Shields Up: Please help my understanding

A number of current firewalls pass the Shields Up tests (Comodo, Online Armor, etc.) with a direct internet connection.

When I install my NAT Router (DLink EBR-2310) ahead of my software firewall, Shields UP 'Common Ports' test reports 'Failed' - because Port 113 is reported as closed, rather than stealthed.

Perhaps I'm simply ignorant (thus my request for help), but is my internet security really compromised simply by making my router port 113 visible?

Thanks for your help!

 

Re: Sields Up: Please help my understanding

As far as I know closed is closed. No access. Cannot get in.

 

Re: Sields Up: Please help my understanding

Closed is closed; however, Stealth is no acknowledgment that it even there.

 

Same thing I got when I installed my router a few years ago. The solution, if you desire stealth on all ports, is to go into the router admin screens and forward port 113 to an unused internal IP like 192.168.0.200, one that your router isn't using. Read up in your router manual or online about how to log in as admin and also forward ports.

 

Thanks for your help and advice.

I have looked into setting this router to stealth Port 113, but it can't be done on this EBR-2310 with the latest DLink firmware - though some other DLink models can be stealthed.

Can you recommend an inexpensive wired NAT router that can be configured to stealth port 113? Vendor is irrelevant, so long as it features full SPI protection and stealthing ability. It seems stealthing capability is not an advertised feature for routers.

Thanks again for your help and advice!

 

Here, read this:

http://www.grc.com/faq-shieldsup.htm#IDENT

Acadia

 

I found this a bit worrying regarding the value of being stealthed:

Being "stealth" doesn't really add any security at all, nor does it really hide you from anyone else. Anyone who wants to really know if there's anyone at a give IP address will have no difficulty seeing that you're really there because you are trying too hard to appear not to be. Since stealth is violating the normal rules of network connectivity, it makes you more visible, not less.

http://www.hansenonline.net/Networking/stealth.html

According to that it decreases your security! can this be true?

 

Actually I saw the same concept expounded by Avira employees in the Avira Forum in response to my contention the the Avira Suite closes (but does not stealth) ports 0 & 1 when the firewall is set to high. This is a truism-not debatable. They admitted to me that their firewall "needs work", and all top-notch firewalls stealth all common ports-that is reality. (Test any Matousec highly rated firewall with the GRC Shields Up test and you will clearly see this). That is what users want, plain and simple. The New Beta Avira Suite stealths all ports, btw.

Some argue that stealthing makes you more visable-that is nonsense.

 

IMHO it's not true. Stealth means your PC doesn't give any reply. However a hacker can know your computer exist at that IP because if it doesn't exist your ISP should inform (IIRC ICMP destination unreachable) that nothing exist at that IP.
IMHO stealth is never worse than closed. Maybe in the past stealth was more visible than closed as few people used firewalls except for important computers. However now almost everybody uses a firewall that can stealth the ports. Closed can mean that particular service is not running but that computer is not protected by a firewall or by a firewall misconfigured, so it's possible that there are some vulnerable services running. IMHO because of that a PC with closed ports is a more attractive target that one with stealth ports. Anyway a computer with open ports is a much more attractive target.