Windows 8 and 8.1 Forums


GRC ShieldsUp Port Appearing As Closed Instead of Stealth

  1. #11


    Posts : 1,883
    7601.18247.x86fre.win7sp1


    Quote Originally Posted by ectech View Post
    Quote Originally Posted by MasterChief View Post
    ehhh not necessarily. It's not a vulnerability in and of itself, but a scan of a block of ips with his in it, or a full scan of only his ip will let the scanner know the ip has equipment operating on it. It would throw a flag, so-to-speak. All in all, still nothing terrible, but not optimal.
    If a port does not have any exploitable services running on it, it doesn't matter. If you were to do a port scan of any ip address which reports known ports closed you can not run an exploit against it. So, closed is as good as stealth.
    The way it works is like this. Assume two scenarios. The first is that his ip is not a target of any person, organization or group. During block scanning, if a closed port is found, his ip now gets added to a list of "possible" ips to hack. The simplest example is that routers have known and easily exploitable backdoors built in, but there are others.

    The other scenario is that if his ip is a target of any person, organization or group, if they find a closed port, they know that the ip is valid and there is hardware operating on it, at the very least.

    It's mainly theory, but this stuff takes place all the time too. Even kids that don't know the first thing, run scripts that someone built on an IRC channel and they are owning machines and building botnets thousands of machines deep, running channel servers, placing ftp servers to put what they want to serve on machines, and all types of stuff.

    If that closed port wasn't found, those script kiddies wouldn't go to step 2 for his ip.

    Even with all that though, that Gibson site meant a lot more than it does now when people did not have routers and connected straight to their isp's modem. And also before XP started having a firewall. I think that was SP2 or something like that. And especially before Microsoft made changes to network shares ("net share", "net use" commands) and disallowing root access when a null (blank) password was set for any given account.

    Gibson himself used to have troubles with kids even, running these things built by "real" hackers because he was a huge target because of who he is. A 13 year old kid that didn't know much would give him grief often - lol.

      My System SpecsSystem Spec

  2. #12


    Posts : 1,883
    7601.18247.x86fre.win7sp1


    Quote Originally Posted by Phone Man View Post
    If you search the GRC site it will explain it. It is normal for port 25 to do that on some systems as that is a default port for e-mail. I think it was mentioned on CRC forum.

    Jim
    Yes. The result of the closed port is very likely because of his isp disallowing any type of serving through that port, whether it be a config on their end or a config they've pushed to individual modems.
      My System SpecsSystem Spec

  3. #13


    Posts : 1,360
    Windows 8.1 Enterprise


    I'm glad you know how to use Google Search sweetheart.
      My System SpecsSystem Spec

  4. #14


    Posts : 1,883
    7601.18247.x86fre.win7sp1


    huh? I don't use Google and I didn't search anything at all in relation to this.

    I use Startpage https.
      My System SpecsSystem Spec

  5. #15


    Covington, La
    Posts : 1,184
    Windows 7 HP 64bit, Windows 8.1 Pro w/Media Center 64BIT


    A port will show Stealth if it does not respond to the inquiry. A Closed port is one that does send a response but will not accept a connection. Port 25 is used by many ISP's as default for e-mail and the ISP is responding to the request but refusing the connection. read all about it on link below.

    https://www.grc.com/groups/shieldsup

    Jim
      My System SpecsSystem Spec

  6. #16


    Posts : 70
    windows 8.1


    Quote Originally Posted by ectech View Post
    Quote Originally Posted by MasterChief View Post
    ehhh not necessarily. It's not a vulnerability in and of itself, but a scan of a block of ips with his in it, or a full scan of only his ip will let the scanner know the ip has equipment operating on it. It would throw a flag, so-to-speak. All in all, still nothing terrible, but not optimal.
    If a port does not have any exploitable services running on it, it doesn't matter. If you were to do a port scan of any ip address which reports known ports closed you can not run an exploit against it. So, closed is as good as stealth.
    nope,
    closed means that you are vulnerable to DOS attack.
    not sure why would you have smtp just closed but 2wire is one of the older routers so this may be a reason.
      My System SpecsSystem Spec

  7. #17


    Quote Originally Posted by Michal View Post
    Quote Originally Posted by ectech View Post
    Quote Originally Posted by MasterChief View Post
    ehhh not necessarily. It's not a vulnerability in and of itself, but a scan of a block of ips with his in it, or a full scan of only his ip will let the scanner know the ip has equipment operating on it. It would throw a flag, so-to-speak. All in all, still nothing terrible, but not optimal.
    If a port does not have any exploitable services running on it, it doesn't matter. If you were to do a port scan of any ip address which reports known ports closed you can not run an exploit against it. So, closed is as good as stealth.
    nope,
    closed means that you are vulnerable to DOS attack.
    not sure why would you have smtp just closed but 2wire is one of the older routers so this may be a reason.
    why would you be anymore vulnerable to a DDoS attack, by it being closed rather than stealth? and I got the 2wire acting just as a modem and a Netgear router connected to it
      My System SpecsSystem Spec

  8. #18


    Posts : 70
    windows 8.1


    close means that you are there, you are visible. Attack may not touch port 25, but presence of this port confirms that your IP address is active. In addition to that, attacker may try to get around your firewall, not necessary through it.

    Few years ago things were different because you would want ports to be closed rather than stealth. This way you could in some way protect yourself by being more proactive. With the rise of GRC and so called stealth (not true but still) ports (stealth port was invented by S.G.) you can assume that stealth ports will slow down possible attack, but you will not be able to detect it until it happens.

    To be honest I would advise against using Shields UP.
      My System SpecsSystem Spec

  9. #19


    Quote Originally Posted by Michal View Post
    close means that you are there, you are visible. Attack may not touch port 25, but presence of this port confirms that your IP address is active. In addition to that, attacker may try to get around your firewall, not necessary through it.

    Few years ago things were different because you would want ports to be closed rather than stealth. This way you could in some way protect yourself by being more proactive. With the rise of GRC and so called stealth (not true but still) ports (stealth port was invented by S.G.) you can assume that stealth ports will slow down possible attack, but you will not be able to detect it until it happens.

    To be honest I would advise against using Shields UP.
    Do you use an alternate firewall, rather than windows built in one
      My System SpecsSystem Spec

  10. #20


    Posts : 70
    windows 8.1


    unfortunately nothing that I could suggest: I have OpenBSD firewall/router configured on 7yrs old computer at home. My new win8.1 laptop just uses windows firewall when outside.

    I would look for something that is as configurable as possible (that is you can do simple "block all in" and "pass out all" and slowly learn how to best configure good firewall) with clear and detailed logging.

    At home I assume you are behind router firewall and windows firewall is up. This should work well if you remember that firewall is only one part of system defense.
      My System SpecsSystem Spec

Page 2 of 3 FirstFirst 123 LastLast
GRC ShieldsUp Port Appearing As Closed Instead of Stealth
Related Threads
I have 3 monitors connected to an AMD HD5770 graphics card. Two monitors connect via HDMI, and the third through a Sapphire Active DisplayPort->DVI adaptor. Things have been working fine for years, but recently I started sleeping my computer when I am not using it during the day, as opposed to my...
47143 47144 47145 so i opened my port 25565 (or so i thought) went to test to see if its open on multiple sites and....all of them say its closed. :confused:
CDMA software requires a COM port to communicate with a cell phone. I'm using HW Virtual Serial Port v3.1.2 (single port, standalone install). I have a separate modem and router. My Win8.1 PC is hardwired to the modem. Windows firewall is off. Windows Defender is off. Motorola Mobile Drivers...
How do I enable stealth mode on my netgear router? My model is: N300 Wireless Gigabit Router WNR3500l
How to record webcam in stealth ? in Drivers & Hardware
I suspect someone is stealing from me. I would like to enable the You cam on both my Win 8 and Win 7 machines and turn the screen off when You cam is minimized and recording, but it will not do it even with the power set to do so at 1 minute as long as You cam is still running and minimized....
Solved Port 25 closed, good or bad? in Network & Sharing
I was running a port scan, and every port was blocked besides port 25 which said closed, Screenshot: Screenshot by Lightshot Is that a good or bad thing?
Eight Forums Android App Eight Forums IOS App Follow us on Facebook