Re: Port scan from grc.com fails 1st time passes the 2nd?
From: Duane Arnold (notme_at_notme.com)
Date: 03/11/05
- Next message: Jose Maria Lopez Hernandez: "Re: iptables port forwarding - port is filtered, needs to be open"
- Previous message: Gizmobuddy: "Re: CCAP.EXE Crashes on Remote Desktop Connect"
- In reply to: Paul H: "Port scan from grc.com fails 1st time passes the 2nd?"
- Next in thread: Paul H: "Re: Port scan from grc.com fails 1st time passes the 2nd?"
- Reply: Paul H: "Re: Port scan from grc.com fails 1st time passes the 2nd?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 11 Mar 2005 17:46:02 GMT
"Paul H" <nospam@nospam.com> wrote in
news:13jYd.3226$7r6.1045@newsfe5-gui.ntli.net:
> We have a NAT router with SPI protecting our small LAN.
>
> When I go to http://grc.com and run the shields up scan on common
> ports, it shows the following ports as open; 21, 23 and 80. If I run
> the scan again afew seconds later all ports show a stealthed. If I
> leave it for a few minutes and run the scan again the ports are open
> again.
>
> OK so the firewall is "reacting" to an intrusion attempt, but wouldn't
> it be better to be closed or stealthed the FIRST time an intrusion was
> attempted? Can anyone comment on this routers behaviour? I have never
> seen a router do this before, is it a potential risk, or is it being
> "smart"?
>
> Thanks
>
> Paul
>
>
What router are you talking about? Stealth means nothing to the router. The
machine or machines are *stealth* because they are behind the router. The
ports on the router are *closed* by default. The only way they are open is
due do a machine running a program and the program is making a solicitation
to a remote IP causing the port(s) to *ONLY* (especially true with SPI) be
open to that traffic. Or you have configured the router by doing port
forwarding to open and (leave open) to the public Internet specified
inbound ports for a specific program to listen on those port(s).
You should seek out some other testing sites and not depend solely on the
Gibson site to tell you what's happening with the ports.
And if the NAT router is like most NAT routers, then it's likely a NAT (no
true firewall) router with FW like features.
Duane :)
- Next message: Jose Maria Lopez Hernandez: "Re: iptables port forwarding - port is filtered, needs to be open"
- Previous message: Gizmobuddy: "Re: CCAP.EXE Crashes on Remote Desktop Connect"
- In reply to: Paul H: "Port scan from grc.com fails 1st time passes the 2nd?"
- Next in thread: Paul H: "Re: Port scan from grc.com fails 1st time passes the 2nd?"
- Reply: Paul H: "Re: Port scan from grc.com fails 1st time passes the 2nd?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
