Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




155 posts

Master Geek
+1 received by user: 1
Inactive user


Topic # 204928 23-Oct-2016 14:34
Send private message

Done an online firewall test and I get this:

 

GRC Port Authority Report created on UTC: 2016-10-23 at 01:26:56

 

 

Results from scan of ports: 0-1055

 

 

0 Ports Open

 

8 Ports Closed

 

1048 Ports Stealth

 

---------------------

 

1056 Ports Tested

 

 

NO PORTS were found to be OPEN.

 

 

Ports found to be CLOSED were: 21, 22, 23, 80, 137, 138, 139,

 

445

 

 

Other than what is listed above, all ports are STEALTH.

 

 

TruStealth: FAILED - NOT all tested ports were STEALTH,

 

- NO unsolicited packets were received,

 

- A PING REPLY (ICMP Echo) WAS RECEIVED.

So how do I stealth the ports that are closed?

Create new topic
1291 posts

Uber Geek
+1 received by user: 294


  Reply # 1656578 23-Oct-2016 14:39
Send private message

What router are you using?

 

 

 

To be honest, closed vs stealth is not something I would be overly worried about.

 

Assuming the relevant firewall settings (e.g. for Netcomms this would be under Management > Access Control > Services Control) are enabled on your router then the easiest way to stealth those ports would be to do a port forward to an unused IP not assigned to your LAN say 10.123.123.123 if your LAN is 192.168.1.x. To port forward TCP 80 you would need to specify an alternate web admin port which would be closed'.

 

In summary not something I would bother with, especially if this is a managed router such as Orcon's Netcomm.




155 posts

Master Geek
+1 received by user: 1
Inactive user


  Reply # 1656606 23-Oct-2016 15:49
Send private message

Yeah mine is an orcon one and I have the white router, the most latest, and that setting is not in there.


 
 
 
 


1291 posts

Uber Geek
+1 received by user: 294


  Reply # 1656608 23-Oct-2016 16:09
One person supports this post
Send private message

I wouldn't bother in that case.

 

 

If you were that concered, it would be easier to change routers to one which is known to have it's default out of the box firewall configuration showing as stealth using the GRC test. But then again with Orcon if you are on a Genius broadband service only their white Netcomm is supported.

370 posts

Ultimate Geek
+1 received by user: 85


  Reply # 1656634 23-Oct-2016 17:12
Send private message

Routers with closed ports usually denote that there is an active service sitting behind the firewall on that port. Routers responding to pings are also considered a risk from attackers as it says "I'm here".

 

I feel its better for firewalls to silently drop packets, that way nobody knows what sits behind your firewall unless of course a ports open to allow traffic to a web server etc.


350 posts

Ultimate Geek
+1 received by user: 84


  Reply # 1656916 24-Oct-2016 13:09
One person supports this post
Send private message

cynnicallemon:

 

Routers with closed ports usually denote that there is an active service sitting behind the firewall on that port. Routers responding to pings are also considered a risk from attackers as it says "I'm here".

 

I feel its better for firewalls to silently drop packets, that way nobody knows what sits behind your firewall unless of course a ports open to allow traffic to a web server etc.

 

 

 

 

Routers with closed ports simply means they are refusing the connection, nothing more nothing less.

 

Responding to pings is good for diagnostics. It should only be of concern if your firewall is really out of date and vulnerable to some ancient attack or your firewall has no flood protection capabilities.


:)
2897 posts

Uber Geek
+1 received by user: 98

Subscriber

  Reply # 1659194 27-Oct-2016 17:36
One person supports this post
Send private message

cynnicallemon:

 

Routers with closed ports usually denote that there is an active service sitting behind the firewall on that port. Routers responding to pings are also considered a risk from attackers as it says "I'm here".

 

I feel its better for firewalls to silently drop packets, that way nobody knows what sits behind your firewall unless of course a ports open to allow traffic to a web server etc.

 

 

 

 

Personally I don't agree with that approach. 
I know of companies that also block ICMP-Echo (aka Ping) internally too, which is a real PITA for troubleshooting.

 

I have ping turned on at home (responding on WAN), I also have ports opened for various services (RDP, FTP and HTTP).

I figure if someone really wants to know if there's something there to try access, they'd try connecting to specific ports (or port scan an IP range), rather than relying on ping. Blocking ping does little to nothing in the way of defense, while actually causing more headaches for legitimate traffic (particularly when the FW is configured by a n00b who blocks important parts of ICMP- not just Echo, under the guise of "Security").

 

 

 

Everyone has their own take on it, I suppose, but that's mine :) 






3253 posts

Uber Geek
+1 received by user: 1270

Subscriber

  Reply # 1660147 29-Oct-2016 01:39
One person supports this post
Send private message

@Kiwiprobie while you are testing things do an open DNS resolver check on your router. DNS uses UDP connections while the grc.com port checker only checks TCP ports. If your router is acting as an open resolver it can be used in DDOS attacks against other targets. And it will increase your data usage.








155 posts

Master Geek
+1 received by user: 1
Inactive user


  Reply # 1660637 29-Oct-2016 19:40
Send private message

I have no problems with data usage as I am on unlimited VDSL.


1291 posts

Uber Geek
+1 received by user: 294


  Reply # 1660672 29-Oct-2016 21:14
One person supports this post
Send private message

I think he means if you have your router firewall turned off leaving vulnerable services exposed contributing to the clogging up of the internet with DDoS traffic.



155 posts

Master Geek
+1 received by user: 1
Inactive user


  Reply # 1660683 29-Oct-2016 21:57
Send private message

Well the LAN side firewall I have to leave off because it doesn't work, but according to Orcon they firewall all customers on the servers anyway.

 

 

 

Aredwood:  came back secured :D :D thank you for that.


3344 posts

Uber Geek
+1 received by user: 1089

Trusted
Vocus

  Reply # 1660726 29-Oct-2016 23:02
Send private message

Kiwiprobie:

 

Well the LAN side firewall I have to leave off because it doesn't work, but according to Orcon they firewall all customers on the servers anyway.

 

 

We do not provide any firewall for customers within the network.  If you heard this from our website, helpdesk or otherwise someone at Orcon, can you please send me a PM with some details, as this needs to be addressed.

 

Furthermore, there is no good reason to turn the firewall off on your router, so if you have, please turn it back on.  We have yet to see it cause any problems, so when you say "it doesn't work" what exactly do you mean?

 

Edit: I see an open resolver test came back clean, so it sounds like you haven't disabled the firewall function (on the WAN side anyway, where it matters) - which is good :)


Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.