[SOLVED] Windows firewall help...

[ardvark]

Hi all...

Usually I try to give the answers but this time I have a question.

I just recently received DSL service and after taking a test of my ports at "Shields UP," I found that all the entries were listed in blue, "Closed," which gave a "failed" rating. Yet, before, when I was using my old dial-up account, all the entries came up as green, "Stealth," as it is supposed to be. I haven't changed anything else. What is different here and what do I need to do to achieve a "passing grade."

May God Bless all of you!

[Lisandro]

Which is the port numbers that are being said "closed" and not "stealth"?
Do you use a router?

[Confused Computer User]

Hi ardvark,

I hope I can be of help. I am not too keen on firewalls but if I may share my personal experience. I too use the services offered by Shield Up and I can say that my Computer passed the tests with flying colors. THe reason for that is not necesserally Windows Firewall but the built in firewall of my modem/router that I eceived from my ISP. It might happen that your router also has a Firewall that is not activated. Can you check and see if that is the case?

Cheers

[FreewheelinFrank]

Make sure you have ping blocking enabled on your router or firewall.

[ardvark]

Which is the port numbers that are being said "closed" and not "stealth"?
Do you use a router?

Hi Tech...

Every single port listed was blue and I connect directly to the DSL modem.

@Confused Computer User and FwF: Thank you! I will check into this.

Best Regards...

[sded]

Are you using the XP or Vista firewall?  What kind of DSL modem?  Most common cause of this is that the modem actually has some "single channel router" capabilities and is answering for you before you get to the Windows firewall.  Closed is not a bad thing, BTW, just not popular these days. 

[ardvark]

Are you using the XP or Vista firewall?  What kind of DSL modem?  Most common cause of this is that the modem actually has some "single channel router" capabilities and is answering for you before you get to the Windows firewall.  Closed is not a bad thing, BTW, just not popular these days. 

Hi and thank you!

I'm using Vista's firewall and the modem is a Motorola 3347. They said the test failed so I though having blue wasn't ideal.

Best Regards...

[sded]

Are you with QWest?  A search at Broadband Reports seems to indicate that the modem is sometimes delivered with the stealth mode disabled-see  http://www.dslreports.com/forum/r21566638-How-to-put-3347-into-stealth-mode . 
GRC is pushing stealth as a good thing (they claim to have invented it) because you don't respond at all to TCP requests.  But the standard for TCP/IP is that you will respond that a port is closed if it is, so unless there is an "open" response, the port status is actually the same to someone running a port scan-implicit closed vs explicit closed.  Unless they don't know that anything is at that IP address.  So may help if someone is scanning random IP addresses instead of pinging to find active ones.
As far as ping, you can't ping a port, just an IP-a port is only applicable in TCP/IP to packets of type TCP and UDP.  Another thing that GRC is pushing is to block ping.  The ICMP standard for the internet routers is that if there is no one there at that IP, the terminal router sends a response "destination unreachable".  If there is no response, a prober knows that someone is at that IP address and not answering (usually several pings need to be sent at once in case some get lost). 
But there are some counter arguments that doing these things can still make a hacker's job harder by forcing more work and time delays into the scanning.  And devices sometimes do violate the standards.
There is a pretty good Wilders thread at http://www.wilderssecurity.com/showthread.php?t=216892 with details on the subject.
In any case, closed ports and ping responses still give you good security. 

[ardvark]

Are you with QWest?

Hi...

Yes, I am. While I feel better about the closed ports, unfortunately, according to the test, I guess Shields UP was able to successfully ping my system. I've included a picture below that gives the results. In its current state and from the results, how vulnerable is my system?

EDIT: I don't understand this! I installed Comodo (just the firewall, no extras) and I get the same exact results, even after using the stealth settings! I called Qwest and apparantly, my partucular modem has absolutely no firewall capabilities, leaving only a software solution. Oh, well. Comodo is actually running pretty well on my system and it does provide two way protection. However, the fact that Shields UP claims it's able to successfully ping my system does concern me.

Also, would adding Threatfire to my system (Vista x64) be worth it?

Best Regards...

[ilker]

I got the same problem I tried many firewalls to get ' stealth ' result but everytime i tested it failed... But when i activated my router firewall it passed the test. But i have a question: let's say i m in the airport or in a cafe with wireless connection and thats why i wouldn't use my router firewall. So will my Windows built-in firewall hide my ports? I hope it will do its job

Have a nice day
ilker

[FreewheelinFrank]

Is this forum the right place for religious evangelism?

If it is, here's a balancing view point:

http://www.infidels.org/

[sded]

Still sounds like your modem is just following the rules and answering pings and TCP connection attempts, and is not configurable.  Bottom line is really that you can't be invisible on the internet, so your system needs to be set up to resist targeted attacks against you, primarily by closing your ports when possible and being careful how you answer incoming traffic (if it is allowed) and control outgoing traffic by making use of your software firewall rules.  I tried Threatfire and thought it was a pretty interesting behavior blocker; am using Prevx Edge now for similar capabilities.  I think PC Tools/Threatfire was bought by Symantec so future is
As far as airports, you are under the spell of their wireless router which may or not stealth incoming port scans and block pings, but NAT will keep out traffic not responding to you, and your software firewall will still block things from actually getting into your system.  Just be sure you never trust the network. 

[YoKenny]

My ISP provides the DSL modem from 2Wire and it has an effective built in firewall:
http://www.2wire.com/index.php?p=399

ShieldsUP! report:
https://www.grc.com/x/ne.dll?bh0ciyl2

Code: [Select]

GRC Port Authority Report created on UTC: 2009-02-24 at 15:34:46

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
                            119, 135, 139, 143, 389, 443, 445,
                            1002, 1024-1030, 1720, 5000

    0 Ports Open
    0 Ports Closed
   26 Ports Stealth
---------------------
   26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - NO Ping reply (ICMP Echo) was received.

[ardvark]

I got the same problem I tried many firewalls to get ' stealth ' result but everytime i tested it failed... But when i activated my router firewall it passed the test. But i have a question: let's say i m in the airport or in a cafe with wireless connection and thats why i wouldn't use my router firewall. So will my Windows built-in firewall hide my ports? I hope it will do its job

Have a nice day
ilker

Hi...

Thank you for your reply.

Unfortunately my DSL modem does not come with any "onboard" firewall capabilities, so I trust Comodo to do the job despite any test results.

May God Bless you!

[timcan]

I'm using Vista's firewall and the modem is a Motorola 3347.

.

http://www.qwest.com/internethelp/modems/motorola-3347/pdf/QwestAdminHandbkV774.pdf

Hi ardvark,apparently this modem does have firewall, routing, nat capabilities. hope this helps,tim