Windows 7 Open Ports

If you're using SuperScan, I recommend using the options recommended at http://4sysops.com/archives/free-superscan-an-easy-to-use-udptcp-port-scanner/.

 

So how can I stealth my ports?

 

Just use a router, go to GRC and you'll find out they are stealthed. Of course Windows is designed to keep a lot of usage data and has ways to "backdoor" it. I've said that enough times. The only way you'll ever clean all the nooks and crannies is to completely nuke the hard disk.

 

Eh, I'm already behind a router. I was looking for further stealthing.

I know that was a feature of comodo. I was able to stealth all of the ports and I had 0 issues.

 

I haven't use a firewall in seriously in a few years now, but if memory serves it goes something like this.

A port being held open by an application/service, and listening, without a firewall and router, could be seen by the public on the WAN.

Introducing a firewall allows you to stop that port from broadcasting that it exists (or replying it is open or closed), thus would be considered stealth.

Introducing a router with NAT stealths ports because without a "port forward", internal ports are never shown to the WAN.

A stealthed port and a closed port may both be scanned, only one replies and one does not. There is no appreciable difference between the two, as one may not be seen and thus not exploited, and the other is closed, thus not exploited. During GRC heyday (and consequently the huge popularity of personal firewalls increasing) it was thought to be super duper to have all stealthed ports. The better firewalls/routers would do this, and supposedly inferior ones would not. But in the end it made little difference as long as a port is not open and actively advertising that it is open, there isn't much of a threat.

Now I am not an expert. There are probably ways a closed/stealthed port can still be exploited. But from a generic standpoint, I don't see the difference between a closed port and a stealthed port in terms of security. As long as you use a router with NAT, and/or a firewall which manages your ports, worrying about stealthed ports is not a benefit to having closed ports. A stealthed port simply doesn't reply whether it exists or not, whereas a closed port acknowledges it exists but is closed. Some might argue that a stealthed port means scan attempts will pass you by, whereas closed ports might mean they attempt more indepth scans, but some might also argue that if there are no replies (closed or open), then it could indicate stealthed ports and that might mean a more indepth scan. I have seen opinions both ways.

To me, after living through the time when tiny and black ice were the only real options, and seeing wyvern/sygate/za come to be, and living through GRCs very popular stealthed port and raw port times, what matters to me is that I don't have open ports on the WAN that are not under strict control.

Sul.

 

Set your network to public and you'll probably solve most of the "problems" described by this thread.

 

Thanks sully.

Funky, how would I do that?

 

In Windows 8, open the network and sharing center, click where it says "Private Network", and select "No, don't let others see content on my PC". It should then change to "Public Network". It seems worded worse than Windows 7 for some reason, hopefully just an alpha thing.

 

Looks like I was already on a public network.

Thanks.

 

@Funky

Do you know how this works exactly? Does it disable services or does it work in conjunction with the windows firewall?

Sul.

 

Network "mode" is really a preset of Windows Firewall rules you're selecting. For example, Public mode blocks network discovery, file sharing, etc.
I personally use "home" or "private" ( as it's called in win8 ) for the most compatibility with programs (e.g. that use network discovery), as I don't really mind since I feel my router protects me enough. Others will feel differently and will want to use "public" mode for the stricter security.

 

The Public profile makes more sense when you're connecting to a hot spot, if you got mobile broadband...

 

Even if you use the Private (Home or Work) network location for Windows Firewall and don't use a router, Windows Firewall still can shield ports from the Internet. The Public network location is designed to be more locked down, but you or program installations can allow still inbound traffic, so check the Inbound rules in Windows Firewall.

Test which ports are open to the Internet by running CurrPorts. For every port that you see listed in the Local Ports column, test it individually at http://www.speedguide.net/scan.php (check both TCP and UDP). Keep in mind that which ports are open may change depending on what software is running.

If your router has Universal Plug and Play enabled, then programs can open and close ports in your router without you using the router's port forwarding or port triggering features.

I used SuperScan to scan all ports of this Windows 7 computer from another computer behind the router. Network location for both Windows 7 computers is Home, and File sharing is enabled (enabled it today). TCP ports open: 135, 139, 445, and 5357. UDP ports open: 137. None of these ports are open to the Internet though .

 

I set my firewall to block incoming connections even for trusted programs. Somehow it didn't break everything lol

 

excellent thread, important to close/stealth as many ports as you can IMO