cancel
Showing results for 
Search instead for 
Did you mean: 

Shields Up & Stealthed ports.

AArdvark
Grafter
Posts: 47
Thanks: 1
Registered: ‎25-11-2014

Shields Up & Stealthed ports.

Plusnet has references to the Shields Up site in the various Firewall help pages, so is aware of the recommendations on the site.
Yet , if you test the visibility of the common ports there are many that are NOT stealthed.
A closed port gives away that the address being 'attacked' is real, whereas stealthing all the ports makes it a guessing game.
My previous ISP's had all ports stealthed.
Is there a reason that Plusnet does not do the same ?
Is it possible to set the Broadband Firewall settings to achieve this ?

TIA
5 REPLIES 5
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Shields Up & Stealthed ports.

What router do you have?
I think in previous cases like this, it was due a device within the LAN opening the ports for itself using UPnP.
AArdvark
Grafter
Posts: 47
Thanks: 1
Registered: ‎25-11-2014

Re: Shields Up & Stealthed ports.

I am using a Zyxel VMG8324-B10A router.
Everything is 'locked down' including NOT having PNP enabled.
The Shields Up scan should not get past the router, therefore the configuration of the PC should not matter.
I have the Router Firewall set to report any intrusions and when I run the 'All ports' scan nothing passes the router BUT some ports are reported as closed.
The issue is at the Plusnet side where some ports are not being stealthed.
The PC I am using is the same I was using on Be then SKY and I could get a Totally Stealthed scan on GRC/Shields UP.
Update:
======
I have just re-run the scan and got a 100% stealthed result.
The difference is that my PPP address has changed.
The address when the scan gave some closed ports NOT 100% stealthed ports was 80.189.144.151 (151.144.189.80.dyn.plus.net as reported by GRC)
The address now which is fully 100% stealthed is 46.208.47.177 (177.47.208.46.dyn.plus.net as reported by GRC)
It looks like there is a configuration difference between gateways or whatever.
chrcoluk
Grafter
Posts: 1,990
Thanks: 5
Registered: ‎11-12-2013

Re: Shields Up & Stealthed ports.

stealthed vs closed are just two different ways to block traffic, closed is considered the polite way to do it, as with stealth the client on the other end has to wait for a timeout.
stealth has the advantage it will slow down scanners and maybe use less resources (since no reply sent), but thats about it really.
AArdvark
Grafter
Posts: 47
Thanks: 1
Registered: ‎25-11-2014

Re: Shields Up & Stealthed ports.

What you wrote I know already.
It is the non-polite scanners/hackers etc that I am trying to confound.  Grin
The issue is that closed ports confirm the existence of an address that maps/leads to a real device (PC, Server, Router, etc)
Once you have an address that is confirmed real you can do what ever you want reassured that the target is possibly worth the effort.
If all ports are stealthed a simple scan cannot confirm if you are a device worth targeting.
The scanners/hackers have the option to attack any address BUT aiming at random addresses that may NOT be anything at all does not make sense.
Particularly, when there are many thousands of insecure devices connected to the internet, shouting 'Here I am' ! ! !
For no cost to me, it is simply an extra level of protection from the people that generate lists of possible targets for further efforts.
I am not a target worth aiming at, but that does not mean that I should paint a 'Bullseye on my back' to make it easier for someone to waste their time and mine.
adie:quote
chrcoluk
Grafter
Posts: 1,990
Thanks: 5
Registered: ‎11-12-2013

Re: Shields Up & Stealthed ports.

To be honest, the GRC thing about stealth is a bit of a mistruth.  If an ip doesnt respond on any ports its not going to change how a script/attacker will approach the ip.  Plus if you want to pretend you dont exist on the net then turn off your router as browsing sites, doing dns lookups etc. exposes your ip. Aiming at random address's is actually what most scanners do.