Re: How to stealth against ping/echo requests?
- From: "Roberto" <robthelatch@xxxxxxxxxxxxxxxxxx>
- Date: Fri, 20 Feb 2009 07:50:52 -0000
jackD@xxxxxxxxxxxxxxxx:aoesp45uppoc3kiukeuj8onueai9grgdpe@xxxxxxxxxx
I just started using the Online-Armor firewall. It passed all the GRC
tests except that it did answer a ping request. How do I keep this firewall
from answering pings? I'm using XP Pro w/Service Pack 3.
The following from a forum on this subject might help you.
Rob
Did a Shields UP scan at http://www.grc.com, all the scans fail. It shows my
host name on the first step, File sharing seems to pass I think. Common
ports fail. Some ports are even open. Most are closed. A couple are stealth.
RPC OPEN! (Remote Procedure Call) This impossible-to-close port appears in
most Windows systems. Since many insecure Microsoft services use this port,
it should never be left "open" to the outside world. This port has been
exploited to send "Messenger Spam" pop-ups to Microsoft windows users. Since
it is impossible to close, you will need a personal firewall or NAT router
to block it from external access. Do it soon!
--------------------------------------------------------------------------------
Are you behind a router ? A very useful tool to close dangerous open ports
(including 135) is gkweb's Windows Worms Door Cleaner
You can find it here http://www.firewallleaktester.com/wwdc.htm Since I
switched to router mode, I'm also failing the Shields Up test. But I still
have OA running. Is my computer still secure, or do I have to switch back to
a "dialling" mode to be protected? I tried to enable all firewall options in
the router that I have found, but Shields Up is still sending me a "failed"
status. :?
--------------------------------------------------------------------------------
Do you get a private ip? if so, marking your interface as untrusted will
work.
--------------------------------------------------------------------------------
Did a Shields UP scan at http://www.grc.com, all the scans fail. It shows my
host name on the first step, File sharing seems to pass I think. Common
ports fail. Some ports are even open. Most are closed. A couple are stealth.
The following information about Setting Up Your Hardware Firewall,
especially the Protecting Port part, might be useful to you:
http://www.devhardware.com/c/a/Hardware-Guides/Setting-up-Your-Hardware-Firewall/
P.S. I strongly believe OA firewall and HIPS features when used properly,
should pass all types of leak-tests. Together with a hardware firewall
(router), you should be quite secured. I'm not going through a router
anymore. It is too much of a pain to open and close ports all the time so I
disconnected it. Was the D-link I-604 or something. It has a crappy
interface and is a waste of time.
I can use the windows firewall to pass those leak tests. In fact I can use
just about any other firewall to pass them. I don't know why it would have
open ports with OA. They should all be stealthed. I didn't change any of the
default options. I can use the windows firewall to pass those leak tests.
In fact I can use just about any other firewall to pass them. I don't know
why it would have open ports with OA. They should all be stealthed. I didn't
change any of the default options.A port will be open if it is in use, and
allowed to be accessed. If you can tell me about how your network is setup I
can help you. I'm going to guess: you should mark the interface as
untrusted.
--------------------------------------------------------------------------------
There we go... I went into Firewall clicked the Interface tab and unchecked
Turst on the internet card. Now it passes the tests fine. No clue why it had
that marked as trusted though.no clue why it had that marked as trusted
though. That is the default setting. So the default setting is to trust my
WAN connection? If so that can't be good. Either way, thank you all so much
for your help =) I appreciate it! And if there is anything else I can do to
help test please let me know.
--------------------------------------------------------------------------------
Tagging my network card as untrusted didn't worked for me. Shields Up!
claims that I have port 80 open, two stealthed (21 and 23), and the rest
closed. I went to Huawei support and it seems this is a "standard
behaviour", and as long as I have a firewall on my computer everything
should be fine. I just don't know. My modem is working as a router, my ISP
gives me a different IP every time I turn the modem on, and I have DHCP
disabled, all the IPs on my network are static.
--------------------------------------------------------------------------------
All I know is I had to uncheck the one for my WAN connection. There was
another one for a network card I don't actually have in my computer anymore
too but I sometimes put it in whenever I want to share internet with another
computer. Also I tested wow, my latency is about double what it usually is.
Not sure why that is but it seems to work ok with logging off. So the
default setting is to trust my WAN connection? If so that can't be good.
Either way, thank you all so much for your help =) I appreciate it! And if
there is anything else I can do to help test please let me know. To trust,
or not to trust, that is the question. Basically what should happen is if
you are on a private IP range then those ports should be available. The idea
is simple: local computers on your local network need to be able to speak,
and you'd like to be able to speak to printers. If we make the default NOT
to trust then this does not work. So, unless there is a bug here (something
I will check out later today) we need to ask yourself: which will be more
common setup? to me, I assume that most people that have a private-range IP
address are on a lan or behind a router. I think you are right, Mike. I
have been playing for a while with some of the router's options, and while
Shields Up! insists on giving me a failed status, I have managed to stealth
port 80. The rest are closed, so with that plus OA, I should be safe (I
think).
--------------------------------------------------------------------------------
Well, I did something similar. Of course, I didn't turned off my computer,
but I added a rule similar to the one I added for port 80, but this time
going from port 0 to 1055. That range is used in the "All Service Ports"
test. And the result was a "Passed", all ports in range completely
stealthed. Seems my router had some holes after all, with a little tweaking
I'll be back on track. Oh I think I get what it is doing then. I have an
onboard NIC that I dial up the DSL modem with and that gets a 169.254.x.x
address by default because nothing gives it an IP. But the connection to the
internet is not a private IP and does not show as one inside of OA. The
169.254.x.x network connection icon in my system tray has limited or no
connectivity but that is how I dial up the internet through that card and
then another icon appears on my system tray for the internet. When I plug
in my other NIC it always keeps a 192.168.x.x address to share internet to
the rest of the network through a router set in hub mode because it
sucks.other firewalls seem to ask me which connection is my Internet
connection upon installation, similar to how the windows xp network setup
wizard does it as well, and I don't think OA did that. My modem is not
acting as a router, I have it in bridge mode. I dial up with my computer and
I am not behind a router. I may have my network set to be a sharing network
as I remove one card now and then and replace it with my soundcard. Only
have 2 pci slots and my video card is so big it takes one of them up so I
can't put anything into it. Will be getting a usb to ethernet adaptor in the
future to share internet with other people when they visit so I don't have
to keep removing my sound card. Seems WoW is still occasionally giving me
trouble, like its caught in a loop for a bit. And the latency is quite high.
Around 500 or more most of the time when it is around 100-200 when I disable
the firewall. EDIT: Just noticed that the other one is in fact a 169 address
and not 192... my bad. Had that card in earlier when I looked at that. (edit
again: I'm talking about the two interfaces that appear in OA) I have
tested some firewalls and liked how they deal with trusted/untrusted LANs in
ZoneAlarm. Every time it founds a new LAN, it asks if you want to trust it
or not. It happens at installation time and at work. The only one, who have
trusted by default, was Jetico. But when I marked my LAN as distrusted, it
began asking me, if I trust every node on the net, that tried to connect to
my computer!!! I deleted it with hate. I sit in a LAN of approx. 200 comps
and an authorising proxy. All of us have fixed IPs. We usually don't use our
big LAN to connect with each other, only to Internet, and transfer data to
each other by flashcards. It's hard to believe, what a lot of people are not
worried about viruses, trojans, adware, etc, especially among academic
scientists. They usually say, that when the number of viruses on their
computers exceeds some critical maximum, they begin fighting with each other
and not their comps. That's why various worms always crawl from their comps
all over the LAN and sysadmins can do nothing with them. That's why I want
to be totally hidden and protected from the LAN. Also, I am just curious as
to what is the name and model of your modem/router. Just in case, I can find
out some useful information about it.
Number one and three. The ping reply I fixed it by blocking ICMP echo
"request" and "reply". And "solicited TCP packets" will only give you a
"Passed" if they are stealthed. My modem/router is a Huawei Smartax MT880
(orange and white, really cheap, but it works). Number one and three. The
ping reply I fixed it by blocking ICMP echo "request" and "reply". And
"solicited TCP packets" will only give you a "Passed" if they are stealthed.
My modem/router is a Huawei Smartax MT880 (orange and white, really cheap,
but it works). So after all of your fixing on the router, the Shields Up
test gives you an overall PASSED?
I still have to stealth the last two ports in the "Common Ports" test, then,
I think I'll have a "Passed". I have tested some firewalls and liked how
they deal with trusted/untrusted LANs in ZoneAlarm. Every time it founds a
new LAN, it asks if you want to trust it or not. It happens at installation
time and at work. The only one, who have trusted by default, was Jetico. But
when I marked my LAN as distrusted, it began asking me, if I trust every
node on the net, that tried to connect to my computer!!! I deleted it with
hate. I sit in a LAN of approx. 200 comps and an authorising proxy. All of
us have fixed IPs. We usually don't use our big LAN to connect with each
other, only to Internet, and transfer data to each other by flashcards. It's
hard to believe, what a lot of people are not worried about viruses,
trojans, adware, etc, especially among academic scientists. They usually
say, that when the number of viruses on their computers exceeds some
critical maximum, they begin fighting with each other and not their comps.
That's why various worms always crawl from their comps all over the LAN and
sysadmins can do nothing with them. That's why I want to be totally hidden
and protected from the LAN. In such case, I will suggest you mark the LAN
as untrusted in OAFW and that's it - system ports will treat the LAN as if
it were an internet connection. In upcoming release you can (if you choose
to) override this on an individual computer basis.
.
- Prev by Date: Re: Comodo Active Connections
- Next by Date: Re: How to remove Trojan Brisv.A !inf - Trojan Brisv.a inf removal tool
- Previous by thread: Re: How to stealth against ping/echo requests?
- Index(es):
Relevant Pages
|
