stealth reporting even when no firewall is installed and even when Vista firewall is OFF.

    And I do not need 2 way monitoring, because my PC has been checked and it came up clean according to the KasperSky scan I did, and I never install any 3rd party software anyway.
     
  16. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    If it is a laptop I think it still may be good practice to keep the Vista firewall on just incase you move to an external network and forget that it is off.
     
  17. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Move to an external network? What do you mean?
     
  18. henryg

    henryg Registered Member

    Joined:
    Dec 13, 2005
    Posts:
    293
    I think he means public WiFi's such as Starbucks, etc.
     
  19. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    You mean if I take my notebook and plug it into a router at Starbucks? LOL :p
     
  20. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Most laptops have wireless these days, maybe its time to get a new one? :rolleyes:
     
  21. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost

    By the way, usually with NAT you should get all ports closed and not stealthed.
    So the router is more than a simple NAT device...

    Fax
     
  22. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Mine has wireless, but I use broadband from home only, through my phone line.
     
  23. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Well all I can tell you is that NAPT is ON in my router, and grc, and plcflank reports STEALTH for all the tests.
     
  24. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Do you know the model?
    Can you access to the router interface via http?

    In any case, it should have more than NAT enabled to give stealth state.
    Moreover if it rejects also WAN pings....

    Cheers,
    Fax
     
  25. mfenech

    mfenech Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    46
    I believe that's incorrect. Having NAT enabled should show 'stealth' on all ports for the GRC test.
     
Loading...
Thread Status:
Not open for further replies.