Testing my settings

Discussion in 'other firewalls' started by papasmurf, Jul 4, 2010.

Thread Status:
Not open for further replies.
  1. papasmurf

    papasmurf Registered Member

    Joined:
    Jul 4, 2010
    Posts:
    28
    Location:
    Pacific Northwest USA
    Hello Wilder forum.
    I see alot of good people here, and alot of
    good people using the same programs as I do..
    So, here is the question..
    You can see in my sig what I am running, I am also
    connected to a router, wireless.
    My main system, (this one), is wired in while the other two,
    (wifes' and sons' laptops), enjoy the wireless.
    A nice happy home network.
    When I try to go to any page to test my security settings,
    (stealth mode, open ports, ect), the tests will not give
    an accurate result because i never see my correct
    ip address displayed.
    However, the test sites seem to know my browser, and be able to pull info from it...
    so, how safe am I? Is my router doing its' job and scrambling the script kiddies, or do I need to dial in my firewall...
    As it stands now, I do NOT pass any of the tests, but I got a hella security set up, at least I thought I did. Any advice or wise words thrown my way would be appreciated, thank you.
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    what test site did you use and did you allow scripting? If yes that is how it gathers info. On the balance of probabilities I would say you are reasonably safe :)
     
  3. papasmurf

    papasmurf Registered Member

    Joined:
    Jul 4, 2010
    Posts:
    28
    Location:
    Pacific Northwest USA
    Did you allow scripting?
    Yes, for some I did as the page
    would not operate properly. This
    I know, and mostly I do not allow scripting,
    so I feel secure in this area.

    What sites did you use?
    Now here opens up the can of worms so to speak.
    First, I used Gibson Shields Up. This scan I failed
    completely, as it showed ports closed not stealthed.
    I did a few of the most basic well known sites, mostly
    with same results, and while some did not report fail,
    all of them showed ports closed, not stealthed.
    Also all reported my ip as it was given from the router
    not from my actual system....with one notable exception.

    This one bothered me ALOT. Not only did it report the
    IP from the router, it was the only one that reported
    my ACTUAL system ip as you can see from the attachment.
    https://www.securitymetrics.com

    So, I guess I need to know how I can stealth my system.



    shields up.jpg

    securitymetrics.jpg
     
    Last edited: Jul 4, 2010
  4. wat0114

    wat0114 Guest

    papasmrf, there'e nothing to worry about. Your browser is known because of referrers or cookies (sorry, not actually sure which), the incorrect ip address is probably the one for your router's Wan (Internet) connection, because your pc's network adapter will be assigned a non-routable one from your router's built-in dhcp, and as for closed ports rather than stealthed, this is perfectly fine. Stealtgh tends to be overrated. Those ports will be your router's that were scanned. Outpost is probably providing stealth on your pc.
     
  5. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,734
    Port 53 (DNS) ist neither closed not stealth - why?
    Try first to stop and disable the DNS-Service in Windows.
    You work as admin? Why?
    What are your settings in Outpost - default? Why?
     
  6. papasmurf

    papasmurf Registered Member

    Joined:
    Jul 4, 2010
    Posts:
    28
    Location:
    Pacific Northwest USA
    1. (DNS) is neither closed not stealth - why?
    Well, that is a good question. I guess I am relying on my firewall to make these decisions.
    I can stop and disable, but why has it been left on?

    2.
    You work as admin? Why?
    Well, another good question. It is simply because my system controls the rights to the WAP
    and it is just easier to be in the admin account than having to remember to switch accounts every time I want to make a system adjustment.

    3.
    What are your settings in Outpost - default? Why?
    Most of the settings are default. It was in "auto-learn", but I have recently put it into
    "block most". Any software that I have not used will have to ask my permmision.
     
  7. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,734
    1. DNS-Service makes no difference on a client computer, in bad conditions it
    may consume 100% cpu. normaly port requests IN are blocked by router if not
    allowed by rule. or is your router just a simple modem? some modem offer same
    dialogs although they are still a modem.

    2. right click "run as admin" !!!

    3. ok
     
  8. papasmurf

    papasmurf Registered Member

    Joined:
    Jul 4, 2010
    Posts:
    28
    Location:
    Pacific Northwest USA
    No, my router is really a router..no modem..wireless access point. :cool:
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi wat0114,

    Various info, such as browser used is sent/embedded in the TCP packet, specifically, in the "Get / http"(packet) sent after the initial 3 way handshake.

    Here is an example showing the "Get / HTTP" packet after initial connection to this forum.

    101.png



    - Stem
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Sites such as "Shildsup" only make scans againts the IP(in your case the router). Other checks made on some sites will scan your IP but also they can use scripts/java to extract data. One of the reasons to use such as Noscript(firefox) or similar when visiting unknown sites.

    As for the closed ports on your router. If the closed ports do bother you (they are not a security threat), then you will need to check your router settings and make sure the router is actually set as a gateway. If you cannot find any way to change, then you can "Port forward" those port numbers (that show as closed) to an internal IP that is not used.


    - Stem
     
  11. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Stem,

    Can you debrief me on the reason why anyone would still care if they are stealthed or not when a closed port is just as closed as a stealthed port?

    Am I wrong, or do most routers default configs (assuming NAT/SPI is in use) with no port forwarding or service ports opened, offer more than enough protection to make the whole open port scan a thing of the past?

    Granted, if you don't know if something is holding a port open, it can be good to learn. But even if your computer is holding many ports open, the router only passes solicited traffic.

    Any enlightenment? It is a serious question to the man that seems to stay on top of this sort of thing ;)

    Sul.
     
  12. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Sul,

    I think it is just down to the fact it is an easy test to make and being "Stealthed" which is incorrectly put forward as making you "Invisible" give most a warm fuzzy feeling of being more safe.
    A port will not show as open unless it is actively being listened to. So if a port shows as open then it is better to check what is actually listening on that port, as really, there should be no open ports to WAN unless specifically intended.

    One of the reasons that some put forward the use of a router, as even in misconfigs of software firewalls where service(windows services) ports are left open, by default the router will not(normally) allow inbound directly to those open ports.



    - Stem
     
  13. wat0114

    wat0114 Guest

    Thanks Stem. I knew it was in the TCP packet somewhere (the header?) but didn't know how it got there.
     
  14. papasmurf

    papasmurf Registered Member

    Joined:
    Jul 4, 2010
    Posts:
    28
    Location:
    Pacific Northwest USA
    Thank you all for the responses.
    So, what I have taken from this is the
    fact that my security is really ok after all.
    I do have script blockers, and I did allow that site thru to do the
    scan thing, so the fact that I had to allow it tells me that is working.
    My router is set up as a gateway, and I do have it keyed.
    The whole stealth thing I am glad to see does not really mean
    as much as I thought, (thank you for that), and closed ports are perfectly
    fine..I guess if it is closed, nothing gets in it.
    So, all in all I am feeling much better about my set up now.
    Again, thank you all. :thumb::thumb::thumb:
     
Loading...
Thread Status:
Not open for further replies.