Stealth vs Closed ports and firewalls

From: Kerodo (kerodonospamkenny_at_hotmail.com)
Date: 09/29/04 

Date: Tue, 28 Sep 2004 18:20:07 -0700

I'm playing with an old version of ZoneAlarm 2.6 here just for fun, and
it gives you the option of running without stealth mode, which is
interesting. I turn stealth off and go test at grc.com. Grc tells me
that most of my ports are Closed, but 1025 is Open (Ms Task Scheduler on
Win2k here). So I assume that closed ports is fine, but anything Open
is vulnerable and should be closed. Right?

I'm used to the stealth mode in most firewalls today. If I put ZA into
stealth mode, I notice that it also blocks access to port 1025 which MS
Task is listening on. But in Non-Stealth mode, ZA doesn't even ask me
about the incoming connection attempt. Why is this? Shouldn't the
firewall ask about any incoming connections to listening ports? 

-- 
Kerodo

Relevant Pages

  • Re: Port protection
    ... Here's the list of ports and the level of protection. ... Please note that there is very very little advantage to stealth mode versus the normal blocking. ... But if the request is REJECTed then they will know that there is no way to connect to that port. ... In many circumstances, using REJECT is more network friendly toward legitimate other machines, while doing little the thwart attacks from the malicious ones. ...
    (comp.sys.mac.system)
  • Re: Kerio users.
    ... >> stealth mode, the other 1044 being just closed. ... >> the Kerio F/W or have I done something very wrong? ... But with that I seem to have all but two of the first 1056 ports in stealth ...
    (uk.people.silversurfers)
  • Re: Stealth TCP
    ... >> " Stealth mode listens to the ports at socket level instead of binding ... The sentence might have intended to say that in stealth mode, ... comes from some kind of portscan reporter, or a program that listens on many ... "at socket level" should have been "below socket ...
    (comp.os.linux.security)
  • Re: Stealth vs Closed ports and firewalls
    ... So I assume that closed ports is fine, ... > I'm used to the stealth mode in most firewalls today. ... > about the incoming connection attempt. ...
    (comp.security.firewalls)
  • Re: Kerio users.
    ... Atm I am disabling it and using the XP F/W, But with that I seem to have all but two of the first 1056 ports in stealth mode ... I'm seriously considering uninstalling Kerio and returning to uusing ZA which did seem to keep all those first 1056 ports in stealth mode. ... If you didn't get prompts, you need to check your settings. ...
    (uk.people.silversurfers)