8 replies to this topic

[razz]

I recently changed my firewall from Zone Alarm Free to PC Tools Firewall Plus (one of two firewalls to recently score 100% - Review). To test my new firewall I performed a "Quick Test" from PC Flank. The test revealed 3 visible ports on my system. Is there an easy way to close these ports or should I not worry about it?

The Stealth Test reported that my firewall passed 100%.

[marmite]

You can expect a couple of ports to be opened by certain services and applications; 135 for example.

But if you're running a stealth test and these are coming up as hidden then that's pretty healthy. Steve Gibson's site has a good port check ... follow the Shields Up links and do a scan of 'All Service Ports'.

[razz]

marmite, on Jan 1 2010, 06:28 PM, said:

You can expect a couple of ports to be opened by certain services and applications; 135 for example.

But if you're running a stealth test and these are coming up as hidden then that's pretty healthy. Steve Gibson's site has a good port check ... follow the Shields Up links and do a scan of 'All Service Ports'.

Thank you marmite for reminding me about Steve Gibson's site - I used to frequent this site but forgot about it lately. I executed the 'All Service Ports' scan and all ports tested showed as stealth.

[Icedrake]

Lol, I don't even use a firewall (except Windows Firewall), and yet my computer passed the Steve Gibson test.

Quote

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2010-01-02 at 15:00:58

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------

[marmite]

Icedrake, on Jan 2 2010, 03:01 PM, said:

Lol, I don't even use a firewall (except Windows Firewall), and yet my computer passed the Steve Gibson test.

You're saying that like it's 'a bad thing'. Port-stealthing is a fairly fundamental firewall function, so you'd hope the Windows firewall is up to it. So it's doing its job as it should. I guess you may have a hardware (router-)firewall helping out along the way too?

The GRC scan is a simple port scan, nothing more. A machine might fail just on one port because of some bad setting somewhere ... so it's still a useful basic sanity check.

If you're feeling brave turn your firewall(s) off and see what happens ... don't leave it off for long though

[Icedrake]

Actually, yes, I do have a hardware firewall, now that you mention it. I'd completely forgotten about that.

[marmite]

Icedrake, on Jan 2 2010, 04:30 PM, said:

Actually, yes, I do have a hardware firewall, now that you mention it. I'd completely forgotten about that.

Just for the craic, I turned off my software firewall for a mo ... I still got full stealth protection from the router's firewall ... always nice to know

[Andavari]

If ports are still opened and if not being deemed full stealth even with a software-based firewall that can be down to how your router or hardware firewall in your modem is configured/misconfigured security-wise.

With my ISP's DSL modem I have to disable inbound ICMP to be considered full stealth with no matter what type of software firewall is used. It took me a long time to figure that one out since my ISP doesn't normally give the IP address to configure the modem manually but I found it myself anyways. I use Windows Firewall though since I don't see any point in using any third party firewalls anymore, especially since a misunderstanding and misconfiguration of them is often more harmful than anything.

[marmite]

Andavari, on Jan 3 2010, 10:12 AM, said:

With my ISP's DSL modem I have to disable inbound ICMP to be considered full stealth.

I have to do the same with my software firewall, depending on my connection method ...

Andavari, on Jan 3 2010, 10:12 AM, said:

I use Windows Firewall though since I don't see any point in using any third party firewalls anymore, especially since a misunderstanding and misconfiguration of them is often more harmful than anything.

Since I'm running XP I run a third-party firewall because I want outbound control. And also for other features that the Windows firewall does not give me by default. I'm particularly conscious of making this netbook secure for example, because my connection might be 3G or my own router or someone else's router/LAN that I can't reply on for security ... so the security of the machine itself is paramount.

'Tis very true though - a mis-configured firewall is usually more dangerous than default out-of-the-box settings.