Re: Proper "stealth" behavior

From: John Brock (jbrock_at_panix.com)
Date: 03/26/04


Date: 26 Mar 2004 14:57:01 -0500

In article <c420hr$i53$1@panix1.panix.com>,
John Brock <jbrock@panix.com> wrote:
[...]

>In particular, when I first got the router I used the same service
>and was told that all ports were operating in "stealth" mode. But
>I think the service has been expanded since then. This time I ran
>the "All Service Ports" test (which I'm not sure existed last time),
>and the first time I ran it all the ports showed up in green
>("stealth"), except port 113 (blue, or "closed"), until I got to
>the very end of the test, when the last two dozen or so ports showed
>up as blue. But when I repeated the test *everything* came up as
>blue (except port 80 and one other that I can't remember)!

[...]

>So what I want to know is whether this is normal behavior for a
>firewall. I don't see any reason for this behavior (why not just
>stay in stealth mode?), and my concern is that maybe I've damaged
>the router by trying to flash it, and at some point the firewall
>may fail entirely. But OTOH maybe this was always the firewall's
>behavior, and I just never did this test before (or never ran it
>twice in a row).

Actually it would be interesting to learn how different firewalls
handle this test. Maybe some other people here could give it a
try. Just find the ShieldsUP! link at http://www.grc.com/default.htm,
run the "All Service Ports" test twice in a row, and let us know
whether the two results are the same.

-- 
John Brock
jbrock@panix.com