17 replies to this topic

[DennisD]

Have always had a 100% stealth rating from "Shields Up" while using Norton and then F-Secure.

Since changing to PC Tools Firewall Plus I now have nine ports recognizable as existing to anything incoming, although they are "closed to connections".

I`m figuring that "closed to connections" is probably as safe as full stealth, although the fail 100% Stealth message was a bit of a surprise.

Ports now visible are:

113-Ident: 139-Net Bios: 1024-Dcom: 1025 to 1030-Host: 1720-H.323: 5000-UPnP:

Am I OK like this? Not really bothered about 100% stealth as long as nothing can get in.

[Andavari]

Try WWDC to lock down some pesky ports. I know in my situation I no longer have 100% stealth on http://grc.com after getting DSL however I'm not worried and there's also a quick test by McAfee Hackerwatch located here.

[TeeJay3800]

I used to have 113 returned as "closed" since I use IRC a lot (about the only thing that uses 113 anymore), and I closed it by forwarding that port to a non-existent IP using my router. After that, I was 100% stealthed. You can try that with your closed ports, but I can't guarantee everything on your computer will work with all those ports stealthed as certain apps may be using them.

[rridgely]

I never did disable my router and play with pc tools firewall's settings yet. I told someone I would too, but I forgot.
I'll do that later tonight and see if I can get it to pass with true stealth.(if your behind a router, you can't tell if the firewall is passing or if the router firewall is passing. )

[DennisD]

Andavari, on Mar 3 2007, 08:54 PM, said:

Try WWDC to lock down some pesky ports. I know in my situation I no longer have 100% stealth on http://grc.com after getting DSL however I'm not worried and there's also a quick test by McAfee Hackerwatch located here.

Thanks for the links, which Ive followed up.

The WWDC program covers some of my visible ports, but not 1026 & 1027, which are high in the red on the "recent port activity" graphic on Hackerwatch.org.

Out of curiosity, I disabled PC Tools firewall and activated my XP SP2 firewall and went back to "Shields Up" and "Hackerwatch".

Obtained 100% Stealth again, but of course this is only for stuff coming in. Outbound, it`s non existent, as all you guys know.

I think I`ll try some other possibilities, in an attempt to have outbound security, and retain 100% stealth. I said above that I wasn`t bothered, but I think I was kidding myself. It definitely feels more comfortable.

To tell the truth, this is a bit confusing.

The "Host" ports in my first post, i.e. 1025 through 1030 that are visible but closed; is there a way of knowing whether or not I have any applications that would use these ports, and subsequently make them vulnerable to something nasty?

Ive no idea whether I`m being cautious, or paranoid.

But I`m sure someone will tell me.


Edit: Thanks rridgely, I didn`t see your reply before I posted.

Edit2: Thanks TeeJay also.

[MikeW]

NIS2007 gets a full stealth

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

[DennisD]

MikeW, on Mar 3 2007, 11:19 PM, said:

NIS2007 gets a full stealth

Used Norton 2005 & then 2006 until very recently.

Still got this sitting on the shelf, sealed in the box.



Since I changed to Avast Antivirus, and a not yet decided firewall, my 3.06Ghz processor actually performs the way it should. You would think a fire had been lit under my computers a**e.

But each to their own Mike, whatever works for you.

[rridgely]

I got it to pass.

 untitled.JPG   165.41K   12 downloads


The only problem is I'm not sure yet if the restrictions are too strict.
Its late, I'm going to bed, but I'll post about it again tomorrow.

[MikeW]

DennisD, on Mar 3 2007, 11:58 PM, said:

Used Norton 2005 & then 2006 until very recently.

Still got this sitting on the shelf, sealed in the box.



Since I changed to Avast Antivirus, and a not yet decided firewall, my 3.06Ghz processor actually performs the way it should. You would think a fire had been lit under my computers a**e.

But each to their own Mike, whatever works for you.

I have used NIS both corporate and home for years, without problem. However, NIS 2007 is a new approach and very light on resource. But as you say each to their own.

[fireryone]

my test only failed with my pc answering a PING request.

[Andavari]

MikeW, on Mar 3 2007, 05:19 PM, said:

- NO Ping reply (ICMP Echo) was received.

ICMP Echo "Ping" is what hasn't been "TruStealth" on my system since getting DSL, however I suspect it has something to do with Qwest's QuickCare which I don't even have resident.

Edit: And trying third party firewalls doesn't allow for "TruStealth" either, even if blocking the ports in question with a ruleset.

[DennisD]

Out of curiosity again, ran Windows Firewall and PC Tools Firewall Plus at the same time.

Results:




Leak Test blocked.


Firewall manually configured to allow.

Computer is running as normal with both firewalls active.

100% Stealth, and outbound traffic being blocked/allowed.

This seems OK, but I would bow to superior knowledge if there`s something I`m missing with these two firewalls running together.

[Andavari]

It's probably just a particular port, or more.

But you shouldn't have to software firewalls running at the same time.

[DennisD]

Andavari, on Mar 4 2007, 05:28 PM, said:

It's probably just a particular port, or more.

But you shouldn't have to software firewalls running at the same time.

I`ll obviously go along with that. Seems OK, but running two firewalls is never recommended.

Thanks for reply, will stick with PC Tools and see if rridgely has the answer.

[rridgely]

Alright the 2 rules that you have to edit are #2 and #4. You can just uncheck 2 but with 4 you have to edit the rules. I can edit it to still allow internet access, but with the settings I have now the GRC test wont even run. But obviously I can still get to websites because I'm typing here.

I don't mind rules based firewalls, but this one is a little different than the others I've used.(kerio 2, and jetico)

[rridgely]

I got it, I got it.
I think I'm going blind.

Here is what I did, It came up as true stealth, and all of my stuff is still working.
If you try this and get errors(like stuff your using not working), I'll keep playing with it, but I believe this will work:

[DennisD]

rridgely, on Mar 4 2007, 07:55 PM, said:

Alright the 2 rules that you have to edit are #2 and #4. You can just uncheck 2 but with 4 you have to edit the rules. I can edit it to still allow internet access, but with the settings I have now the GRC test wont even run. But obviously I can still get to websites because I'm typing here.

I don't mind rules based firewalls, but this one is a little different than the others I've used.(kerio 2, and jetico)

You can edit it, but into the 2nd screen of item 4..... . What do you edit?

Edit: You beat me again with your post...

[DennisD]

Almost there.

Only failed with port 139-Net Bios. No hurry with this.

Will play around with it for a while. Thanks.