Shields Up & PC Flank Port Scanning

It seems like many users don't understand how these tests work. Shields Up gives you a good explanation if you read all the way through and not just click scan all ports. I have used many different firewalls and I always get the same results in Shields Up and PC Flank. All ports are not stealthed. With Shields Up the first top row or so would be blue then the rest green. Now this test WILL NOT BE accurate of a software firewall but it will be accurate of a hardware firewall. If you are behind a router or a modem with a built in hardware firewall Shields Up and PC Flank will test your hardware firewall first. People panic when the test comes up failed and think Comodo isn't protecting them. So I did 2 tests. One with my 2Wire Gateway DSL modem at default values and running Comodo 3.0. I went to Shields Up and ran the " All Service Ports" scan. The test failed and all ports were not stealthed. Was this Comodo's fault? Was Comodo not up to snuff. Not. Cause Shields Up is testing my 2Wire first. Then I went into my modem settings by typing in my IP address into Firefox's web address bar. Then I saw all my 2Wire modem settings. I went to firewall and checked off "Stealth Mode" and "Block Ping". I then went back to Shields Up and the test passed with flying colors and all ports stealthed. What does this mean? It means that when you fail the Shields Up test don't blame Comodo or any other software firewall you are using. This only applys to people who have a hardware firewall. Also I ran this test years ago and not recently but I thought I would share this info with people to help people understand. Thanks.

 

Unless you are behind a "modem only" device, the results of the scans can be skewed with a hardware device that incorporates a built-in firewall and/or NAT, even if you disable stealth, block ping, or enable DMZ for your machine's ip address, especially if the ip that the scan "sees" is that of your hardware's WAN-side and not that of your machine's.

 

Also, your ISP might be using some kind of proxy which filters port scans.

 

True. My main point of this was that people think if the fail the Shields Up test then there software firewall whether it be Comodo,Online Armor, Zone Alarm,Kerio is not working properly. Which is not true.

 

I'm also behind a NAT router (with firewall turned ON) and when I do a GRC Port scan all ports come up 'stealthed'. This should be okay then?

 

Right, that's the expected result being behind NAT.

 

And people overestimate the value of the "stealth status" and leaktests.

 

There are 65535 TCP and UDP ports in Windows XP. Shields UP! only
checks the first 1056 ports. My NAT router shows perfect stealth at GRC,
but has some ports open above 1056. Nothing listening though.

 

How do you check those other ports (above the first 1056)? Is there a way to check all of those?

 

Go :

HERE

and take the Ranged Security Scan

 

Thanks FadeAway, very useful.

It does make me wonder why GRC only tests the first 1056 ports though.

 

I think it's because these are the ports common Windows services listen on, so they are the most vulnerable to attack.

 

Just imagine how long it would take to load 65535 little green boxes!

IIRC, GRC hits each port with multiple types of attack, so it would
be very time consuming to run them all.

 

Yes.

Those for (typical) home users are the ports to ensure are filtered.

 

So typical home users shouldn't worry about ports 1056 or over (at least when you don't have any other services running etc.)?

 

A program, including a Remote Access Trojan (RAT), can be written
to hold a port open in order to listen on it. The following scan tests
some of the ports held open by some common Trojans.

Try it.

http://www.pcflank.com/trojans_test1.htm

When it completes, look at the ports that it scanned. They are only
a few of the possibilities.

If you already know your machine is clean, then you have no worries.

What I personally use a test like GRC for, is to insure that my firewall
is operating properly. I would not scan all 65535 ports unless I
suspected something, but had no idea what I was looking for.

Just my opinion.

 

On an home user, I would not expect any services on those ports, so at minimal, the high ports should be showing as closed.

If any port on the system is showing open, then checks should be made to see what is listening on that port.

The lower ports are scanned >1056 because users can inadvertently allow services server rights, which can then open the ports used by those services (such as netbios/ dcom etc.)

 

So ports higher than 1056 should be either closed or stealthed?

If I want to find out what the status is of my router ports 1056+ I have to scan them, as suggested by FadeAway for example?