GRC ShieldsUp Port Appearing As Closed Instead of Stealth

Jcwisgod

New Member
Member
Messages
265
Location
USA
I just GRC ShieldsUp Test and all ports besides one is appearing stealthed, how can I fix this so all can appear as stealthed. The port that appears as Closed instead of Stealth is port 25.
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    HP Ultrabook
    CPU
    2.6 GHz Core i5-3317U
    Memory
    8 gb DDR3 Ram
    Screen Resolution
    1366 x 768
    Hard Drives
    320gb HDD, 120gb SSD
    Keyboard
    Backlight Island Style Keyboard
    Mouse
    Trackpad
    Internet Speed
    18 MB/S DL Speed
    Browser
    Opera
    Antivirus
    Avast/Malwarebytes
Are you using a router? If you are, access the web configuration and disable UPnP.
 

My Computer

System One

  • OS
    Windows 8.1 Enterprise
Are you using a router? If you are, access the web configuration and disable UPnP.

I'm using a modem and a router, as far as I can tell UPnP is disable.
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    HP Ultrabook
    CPU
    2.6 GHz Core i5-3317U
    Memory
    8 gb DDR3 Ram
    Screen Resolution
    1366 x 768
    Hard Drives
    320gb HDD, 120gb SSD
    Keyboard
    Backlight Island Style Keyboard
    Mouse
    Trackpad
    Internet Speed
    18 MB/S DL Speed
    Browser
    Opera
    Antivirus
    Avast/Malwarebytes
Probably your modem reporting that. Likely nothing you can do about it, since its likely set by the isp and you can not access advanced settings or whatnot. Just a guess though.

Try accessing your modem's ip address in a web browser. See what you can dig up.

If you don't know it, try 192.168.100.1

or command prompt: tracert eightforums.com

and watch the hops. Should be 2nd one shown, unless it is shown as *
 

My Computer

System One

  • OS
    7601.18247.x86fre.win7sp1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Self-built Intel based
    CPU
    Pentium D 925 3.0 GHz socket 775, Presler @ ~ 3.2 GHz
    Motherboard
    Intel DQ965MT
    Memory
    Hyundai 2 GB DDR2 @ 333 MHz
    Graphics Card(s)
    ASUS DirectCU II HD7790-DC2OC-2GD5 Radeon HD 7790 2GB 128-Bit GDDR5
    Sound Card
    MOTU Traveler firewire interface
    Hard Drives
    1 Seagate Barracuda SATA II system/boot drive 80 GB, 2 Western Digital hdds - 1 is SATA II Caviar Black 1 TB attached to card (assorted media, page, temp), other is SATA I 420 GB (games, media, downloads)
    PSU
    Thermaltake 450W
    Cooling
    stock Gateway cooling, extra large fan in rear of case
    Keyboard
    Alienware/Microsoft Internet kb
    Mouse
    Logitech M510
    Internet Speed
    Optimum Online, fast for US
    Browser
    Pale Moon
    Antivirus
    Kaspersky integrated into ZoneAlarm+Antivirus
As long as the port is closed you have nothing to be concerned about. A closed port is as good as a stealth port.
 

My Computer

System One

  • OS
    Windows 8.1 Enterprise
ehhh not necessarily. It's not a vulnerability in and of itself, but a scan of a block of ips with his in it, or a full scan of only his ip will let the scanner know the ip has equipment operating on it. It would throw a flag, so-to-speak. All in all, still nothing terrible, but not optimal.
 

My Computer

System One

  • OS
    7601.18247.x86fre.win7sp1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Self-built Intel based
    CPU
    Pentium D 925 3.0 GHz socket 775, Presler @ ~ 3.2 GHz
    Motherboard
    Intel DQ965MT
    Memory
    Hyundai 2 GB DDR2 @ 333 MHz
    Graphics Card(s)
    ASUS DirectCU II HD7790-DC2OC-2GD5 Radeon HD 7790 2GB 128-Bit GDDR5
    Sound Card
    MOTU Traveler firewire interface
    Hard Drives
    1 Seagate Barracuda SATA II system/boot drive 80 GB, 2 Western Digital hdds - 1 is SATA II Caviar Black 1 TB attached to card (assorted media, page, temp), other is SATA I 420 GB (games, media, downloads)
    PSU
    Thermaltake 450W
    Cooling
    stock Gateway cooling, extra large fan in rear of case
    Keyboard
    Alienware/Microsoft Internet kb
    Mouse
    Logitech M510
    Internet Speed
    Optimum Online, fast for US
    Browser
    Pale Moon
    Antivirus
    Kaspersky integrated into ZoneAlarm+Antivirus
ehhh not necessarily. It's not a vulnerability in and of itself, but a scan of a block of ips with his in it, or a full scan of only his ip will let the scanner know the ip has equipment operating on it. It would throw a flag, so-to-speak. All in all, still nothing terrible, but not optimal.

If a port does not have any exploitable services running on it, it doesn't matter. If you were to do a port scan of any ip address which reports known ports closed you can not run an exploit against it. So, closed is as good as stealth.
 

My Computer

System One

  • OS
    Windows 8.1 Enterprise
I'm thinking it could be my ISP(ATT), the modem is a 2wire modem/router combo but I got a Netgear Router connected to it.
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    HP Ultrabook
    CPU
    2.6 GHz Core i5-3317U
    Memory
    8 gb DDR3 Ram
    Screen Resolution
    1366 x 768
    Hard Drives
    320gb HDD, 120gb SSD
    Keyboard
    Backlight Island Style Keyboard
    Mouse
    Trackpad
    Internet Speed
    18 MB/S DL Speed
    Browser
    Opera
    Antivirus
    Avast/Malwarebytes
If you search the GRC site it will explain it. It is normal for port 25 to do that on some systems as that is a default port for e-mail. I think it was mentioned on CRC forum.

Jim :cool:
 

My Computer

System One

  • OS
    Windows 7 HP 64bit, Windows 8.1 Pro w/Media Center 64BIT
    Computer type
    PC/Desktop
    System Manufacturer/Model
    ASUS - Home Built
    CPU
    AMD Phenom II X6 1100T
    Motherboard
    ASUS M5A99X EVO
    Memory
    Crucial Balistic DDR-3 1866 CL 9 (8 GB)
    Graphics Card(s)
    MSI R6850 Cyclone IGD5 PE
    Sound Card
    On Chip
    Monitor(s) Displays
    ASUS VE258Q 25" LED with DVI-HDMI-DisplayPort
    Screen Resolution
    1920 x 1080
    Hard Drives
    Two WD Cavier Black 2TB Sata 6gbs
    WD My Book Essential 2TB USB 3.0
    PSU
    Seasonic X650 80 Plus GOLD Modular
    Case
    Corsair 400R
    Cooling
    Antec Kuhler H2O 620, Two 120mm and four 140mm
    Keyboard
    AVS Gear Blue LED Backlight
    Mouse
    Logitech Marble Mouse USB, Logitech Precision Game Pad
    Internet Speed
    15MB
    Antivirus
    NIS, Malwarebytes Premium 2
    Other Info
    APC UPS ES 750, Netgear WNR3500L Gigabit & Wireless N Router with SamKnows Test Program,
    Motorola SB6120 Gigabit Cable Modem.
    Brother HL-2170W Laser Printer,
    Epson V300 Scanner
ehhh not necessarily. It's not a vulnerability in and of itself, but a scan of a block of ips with his in it, or a full scan of only his ip will let the scanner know the ip has equipment operating on it. It would throw a flag, so-to-speak. All in all, still nothing terrible, but not optimal.

If a port does not have any exploitable services running on it, it doesn't matter. If you were to do a port scan of any ip address which reports known ports closed you can not run an exploit against it. So, closed is as good as stealth.

The way it works is like this. Assume two scenarios. The first is that his ip is not a target of any person, organization or group. During block scanning, if a closed port is found, his ip now gets added to a list of "possible" ips to hack. The simplest example is that routers have known and easily exploitable backdoors built in, but there are others.

The other scenario is that if his ip is a target of any person, organization or group, if they find a closed port, they know that the ip is valid and there is hardware operating on it, at the very least.

It's mainly theory, but this stuff takes place all the time too. Even kids that don't know the first thing, run scripts that someone built on an IRC channel and they are owning machines and building botnets thousands of machines deep, running channel servers, placing ftp servers to put what they want to serve on machines, and all types of stuff.

If that closed port wasn't found, those script kiddies wouldn't go to step 2 for his ip.

Even with all that though, that Gibson site meant a lot more than it does now when people did not have routers and connected straight to their isp's modem. And also before XP started having a firewall. I think that was SP2 or something like that. And especially before Microsoft made changes to network shares ("net share", "net use" commands) and disallowing root access when a null (blank) password was set for any given account.

Gibson himself used to have troubles with kids even, running these things built by "real" hackers because he was a huge target because of who he is. A 13 year old kid that didn't know much would give him grief often - lol.
 

My Computer

System One

  • OS
    7601.18247.x86fre.win7sp1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Self-built Intel based
    CPU
    Pentium D 925 3.0 GHz socket 775, Presler @ ~ 3.2 GHz
    Motherboard
    Intel DQ965MT
    Memory
    Hyundai 2 GB DDR2 @ 333 MHz
    Graphics Card(s)
    ASUS DirectCU II HD7790-DC2OC-2GD5 Radeon HD 7790 2GB 128-Bit GDDR5
    Sound Card
    MOTU Traveler firewire interface
    Hard Drives
    1 Seagate Barracuda SATA II system/boot drive 80 GB, 2 Western Digital hdds - 1 is SATA II Caviar Black 1 TB attached to card (assorted media, page, temp), other is SATA I 420 GB (games, media, downloads)
    PSU
    Thermaltake 450W
    Cooling
    stock Gateway cooling, extra large fan in rear of case
    Keyboard
    Alienware/Microsoft Internet kb
    Mouse
    Logitech M510
    Internet Speed
    Optimum Online, fast for US
    Browser
    Pale Moon
    Antivirus
    Kaspersky integrated into ZoneAlarm+Antivirus
If you search the GRC site it will explain it. It is normal for port 25 to do that on some systems as that is a default port for e-mail. I think it was mentioned on CRC forum.

Jim :cool:

Yes. The result of the closed port is very likely because of his isp disallowing any type of serving through that port, whether it be a config on their end or a config they've pushed to individual modems.
 

My Computer

System One

  • OS
    7601.18247.x86fre.win7sp1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Self-built Intel based
    CPU
    Pentium D 925 3.0 GHz socket 775, Presler @ ~ 3.2 GHz
    Motherboard
    Intel DQ965MT
    Memory
    Hyundai 2 GB DDR2 @ 333 MHz
    Graphics Card(s)
    ASUS DirectCU II HD7790-DC2OC-2GD5 Radeon HD 7790 2GB 128-Bit GDDR5
    Sound Card
    MOTU Traveler firewire interface
    Hard Drives
    1 Seagate Barracuda SATA II system/boot drive 80 GB, 2 Western Digital hdds - 1 is SATA II Caviar Black 1 TB attached to card (assorted media, page, temp), other is SATA I 420 GB (games, media, downloads)
    PSU
    Thermaltake 450W
    Cooling
    stock Gateway cooling, extra large fan in rear of case
    Keyboard
    Alienware/Microsoft Internet kb
    Mouse
    Logitech M510
    Internet Speed
    Optimum Online, fast for US
    Browser
    Pale Moon
    Antivirus
    Kaspersky integrated into ZoneAlarm+Antivirus
huh? I don't use Google and I didn't search anything at all in relation to this.

I use Startpage https.
 

My Computer

System One

  • OS
    7601.18247.x86fre.win7sp1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Self-built Intel based
    CPU
    Pentium D 925 3.0 GHz socket 775, Presler @ ~ 3.2 GHz
    Motherboard
    Intel DQ965MT
    Memory
    Hyundai 2 GB DDR2 @ 333 MHz
    Graphics Card(s)
    ASUS DirectCU II HD7790-DC2OC-2GD5 Radeon HD 7790 2GB 128-Bit GDDR5
    Sound Card
    MOTU Traveler firewire interface
    Hard Drives
    1 Seagate Barracuda SATA II system/boot drive 80 GB, 2 Western Digital hdds - 1 is SATA II Caviar Black 1 TB attached to card (assorted media, page, temp), other is SATA I 420 GB (games, media, downloads)
    PSU
    Thermaltake 450W
    Cooling
    stock Gateway cooling, extra large fan in rear of case
    Keyboard
    Alienware/Microsoft Internet kb
    Mouse
    Logitech M510
    Internet Speed
    Optimum Online, fast for US
    Browser
    Pale Moon
    Antivirus
    Kaspersky integrated into ZoneAlarm+Antivirus
A port will show Stealth if it does not respond to the inquiry. A Closed port is one that does send a response but will not accept a connection. Port 25 is used by many ISP's as default for e-mail and the ISP is responding to the request but refusing the connection. read all about it on link below.

https://www.grc.com/groups/shieldsup

Jim :cool:
 

My Computer

System One

  • OS
    Windows 7 HP 64bit, Windows 8.1 Pro w/Media Center 64BIT
    Computer type
    PC/Desktop
    System Manufacturer/Model
    ASUS - Home Built
    CPU
    AMD Phenom II X6 1100T
    Motherboard
    ASUS M5A99X EVO
    Memory
    Crucial Balistic DDR-3 1866 CL 9 (8 GB)
    Graphics Card(s)
    MSI R6850 Cyclone IGD5 PE
    Sound Card
    On Chip
    Monitor(s) Displays
    ASUS VE258Q 25" LED with DVI-HDMI-DisplayPort
    Screen Resolution
    1920 x 1080
    Hard Drives
    Two WD Cavier Black 2TB Sata 6gbs
    WD My Book Essential 2TB USB 3.0
    PSU
    Seasonic X650 80 Plus GOLD Modular
    Case
    Corsair 400R
    Cooling
    Antec Kuhler H2O 620, Two 120mm and four 140mm
    Keyboard
    AVS Gear Blue LED Backlight
    Mouse
    Logitech Marble Mouse USB, Logitech Precision Game Pad
    Internet Speed
    15MB
    Antivirus
    NIS, Malwarebytes Premium 2
    Other Info
    APC UPS ES 750, Netgear WNR3500L Gigabit & Wireless N Router with SamKnows Test Program,
    Motorola SB6120 Gigabit Cable Modem.
    Brother HL-2170W Laser Printer,
    Epson V300 Scanner
ehhh not necessarily. It's not a vulnerability in and of itself, but a scan of a block of ips with his in it, or a full scan of only his ip will let the scanner know the ip has equipment operating on it. It would throw a flag, so-to-speak. All in all, still nothing terrible, but not optimal.

If a port does not have any exploitable services running on it, it doesn't matter. If you were to do a port scan of any ip address which reports known ports closed you can not run an exploit against it. So, closed is as good as stealth.

nope,
closed means that you are vulnerable to DOS attack.
not sure why would you have smtp just closed but 2wire is one of the older routers so this may be a reason.
 

My Computer

System One

  • OS
    windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model
    MSI
    CPU
    i7-4800MQ
    Memory
    32GB
    Graphics Card(s)
    nVidia GeForce GTX 770M
    Browser
    Enhanced Protected Mode IE/protected mode Firefox
    Antivirus
    nope
    Other Info
    OpenNIC/DNSCrypt/VPN/EMET
ehhh not necessarily. It's not a vulnerability in and of itself, but a scan of a block of ips with his in it, or a full scan of only his ip will let the scanner know the ip has equipment operating on it. It would throw a flag, so-to-speak. All in all, still nothing terrible, but not optimal.

If a port does not have any exploitable services running on it, it doesn't matter. If you were to do a port scan of any ip address which reports known ports closed you can not run an exploit against it. So, closed is as good as stealth.

nope,
closed means that you are vulnerable to DOS attack.
not sure why would you have smtp just closed but 2wire is one of the older routers so this may be a reason.

why would you be anymore vulnerable to a DDoS attack, by it being closed rather than stealth? and I got the 2wire acting just as a modem and a Netgear router connected to it
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    HP Ultrabook
    CPU
    2.6 GHz Core i5-3317U
    Memory
    8 gb DDR3 Ram
    Screen Resolution
    1366 x 768
    Hard Drives
    320gb HDD, 120gb SSD
    Keyboard
    Backlight Island Style Keyboard
    Mouse
    Trackpad
    Internet Speed
    18 MB/S DL Speed
    Browser
    Opera
    Antivirus
    Avast/Malwarebytes
close means that you are there, you are visible. Attack may not touch port 25, but presence of this port confirms that your IP address is active. In addition to that, attacker may try to get around your firewall, not necessary through it.

Few years ago things were different because you would want ports to be closed rather than stealth. This way you could in some way protect yourself by being more proactive. With the rise of GRC and so called stealth (not true but still) ports (stealth port was invented by S.G.) you can assume that stealth ports will slow down possible attack, but you will not be able to detect it until it happens.

To be honest I would advise against using Shields UP.
 

My Computer

System One

  • OS
    windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model
    MSI
    CPU
    i7-4800MQ
    Memory
    32GB
    Graphics Card(s)
    nVidia GeForce GTX 770M
    Browser
    Enhanced Protected Mode IE/protected mode Firefox
    Antivirus
    nope
    Other Info
    OpenNIC/DNSCrypt/VPN/EMET
close means that you are there, you are visible. Attack may not touch port 25, but presence of this port confirms that your IP address is active. In addition to that, attacker may try to get around your firewall, not necessary through it.

Few years ago things were different because you would want ports to be closed rather than stealth. This way you could in some way protect yourself by being more proactive. With the rise of GRC and so called stealth (not true but still) ports (stealth port was invented by S.G.) you can assume that stealth ports will slow down possible attack, but you will not be able to detect it until it happens.

To be honest I would advise against using Shields UP.

Do you use an alternate firewall, rather than windows built in one
 

My Computer

System One

  • OS
    Windows 8
    Computer type
    Laptop
    System Manufacturer/Model
    HP Ultrabook
    CPU
    2.6 GHz Core i5-3317U
    Memory
    8 gb DDR3 Ram
    Screen Resolution
    1366 x 768
    Hard Drives
    320gb HDD, 120gb SSD
    Keyboard
    Backlight Island Style Keyboard
    Mouse
    Trackpad
    Internet Speed
    18 MB/S DL Speed
    Browser
    Opera
    Antivirus
    Avast/Malwarebytes
unfortunately nothing that I could suggest: I have OpenBSD firewall/router configured on 7yrs old computer at home. My new win8.1 laptop just uses windows firewall when outside.

I would look for something that is as configurable as possible (that is you can do simple "block all in" and "pass out all" and slowly learn how to best configure good firewall) with clear and detailed logging.

At home I assume you are behind router firewall and windows firewall is up. This should work well if you remember that firewall is only one part of system defense.
 

My Computer

System One

  • OS
    windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model
    MSI
    CPU
    i7-4800MQ
    Memory
    32GB
    Graphics Card(s)
    nVidia GeForce GTX 770M
    Browser
    Enhanced Protected Mode IE/protected mode Firefox
    Antivirus
    nope
    Other Info
    OpenNIC/DNSCrypt/VPN/EMET
Back
Top