Port 80 and 113

Discussion in 'other firewalls' started by jon_fl, Oct 9, 2004.

Thread Status:
Not open for further replies.
  1. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    I believe everybody has ports 80 and 113 blocked but not stealthed. Is it possible to stealth them and still use the internet or is it an inherent situation that is no big deal? Can I get your take on this? Thanks! :ninja:
     
  2. Judge

    Judge Registered Member

    Joined:
    Sep 17, 2004
    Posts:
    6
    Location:
    London
    What software firewall are you using? Do you connect through a router?
    It should be possible to configer both to fully stealth these ports whether you use only a software/hardware or both.
     
  3. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    I have a Linksys router and ZA Free. If I fully stealth these will I have a problem connecting to the internet? Thanks. :)
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I have a linksys router and all ports are stealth
     
  5. Deke

    Deke Registered Member

    Joined:
    May 30, 2004
    Posts:
    42
    Location:
    Texas
    Seeing is believing.
     

    Attached Files:

  6. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Depending on configuration options for your router you may be able to "stealth" these ports if they currently provide a closed response to remote scans. Closed is still secure.

    This should not impact connecting to the Internet as that is outbound traffic and most basic NAT routers permit all outbound traffic.

    Regards,

    CrazyM
     
  7. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    Sygate test showed 2 blocked, but unstealthed ports. GRC showed 1 blocked, but unstealthed port. Can anybody tell me how I can stealth the ports?

    ZA free & Linksys wireless router. Router is hard wired with wireless disabled.
     
  8. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
  9. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    My first impression was that these ports being blocked and not stealthed was no big deal. I'm leaning towards it not a big security issue.
     
  10. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Blocked(closed) VS Stealthed(filtered or absence of response) ?

    Stealthed sounds so marketable\high tech :)
     
  11. Cyber Surfer

    Cyber Surfer Registered Member

    Joined:
    Aug 26, 2004
    Posts:
    41
    You need to configure your router to stealth Port 113 using the instructions at:

    http://www.tweakxp.com/display.aspx?id=123948

    This will stealth Port 113 on Linksys Routers. Most routers need to be configured to stealth port 113. My D-Link was the same. I now have it stealthed and there is no change on connecting to the Internet. ;)
     
  12. Deke

    Deke Registered Member

    Joined:
    May 30, 2004
    Posts:
    42
    Location:
    Texas
    Here is some info on the subject from Sheilds Up:

    Why isn't my Port 113 Stealthed? I'm using a firewall to stealth my entire machine, but the ShieldsUP! port probe shows port 113 to only be closed instead of stealthed! What gives?
    Port 113 is associated with the Internet's Ident/Auth (Identification / Authentication) service. When a client program in your computer contacts a remote server for services such as POP, IMAP, SMTP, or IRC, that remote server sends back a query to the "Ident" server running in many systems listening for these queries on port 113. Essentially, the remote server is asking your system to identify itself . . . and you. This means that port 113 is often probed by attackers as a rich source of your personal information.

    You may recall, from my explanation of Stealthed ports, that attempting to connect to a stealthed port is both costly and painful for the contact initiator — which is why it's so cool to stealth our machines. But the problem with simple stealthing of port 113 is that we don't want to hurt the servers we are trying to contact when they turn around and send us their IDENT query. If they get no response at all from their port 113 query, our connection to them (which initiated their query in the first place) will be delayed or perhaps completely abandoned.

    Note that not all servers generate IDENT queries. So, depending upon your ISP, stealthing port 113 may not be any problem for you. However, you'll note that requirements for port 113 are common enough that most mature firewalls (BlackICE Defender, AtGuard, NIS2K, etc.) include built-in default rules allowing IDENT queries to pass through. These rules result in the IDENT's status being "closed" rather than "stealth."

    So what can you do?

    You may be able to remove or disable your firewall's default rule for IDENT (port 113) and run it in full stealth mode without trouble. If you do this, keep on the lookout for trouble connecting to less common servers, like IRC, which might have problems that you haven't encountered before.

    Or, you can leave the default rule in place and live with your system's IDENT service port being visible to the outside world. Be aware that this provides a means for intruders to detect an otherwise stealthed computer. And they'll know you're running a firewall since other things are stealthed, but not port 113.

    Or, you can switch to the very latest, highest technology, and best adaptive firewall which is smart enough to stealth this port against random probes, while still showing it as "closed" to queries from valid servers . . .


    ShieldsUP! shows my ports as 'Closed' and not 'Stealth', but I want Stealth! How do I get 'Stealth'?
    'Stealthed' ports are a, strictly speaking, a violation of proper TCP/IP rules of conduct. Proper conduct requires a closed port to respond with a message indicating that the open request was received, but has been denied. This lets the sending system know that its open request was received so that it doesn't need to keep retrying. But, of course, this "affirmative denial" also lets the sending system know that a system actually exists on the receiving end . . . which is what we want to avoid in the case of malicious hackers attempting to probe our systems.

    I coined the term 'Stealth' when I developed this site's port probing technology to describe a closed port that chooses to remain completely hidden by sending nothing back to its attempted opener, preferring instead to appear not to exist at all.

    Since 'Stealthing' is non-standard behavior for Internet systems, it is behavior which must be created and enforced by means of a firewall security system of some sort. The native TCP/IP interface software used by personal computers will ALWAYS reply that a port is closed. Therefore, some additional software or hardware, in the form of a 'stealth capable firewall' must be added to the computer system in order to squelch its "closed port" replies.

    To get full stealth-mode status from your system, I highly recommend using the completely FREE ZoneAlarm 2 firewall from ZoneLabs, Inc. Visit their website at www.ZoneLabs.com to learn more about this excellent and free firewall, then download the latest version.
     
  13. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Some of the Linksys firmwares are being updated to allow users to stealth port 113 in the configuration. Check that you are running the latest firmware for your router.

    Regards,

    CrazyM
     
  14. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Putting on devils advocate hat for the sake of discussion ;).

    One of the security advantages of having a router is that it blocks unsolicited inbound traffic from the WAN. Why would you want to let this unwanted traffic into the LAN by forwarding it through the router, albeit to an unused IP?

    Regards,

    CrazyM
     
Loading...
Thread Status:
Not open for further replies.