Diazruanova

Stealth ports, possible?

Recommended Posts

Assuming that the test is testing OA, and not running into something else first (some ISP's close ports and so this traffic would never get to OA), OA should stealth you by default, unless you have rules that are opening ports to incoming traffic. Are the ports that you don't pass the test on, corresponding to ones that a program rule opens inbound access for?

Share this post


Link to post
Share on other sites

Assuming that the test is testing OA, and not running into something else first (some ISP's close ports and so this traffic would never get to OA), OA should stealth you by default, unless you have rules that are opening ports to incoming traffic. Are the ports that you don't pass the test on, corresponding to ones that a program rule opens inbound access for?

OA will not stealth port 0, never has, but at least in the premium versions, that is easy to fix. Don't know about free.

Share this post


Link to post
Share on other sites

OA will not stealth port 0, never has, but at least in the premium versions, that is easy to fix. Don't know about free.

Do you add (port 0) to "restricted ports"?

Share this post


Link to post
Share on other sites

Assuming that the test is testing OA, and not running into something else first (some ISP's close ports and so this traffic would never get to OA), OA should stealth you by default, unless you have rules that are opening ports to incoming traffic. Are the ports that you don't pass the test on, corresponding to ones that a program rule opens inbound access for?

Well thanks CP and everybody, in fact OA is displaying exactly the same results on two computers(please see attached image: everything closed and always the same three opened ports) so I suspect that OA is not getting the raw signal but my ISP is doing something with it before it gets here and therefore I suppose that there is nothing that OA or for that matter, any other firewall can do. I even disabled OA and turned on Windows 7-64bit own Firewall and the results were exactly the same, so 1.-with these three opened ports, are we protected by using OA with the default settings on the firewall section? in other words, should I worry??? and 2.- A router with firewall would also be poitnless i trying to achieve perfect stealth at GRC?

Thanks again ;)

Share this post


Link to post
Share on other sites

Anyone :unsure: ?

Well thanks CP and everybody, in fact OA is displaying exactly the same results on two computers(please see attached image: everything closed and always the same three opened ports) so I suspect that OA is not getting the raw signal but my ISP is doing something with it before it gets here and therefore I suppose that there is nothing that OA or for that matter, any other firewall can do. I even disabled OA and turned on Windows 7-64bit own Firewall and the results were exactly the same, so 1.-with these three opened ports, are we protected by using OA with the default settings on the firewall section? in other words, should I worry??? and 2.- A router with firewall would also be poitnless i trying to achieve perfect stealth at GRC?

Thanks again ;)

Share this post


Link to post
Share on other sites

I don't know why those ports would be opened unless you are running a web server or FTP and have them open to incoming traffic. Do you have inbound firewall rules present for these ports?

No firewall can stealth an open port. If the ports have to be opened for some reason, you could apply endpoint restrictions to them, to make it safer though :)

Share this post


Link to post
Share on other sites

Are you using a router? These look like the router has the ports open for remotely accessing the GUI via http and ssh. All of my ports are stealthed in GRC using OA++ without a router. As CP points out, an open port is one that has a process behind it that is accepting connections or datagrams ("acting as a server"), so should show up as listening on those ports in the Firewall Status Display. For a more complete picture, you can use a free utility like CurrPorts http://www.nirsoft.net/ . You can add blocking rules in OA for the open ports; but then, of course, the application won't work anymore. ;( But if this is in the router, it is all outside and ahead of OA, and OA is still blocking anything from getting further.

Share this post


Link to post
Share on other sites

I don't know why those ports would be opened unless you are running a web server or FTP and have them open to incoming traffic. Do you have inbound firewall rules present for these ports?

No firewall can stealth an open port. If the ports have to be opened for some reason, you could apply endpoint restrictions to them, to make it safer though :)

CP, I am not running a web server of FTP and the ONLY Inbound rules that exist for any of these three ports are for port 80 (Skype and Team Viewer) and certainly they use port 80 when they are active which is NOT all the time, and no, there are NOT Inbound rules for ports 22 or 55, now how do I apply endpoint restrictions to these ports if only port 80 has inbound rules? do I have to create first the inbound rules in order to apply the endpoints later?

Are you using a router? These look like the router has the ports open for remotely accessing the GUI via http and ssh. All of my ports are stealthed in GRC using OA++ without a router. As CP points out, an open port is one that has a process behind it that is accepting connections or datagrams ("acting as a server"), so should show up as listening on those ports in the Firewall Status Display. For a more complete picture, you can use a free utility like CurrPorts http://www.nirsoft.net/ . You can add blocking rules in OA for the open ports; but then, of course, the application won't work anymore. ;( But if this is in the router, it is all outside and ahead of OA, and OA is still blocking anything from getting further.

No there is No router involved here and this behavior appeared just a few days ago that we moved to our new address and signed with a new ISP who didn´t gave me a router but he connected us to this exterior antenna directly, so we are receiving the signal that this ISP is sending through the antenna. I am buying a new router anyway, in order to connect via wireless my wife´s Laptop. I will download the utility you mention.

One last thing worth mentioning: before the actual ISP, we always achieved perfect Stealth at GRC and nothing has really changed on our computers BUT the ISP

Thanks

Share this post


Link to post
Share on other sites

I am attaching a CurrPorts view for you guys to take a look at, apparently my (our) computer(s) do NOT have the 22,53 and 80 ports opened, so I guess there is really nothing that we can do about it and I certainly I hope that OA will still protect us from these three opened ports.

Share this post


Link to post
Share on other sites

I am attaching a CurrPorts view for you guys to take a look at, apparently my (our) computer(s) do NOT have the 22,53 and 80 ports opened, so I guess there is really nothing that we can do about it and I certainly I hope that OA will still protect us from these three opened ports.

From everything you say, there is a device (DOCSIS box?)(not really a router) that connects you to your ISP via the antenna that has controls via port 80 (HTML) and port 22 (SSH). You see ports open probably because the controls are remote from your ISP. Port 53 is actually a DNS port that can be used to find the IP addresses of your equipment. Are you actually on cable or something else? ( I am on DSL, so my ISP doesn't deal with any of my equipment, and I have never used cable). CurrPorts verifies that there are no open ports to your computer as seen through OA. Who is your ISP? They probably have information on how you are configured that would help understand what they are doing with the ports. Usually called something like CPE (Customer Premises Equipment) configuration. So GRC is just seeing the connection device to your antenna, which would usually require an ID and password for access.

Share this post


Link to post
Share on other sites

From everything you say, there is a device (DOCSIS box?)(not really a router) that connects you to your ISP via the antenna that has controls via port 80 (HTML) and port 22 (SSH). You see ports open probably because the controls are remote from your ISP. Port 53 is actually a DNS port that can be used to find the IP addresses of your equipment. Are you actually on cable or something else? ( I am on DSL, so my ISP doesn't deal with any of my equipment, and I have never used cable). CurrPorts verifies that there are no open ports to your computer as seen through OA. Who is your ISP? They probably have information on how you are configured that would help understand what they are doing with the ports. Usually called something like CPE (Customer Premises Equipment) configuration. So GRC is just seeing the connection device to your antenna, which would usually require an ID and password for access.

It is tiny black box the size of an "adapter" called "Carrier POE Adapter" and the cable from the antenna gets into this CPA and from it, it comes out the cable directly into my computer.

No I am not on cable and the ISP is really a small one in central Mexico (and basically the only one available in my area, so I have NOT much of a choice!)and as you mention, GRC is just seeing the connection device to my antenna, but I do not require an ID or password for access.

Tomorrow I am getting a router for delivering wireless signal to my wife´s laptop, but I suspect that the router´s Firewall will do nothing to stealth ports at GRC and the results from the tests would be the same, correct?

Share this post


Link to post
Share on other sites

It is tiny black box the size of an "adapter" called "Carrier POE Adapter" and the cable from the antenna gets into this CPA and from it, it comes out the cable directly into my computer.

No I am not on cable and the ISP is really a small one in central Mexico (and basically the only one available in my area, so I have NOT much of a choice!)and as you mention, GRC is just seeing the connection device to my antenna, but I do not require an ID or password for access.

Tomorrow I am getting a router for delivering wireless signal to my wife´s laptop, but I suspect that the router´s Firewall will do nothing to stealth ports at GRC and the results from the tests would be the same, correct?

Yes, I would expect the results to be the same, since you have already verified via CurrPorts that your computer is not listening on those ports. Looks like a bit of an unusual configuration, but seems like nothing to really worry about. I was thinking that your ISP or an intruder would probably require an ID and password to connect to the box from outside anyway-sounds like there is nothing configurable on your end. You could try adding a rule in OA to block all INBOUND connections for all programs on 80, 53, and 22 if it would make you more comfortable.

Share this post


Link to post
Share on other sites

Yes, I would expect the results to be the same, since you have already verified via CurrPorts that your computer is not listening on those ports. Looks like a bit of an unusual configuration, but seems like nothing to really worry about. I was thinking that your ISP or an intruder would probably require an ID and password to connect to the box from outside anyway-sounds like there is nothing configurable on your end. You could try adding a rule in OA to block all INBOUND connections for all programs on 80, 53, and 22 if it would make you more comfortable.

Than you very much sded,

I´ll do that and BTW I wish you all a truly merry Christmas and the best wishes for 2011 :D

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.