Ports stealth, ok, but are they really block

Discussion in 'other firewalls' started by Mido, Dec 24, 2007.

Thread Status:
Not open for further replies.
  1. Mido

    Mido Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    46
    I group,

    In Jetico 1, Kaspersky share a table with AVG AS, a-square, SpywareBlaster...,this table is call from "Ask User" and use for update.
    May I let open all ports and any protocol for this AV.
    Even if this rule "application" is identify at Kaspresky, is it will not let some opening doors for spy...?

    Usually they firewall test will show if ports are stealth, but if we want to know if they are really block, where or how can we test that?


    About ARP protocol, I saw on a topic, Jetico 2 have in the registry a parameter key with 2 lines for setting in millisec.
    With Jetico 1, do we have this possibility with another key or/and Jetico variable name.

    Jetico 2 look like have at least two rules for manage ARP "on the topic above", I saw on the pic from a log, some lines where ARP were accept and others lines where it were reject.
    In Jetico 1 we have only one line for ARP "all allow", perhaps I could add a rule, how look like ARP rule in Jetico2.

    Thank.
     
  2. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    An online firewall test will show you if a port is stealth, closed or opened. Only if a port is opened the communication with that port is possible. If the port is closed or stealth there is no danger.
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello Mido,
    No, AV/AS should not need an open port to function, all that is needed by most, is the ability to make outbound for updates. Some now, as with local proxy will need inbound from localhost, but realise this is not unsolicited inbound from the internet that is needed. Some Av`s etc do have an "alert" function, which will actually send info to the Av to make an update, but this is an option,... only allow inbound to applications that actually need this.

    Directly no, but indirectly it can,.. but this is a problem with all security setups.

    A stealth port is a port that is closed, but no responce is given to show this. There is actually no way to actually garantee that a port will remain stealthed/closed, as this will depend on if an application is actually listening on that port, and if rules are in place to allow such inbound when the application is actually active/listening.

    This as been added due to request (from myself) due to the introduction of the ARP SPI, there are currently 2 entries (as you mention) one is for timeout for reply (due to Blocking of unsolicited replies), the other is for time between requests(to prevent request ARP flooding)

    No, Jetico1 only allows or denies ARP, there is no SPI

    The pics you have seen are probably posted by myself on another forum, and will show how changing the timeouts for such as requests will allow only so many requests per second. Such modification, as mentioned, is not available in Jetico1
     
  4. Mido

    Mido Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    46
    Stem,
    group,

    Then if have well understand, Jetico 1 stay with an ARP protocol problem, fail.

    Any trick for manage that, from Jetico or an other external soft?

    Thank.
     
Loading...
Thread Status:
Not open for further replies.