Ports visible in full stealth question

Hello,

I’ve been using CIS ver5.10 with D+ (no AV) sandbox disabled along with Eset Nod32 AV for about 4 months now. Been using PCFlank and GRC ShieldsUP for stealth testing and I always get a full stealth/TruStealth. Earlier I tried PCFlanks “Quicktest” and was surprised to see that it had ports “visible”, it said:

“Warning!
The test found visible port(s) on your system: 135,
137, 138, 139”

Now I am confused there. Earlier the result was, Full Stealth and now I have ports visible. Aren’t those ports supposed to be not visible…?

ShieldsUP says,

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed

1056 Ports Stealth

1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

I have settings for NetBios-RPC. Please see image attached on port sets. Also see Application Rules for System on the image attached.

Are the settings correct or did just PCFlank erred on this one…?

My settings (of which I did after a former post) can be found
HERE

Thanks in advance :slight_smile:

Is there a router in your network setup? Then PC Flank and GRC are probing your router.

Hi EricJH,

Thanks for the reply. No, this setup is not on a router. This one is on a dial-up setup.

If Shields Up is telling you one thing, and PC Flank is telling you another, I guess you’ll need to decide which one you feel is giving you accurate data.

Can you show me a screenshot of your Global Rules?

The two tests you did were both performed from the web sites? They were not performed by running a file locally on your computer?

Hello guys,

Thanks for the reply.

Yes the tests were all done with the websites of PCFlank and ShieldsUP. No file running locally on the pc. The Stealth test of PCFlank says it’s Stealth together with the ShieldsUP. Ran th Quicktest again earlier and got the same result.

This is where I am getting confused. PCFlank Stealth test result says I am stealth but in it’s Quicktest ports 135,137, 138, 139 are visible.

Any ideas…?

Does the Quicktest report the visibility consistently? Could you try Quicktest a couple of times more?

Hi EricJH,

These results are today. The Quictest image is the 3rd test I underwent. Is there any test that I can do to make sure…?

Thanks!

I think there may be something up with the PC Flank Quick test.

I am sitting behind a router and do not have my local network set as a trusted network. Still the Quick Test shows the same 4 ports at risk; they are categorized as closed. When running the Advanced Port Scanner I get the same result for those four ports.

I disabled NETBIOS on my computer following this tutorial and still the test would show the four NETBIOS ports open.

Unfortunately there is no documentation on the PC Flank web site how the tests are performed. But as far as I can tell the PC Flank test is flaky.

Thank you for the reply.

Yes I have also NetBIOS disabled too. via your help and of Radaghast I have set it up that way. HERE

Hmm…I too was looking for some documentation about it but alas there was none! Any test I can do to make sure it’s really stealthed…?

There are various ways of looking at it:

  • The majority of tests must be right
  • One failed test from PC Flank against two passes from PC Flank and GRC
  • Discredit PC Flank tests because of inconsistencies and believe GRC
  • Believe CIS will stealth you (that is what I believe )

I know CIS will stealth you and I trust it.

Hi EricJH,

The first image was done on a spare hdd from which I loaded a clean system image with Avira IS 2012(with firewall). GRC/PCFlank stealth test was okay except the Quicktest. The PCFlank test was the same. The second image was done again on the partition I am using with CIS.

Results shows the same of the specific ports tested with GRC. So I think tha PCFlank Quicktest erred. For a long time I am running CIS + AV of my choice and never really had any problems with Stealth. Though a lot of debate on “stealth or not to stealth” / “is stealth really achievable?” / etc, I believe being stealthed is important and helps.

I definitely believe CIS protects me that is why it remains in my system. Though I try a different combination from time to time, CIS will always be there in all of my system because I like it and trust it to protect me.

So the verdict is:

I believe in CIS and PCFlank tests are inconsistent with no other documentation to help you on that at their website.

The PCFlank Stealth test result was always “Stealthed” for me but their Quicktest which also has stealth testing gives a different result. That is definitely inconsistent on the part of PCFlank.

In turn all GRC test was always TruStealth on those specific ports as well as the first 1056 ports.

Thank you!

See the highlighting in blue. Due to inconsistencies in the PC Flank test we cannot believe them. Which is very unfortunate…

Unfortunate yes. The reality is I am glad I have CIS with me. Thanks!