Protocol analysis disabled - ports unstealthed.

OK, using emule there is an issue with protocol analysis blocking lots of connections, however, once it is disabled, ports 1 & 0 are not being stealthed but show as closed.

I started a mind boggling process of trying to figure out what was the cause of this, logic would have you think, OK just create a network rule blocking those ports - block incoming TCP/UDP on destination 1,0 … not working still closed not stealthed, i thought OK, then it must be some app rules allowing it, did the same rule for all apps, allow except for ports 1,0 … not working, OK i thought ill start fresh, clean install, nothing but svchost system and IE, still not stealthed, then by a pure mistake i blocked OUTGOING instead of incoming, low and behold, ports stealthed, now i just changed the default allow TCP/UDP out rules to exclude local ports 1,0.

But here is what i completely don’t get, why if i wanted to block calls initiated by a remote machine i needed an outgoing rule? only conclusion is that CPF is leaking those ports somehow, any ideas???

Still baffled b\y this, i ran many many scans during the last few days, using nmat-online, superscan, pc flank and grc, and of curse security-spcae, I am completely stealthed once i blocked OUTGOING ports 0 & 1. However i still don’t get why outgoing ports block incoming traffic.

There is no difference between closed and stealthed. Both show an 87% chance of a hacker moving on to find someone with open ports.

It’s essentially a scam started long ago by a firewall company to try and see how many extra bucks he could make, and other Firewall Vendors had to adopt the gimmick or risk losing business. Do not worry if they’re only closed and not stealthed, just make sure that they’re not open.

I understand your logic, why an intruder would rather go for an exposed system of which i am sure there are plenty, to waist time hacking a more protected machine, after all no state secrets here (minus my soup recipes lol).

Never the less that behavior where all ports are stealthed by these two, and why as opposed to common logic blocking them from incoming traffic means blocking outgoing one, is just intriguing to me -simply i don’t get it.

As a foot note, can you point me to some info regarding your remarks about the myth of stealthed ports, interesting to learn more on this.