Re: Stealth vs Closed ports and firewalls

From: Casey (Casey_at_nosuch.net)
Date: 09/30/04 

Date: Wed, 29 Sep 2004 23:00:24 GMT

In article <MPG.1bc3ada252d4fc2e9896c4@news.central.cox.net>, kerodonospamkenny@hotmail.com says...
> I'm playing with an old version of ZoneAlarm 2.6 here just for fun, and
> it gives you the option of running without stealth mode, which is
> interesting. I turn stealth off and go test at grc.com. Grc tells me
> that most of my ports are Closed, but 1025 is Open (Ms Task Scheduler on
> Win2k here). So I assume that closed ports is fine, but anything Open
> is vulnerable and should be closed. Right?
>
> I'm used to the stealth mode in most firewalls today. If I put ZA into
> stealth mode, I notice that it also blocks access to port 1025 which MS
> Task is listening on. But in Non-Stealth mode, ZA doesn't even ask me
> about the incoming connection attempt. Why is this? Shouldn't the
> firewall ask about any incoming connections to listening ports?
>
I can't answer your question but I will make a side comment.
Different firewalls apparently have different meanings for
Stealth Mode. In Sygate, when running in the stealth mode,
a web site will not know what OS or browser you are using.
This is said to cause some websites to not function properly.
Casey

Relevant Pages

  • Re: Port protection
    ... Here's the list of ports and the level of protection. ... Please note that there is very very little advantage to stealth mode versus the normal blocking. ... But if the request is REJECTed then they will know that there is no way to connect to that port. ... In many circumstances, using REJECT is more network friendly toward legitimate other machines, while doing little the thwart attacks from the malicious ones. ...
    (comp.sys.mac.system)
  • Re: Kerio users.
    ... >> stealth mode, the other 1044 being just closed. ... >> the Kerio F/W or have I done something very wrong? ... But with that I seem to have all but two of the first 1056 ports in stealth ...
    (uk.people.silversurfers)
  • Re: Stealth TCP
    ... >> " Stealth mode listens to the ports at socket level instead of binding ... The sentence might have intended to say that in stealth mode, ... comes from some kind of portscan reporter, or a program that listens on many ... "at socket level" should have been "below socket ...
    (comp.os.linux.security)
  • Stealth vs Closed ports and firewalls
    ... So I assume that closed ports is fine, ... I'm used to the stealth mode in most firewalls today. ... about the incoming connection attempt. ... firewall ask about any incoming connections to listening ports? ...
    (comp.security.firewalls)
  • Re: Kerio users.
    ... Atm I am disabling it and using the XP F/W, But with that I seem to have all but two of the first 1056 ports in stealth mode ... I'm seriously considering uninstalling Kerio and returning to uusing ZA which did seem to keep all those first 1056 ports in stealth mode. ... If you didn't get prompts, you need to check your settings. ...
    (uk.people.silversurfers)