Shields Up: Please help my understanding

Discussion in 'other firewalls' started by gud4u, Dec 11, 2007.

Thread Status:
Not open for further replies.
  1. gud4u

    gud4u Registered Member

    Joined:
    Nov 9, 2004
    Posts:
    206
    A number of current firewalls pass the Shields Up tests (Comodo, Online Armor, etc.) with a direct internet connection.

    When I install my NAT Router (DLink EBR-2310) ahead of my software firewall, Shields UP 'Common Ports' test reports 'Failed' - because Port 113 is reported as closed, rather than stealthed.

    Perhaps I'm simply ignorant (thus my request for help), but is my internet security really compromised simply by making my router port 113 visible?

    Thanks for your help!
     
  2. Vettetech

    Vettetech Former Poster

    Joined:
    Nov 24, 2007
    Posts:
    339
    Re: Sields Up: Please help my understanding

    As far as I know closed is closed. No access. Cannot get in.
     
  3. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    Re: Sields Up: Please help my understanding

    Closed is closed; however, Stealth is no acknowledgment that it even there.
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Whether or not your security is at risk comes down to opinions regarding the value of stealth. For those that believe in stealth, they want all ports to be unresponsive to unsolicited connections. For those who don't believe in stealth, closed is closed, and closed means no one can get in.

    Either way is fine. If you want to pass the full stealth test, you should check your router documentation and configuration screens. A lot of routers have special settings for TCP port 113. Look for references to IDENT or Filter IDENT in the various security tabs in your router. My linksys router has a [ ] Filter IDENT check box in the Security > Firewall tab.

    If I don't check that box, everything is stealth except for 113. The explanation for why this port is commonly not filtered is in the report you get at Shields Up, just click on the 113 in the results.

    Personally, I don't run stealth at all anymore, so all my ports are responsive, as is ICMP, as well.
     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Same thing I got when I installed my router a few years ago. The solution, if you desire stealth on all ports, is to go into the router admin screens and forward port 113 to an unused internal IP like 192.168.0.200, one that your router isn't using. Read up in your router manual or online about how to log in as admin and also forward ports.
     
  6. gud4u

    gud4u Registered Member

    Joined:
    Nov 9, 2004
    Posts:
    206
    Thanks for your help and advice.

    I have looked into setting this router to stealth Port 113, but it can't be done on this EBR-2310 with the latest DLink firmware - though some other DLink models can be stealthed.

    Can you recommend an inexpensive wired NAT router that can be configured to stealth port 113? Vendor is irrelevant, so long as it features full SPI protection and stealthing ability. It seems stealthing capability is not an advertised feature for routers.

    Thanks again for your help and advice!
     
  7. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
  8. Bluenile

    Bluenile Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    122
    Location:
    UK
    I found this a bit worrying regarding the value of being stealthed:

    Being "stealth" doesn't really add any security at all, nor does it really hide you from anyone else. Anyone who wants to really know if there's anyone at a give IP address will have no difficulty seeing that you're really there because you are trying too hard to appear not to be. Since stealth is violating the normal rules of network connectivity, it makes you more visible, not less.

    http://www.hansenonline.net/Networking/stealth.html

    According to that it decreases your security! can this be true?
     
    Last edited: Dec 18, 2007
  9. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    Actually I saw the same concept expounded by Avira employees in the Avira Forum in response to my contention the the Avira Suite closes (but does not stealth) ports 0 & 1 when the firewall is set to high. This is a truism-not debatable. They admitted to me that their firewall "needs work", and all top-notch firewalls stealth all common ports-that is reality. (Test any Matousec highly rated firewall with the GRC Shields Up test and you will clearly see this). That is what users want, plain and simple. The New Beta Avira Suite stealths all ports, btw.

    Some argue that stealthing makes you more visable-that is nonsense.
     
    Last edited: Dec 19, 2007
  10. ggf31416

    ggf31416 Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    314
    Location:
    Uruguay
    IMHO it's not true. Stealth means your PC doesn't give any reply. However a hacker can know your computer exist at that IP because if it doesn't exist your ISP should inform (IIRC ICMP destination unreachable) that nothing exist at that IP.
    IMHO stealth is never worse than closed. Maybe in the past stealth was more visible than closed as few people used firewalls except for important computers. However now almost everybody uses a firewall that can stealth the ports. Closed can mean that particular service is not running but that computer is not protected by a firewall or by a firewall misconfigured, so it's possible that there are some vulnerable services running. IMHO because of that a PC with closed ports is a more attractive target that one with stealth ports. Anyway a computer with open ports is a much more attractive target.
     
Loading...
Thread Status:
Not open for further replies.