Firewall Stealth Question

[HAWKI]

Hi :-)

 

(I'm sorry, I believe I may have asked this question before, but if I did I forgot the answer and can not locate the thread if I did.)

 

 

I am on a "private" network. I have one PC in my home and I am not on any "Home Network" or any other network that I know of..

 

EMIS 9 only steaths about 7 of my Ports. All the others are just blocked. I umderstand that as long as Ports are blocked whether or not they are also stealthed, for practical purposes it does not make a big difference. Many solid firewals do not stealth.

 

My question is: Should EMIS 9 be making my Ports stealthed or is EMIS 9 working as intended?

[Christian Peters]

Hello,

 

do you use a NAT-Router or a normal Cable/DSL-Modem for the internet access. All port scans are useless to check the desktop firewall if you use a NAT-Router for the internet access.

[HAWKI]

Hi Christian :-)

 

Thank you for the typical rapid response from Emisoft Support. You guys are the BEST! :-)

 

I do not use a router. My PC is directly connected to my cable modem with a cable.

[Christian Peters]

Hello,

 

please press the Windows key + R. Type in cmd and press OK. Type in the command

ipconfig /all   

and press Return.

 

Copy & Paste the output and send me the result via PM (personal message).

[HAWKI]

Hi Christian

 

What do you my by "press Return?"

 

I tried it twice. One time I clicked OK on the Run Screen and the second time I hit the "Enter" key. Both times I saw a dos type screen appear but it closed instantly.

 

I see nothing in any "Log" files.

[Guest Tempus]

Hello Hawki

I hope this link from Tech Support will supplement Christian Peters post and help you : How to run an ipconfig /all command?     =)

[HAWKI]

Hi Forum Regular :-)

 

Thanks for that great link.

 

Always good to learn something new :-)

 

 

HAWKI

[Christian Peters]

Hello,

 

your issue is solved? If not please send me the command output on PM (personal message).

[HAWKI]

My Firewall Stealth issue is not resolved-all but a handfull of Ports are blocked, not stealthed. But I do not find this issue to be troubling. Should I be?

[Christian Peters]

Hello,

 

can you please send me the output from the ipconfig /all command via PM (Personal Message)?

[HazBeen]

Many thanks to the Development Team for adding full Stealth Mode to the Firewall of EIS Version 10 Beta.

 

It's a confidence builder!

[Christian Peters]

Hello,

 

thank you for the feedback.

[HAWKI]

Hello,

 

can you please send me the output from the ipconfig /all command via PM (Personal Message)?

 

Hi Christian :-) Thanks for your follow up, Frankly I got very busy rl and could not find the time to complete the info you asked for . Not sure it makes much diference if a port is blocked or staelthed, though I prefer stealthed.

 

I have temporarily switched to another suite. I may have copies of what you originally asked for. I had been going through them to assure that no personal ID info was in them.

 

lol - I once posted a a link to bitdefender for a deal offerring a free 9 month license. I did not realize it, but the by the link I posted,which I posted on Wilders, made it possible to easily ID my personal email LOL so been very careful since then.

 

If you need it to improve EMIS 10, I'll try to get it to you.

 

Though I do have as much higher  degree of confidence in EMIS 9, than the suites I have been using that give me full stealth, they are OK till I get more time or at least till my OS is borked by a major infection, all my personal data is stolen, and I need to get a loan for $500 USD to buy Bitcoins to uncrypt my files :-)

[Peter2150]

I am not sure I understand.

 

I remember testing when I first started with EIS, and I just tested again with Build 5129  Full stealth test at GRC.com

 

There is no router involved.  The connection is to a Verizon Broadband connection, so it doesn't go thru the router.

 

Pete

[Charyb]

If I remember your other topic correctly, and I don't always, wasn't it mentioned that if you change your network to public that your ports would be stealthed?

[HazBeen]

Several weeks ago, I got this result using EIS 9 Firewall at "Public" network trust level with a wired cable modem Internet connection to GRC's Shields Up site...

 

----------------------------------------------------------------------
GRC Port Authority Report created on UTC: 2015-03-18 at 02:41:52

Results from scan of ports: 0-1055

    1 Ports Open
 1034 Ports Closed
   21 Ports Stealth
---------------------
 1056 Ports Tested

The port found to be OPEN was: 80

Ports found to be STEALTH were: 9, 13, 17, 19, 113, 135, 136,
                                137, 138, 139, 389, 445, 593,
                                1002, 1024, 1025, 1026, 1027,
                                1028, 1029, 1030

Other than what is listed above, all ports are CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - NO Ping reply (ICMP Echo) was received.
----------------------------------------------------------------------

 

Now, with EIS 10 Beta Firewall at "Public" network trust level with a wired cable modem Internet connection to GRC's Shields Up site, I get this result...

 

----------------------------------------------------------------------
GRC Port Authority Report created on UTC: 2015-04-13 at 22:22:15

Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
 1056 Ports Stealth
---------------------
 1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - NO Ping reply (ICMP Echo) was received.
----------------------------------------------------------------------

 

Additionally, PC Flank's test yields fully stealthed with EIS 10 Beta Firewall set at Public network trust level...

 

 

Once again, "Thank You" to the Development Team for this EIS 10 Beta Firewall improvement.

[Fabian Wosar]

Glad those changes are working for you, HazBeen.

[HAWKI]

Hi :-)

 

Sorry I got behind on this thread. Got some serious rare infection and was in the hospital for almost 3-weeks and felt like cr&& for a couple more

 

Currently using a well known and popular security suite I have as much confidence in as using a paper towel umbrella.

 

Right now the network on my PC is "private."

 

Do I have to create a public network in Winows or just change the setting on EMIS 9 to public Network to be stealthed. I know nothing about networks.

[Peter2150]

Hi Hawki

 

On my main desktops I'am behind a router and my networks are set to private.  On my laptop when I connect to my Verizon Broadband, the network is a Public Network.  Hope that helps.

 

Pete

 

PS.  When I go to GRC with the Broadband setup, I am completely stealthed.

[HazBeen]

I'm wondering if any of the recent EIS 10.0.0.5165 Beta updates that required restarts might have involved changes to the Firewall component?

 

Just noticed that my laptop is back to showing only partially stealthed ports when using GRC's Shields Up port scan site...

 

----------------------------------------------------------------------
GRC Port Authority Report created on UTC: 2015-04-20 at 03:36:41

Results from scan of ports: 0-1055

    6 Ports Open
 1043 Ports Closed
    7 Ports Stealth
---------------------
 1056 Ports Tested

Ports found to be OPEN were: 80, 1025, 1026, 1027, 1028, 1029

Ports found to be STEALTH were: 135, 136, 137, 138, 139, 445,
                                593

Other than what is listed above, all ports are CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - A PING REPLY (ICMP Echo) WAS RECEIVED.
----------------------------------------------------------------------

[HazBeen]

I was able to determine that my previously observed all-stealthed-ports condition was the result of Windows Firewall being turned on, even while the Windows Vista Security Center reported that the EIS Firewall is "on" and Windows Firewall is "off".

 

 

Turning off Windows Firewall using its Settings window yields the limited stealthed ports shown in the below Shields Up report.

 

I withdraw my previously stated confidence in the Firewall component of EIS 10.0.0.5165 Beta -- I'm not feeling good about it anymore.

 

----------------------------------------------------------------------
GRC Port Authority Report created on UTC: 2015-04-20 at 14:02:16

Results from scan of ports: 0-1055

    6 Ports Open
 1043 Ports Closed
    7 Ports Stealth
---------------------
 1056 Ports Tested

Ports found to be OPEN were: 80, 1025, 1026, 1027, 1028, 1031

Ports found to be STEALTH were: 135, 136, 137, 138, 139, 445, 593

Other than what is listed above, all ports are CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - A PING REPLY (ICMP Echo) WAS RECEIVED.

----------------------------------------------------------------------

[Fabian Wosar]

Thanks for the update. We are currently unsure if we want to provide "Stealth" or not. Bottom line is, it only tells a potential attacker that you are running a firewall. It doesn't hide you at all. If your system were truly unreachable, the last router would send a proper message back to the sender. So no message at all, neither "port is closed" nor "host is unreachable" automatically means the system is there but running a firewall.

[HazBeen]

Fabian: Thanks for your explanation of stealth, which is further amplified here.

 

I remain a satisfied Emsisoft customer after migrating back to using EAM with a stealth standalone firewall that provides traffic logging and connection blocking notifications.

 

I prefer seeing which ingoing & outgoing connection attempts are blocked.

 

Good luck!

 

 

[Fabian Wosar]

Sure, if you prefer a different firewall, that's fine .