Shields Up Test And Avira Security Suite

Discussion in 'other firewalls' started by Graystoke, May 27, 2007.

Thread Status:
Not open for further replies.
  1. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California
    I posted this question at the Avira forum this afternoon. Since no one has answered yet, I thought maybe someone here might know. Here's the question.........

    Why is it when I run the Shields Up test at grc.com when running Avira Security Suite, I fail the the test? All ports are stealth except for one. Port 0, Service <nil>, Statis-Closed. Every other firewall I've tested using Shields Up, all ports, including Port 0, are stealth. Why can't Avira's firewall stealth that port?


    Anyone know why this would happen?
     
  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    A question for Stem I guess.
     
  3. Velnias

    Velnias Registered Member

    Joined:
    Jul 14, 2004
    Posts:
    32
    Port 0 fingerprinting consists of seven tests. The test are labeled P1 - P7 below.

    P1: send tcp packet from source port 0 to port 0
    P2: send tcp packet from source port X to port 0
    P3: send tcp packet from source port 0 to open port
    P4: send tcp packet from source port 0 to closed port
    P5: send udp packet from source port 0 to port 0
    P6: send udp packet from source port 53 to port 0
    P7: send udp packet from source port 0 to closed port

    Port X in test P2 is any port not equal to 0. Port 53 is used in test P6 as it is most likely to bypass a firewall configuration.

    The standard reply expected to P1, P2 and P4 should be a RST packet as the port should be closed.

    The standard reply to P3 should be SYN ACK as the port is open and port 0 is a valid port as described above.

    The standard reply to P5, P6 and P7 should all be ICMP port unreachable as UDP port 0 / closed port should not have a program listening on it.

    Although port 0 is a valid port number various OS's handle port 0 differently.


    My English is far from being good,so I give you direct link:
    http://www.networkpenetration.com/port0.html

    BTW, stealth ports give very little benefit to security, because your ISP router always will tell an attacker, if any PC exists on given IP.
     
  4. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California

    All I'm saying is, that with any other firewall, stand alone or part of a suite, that Port 0 is stealth. With Avira's firewall, set to High, Port 0 shows Closed. I just can't figure out why this port won't show stealth with Avira's firewall.
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I did download/install to look at this.

    As I mentioned, I did install the "Trial" of this, but the firewall will not function (windows logs show "Invalid licence" for attempted startup of the firewall).
    I do remember when I beta tested this firewall (for only v1) that there was a need to allow inbound TCP for returned DNS lookups, I, at this time do not know if this is the problem(As I do not have a working installation)

    Port "0" is classed as "Invalid", but, this is normally looked at as "Any available" with certain services. Inbound to this can be made on certain setups/firewalls.

    I need to find a fully functional (firewall) trial version before I could give an answer.
     
  6. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California
    I got a some replies over at the Avira forum. I'm not good when it comes to technical talk, so most of the stuff is over my head. I do know what makes me feel comfortable though. I just like the big green "Passed" boxes, and all the ports shown stealth at grc.com. I'm going to go back to the stand alone firewall and AV. I never was too happy with Avira's firewall anyway.
     
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello Graystoke,
    I do not mean to be unhelpfull on this issue, at this time I have no access to the current firewall build, so I cannot check/test for the problem.

    Please give link to the replies made to you
     
  8. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California

    Hi Stem. Please don't worry about being unhelpful. I understand. Here is the link............

    http://forum.antivir.de/thread.php?threadid=22749
     
  9. SteveS335

    SteveS335 Registered Member

    Joined:
    Jan 16, 2007
    Posts:
    43
    Hi,

    Regarding getting a test key for the suite, and therefore the firewall, you can follow the instructions in this post on the Avira forums.

    Cheers,

    Steve
     
  10. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    Avira Premium Security Suite Stealths All Ports here :cool: Also It Passes the Advanced Port Scan/Trojan Scan/ and Exploits effortlessly with the Firewall at Medium Settings :cool: According to these results I'm invisible :ninja:
     
  11. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Is this from Shields Up's site or PCFlank?
    Cuz those tests sound like PCFlank tests.
     
  12. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    Both of them 100% Shieldsup and PCFlank ;)
     
Loading...
Thread Status:
Not open for further replies.