Stealth ports - yes or not?

I don’t know if this is the right place for this topic or it’d better to place it in the Firewall help…
What do you think about this statement?

interesting, hope someone with knowledge on this topic will make some comments :slight_smile:

and if the article is true.
would it to possible for comodo to do so we can stealth and give back the message “host unreachable” instead of just dropping echo request?
(i assume comodo just drop the echo request too, as it is now)

Interesting. I’ve lived under the impression that it’s the exact opposite from what the article claims… (“stealth” being the same as nothing there).

I see stealth as equal to closed in regards to security, not better nor worse, at least they aren’t open. :wink:

Well, if a hacker knows what to do, I guess he can take control of your PC even if your ports are close.
Stealth is a way to hide your PC so that a hacker thinks that there’s nothing connected on the other side.
I agree with Lasse88, it would be good if Comodo can implement a stealth ports system that can

I have always checked my stealth ports status on Shieldsup! website GRC | ShieldsUP! — Internet Vulnerability Profiling  , but recently I noticed something:

[i]Adaptive IDENT Stealthing Experimentation

The IDENT protocol’s port 113 is quite problematical and tricky to stealth. If the user’s port 113 is completely stealthed, connections to some remote Internet servers such as eMail, Internet Relay Chat (IRC), and others, may be delayed or denied altogether. For this reason, many NAT routers and personal firewalls do not attempt to stealth port 113, they settle for leaving it closed. One of the first things that caught my eye about the ZoneAlarm personal firewall was that it was clever about handling port 113: It “adaptively stealthed” the port.

To understand the following discussion, you should familiarize yourself with the details of the IDENT protocol and port 113. Please read port 113’s Port Authority database page before proceeding.

Even after many years, the (free) ZoneAlarm personal firewall from Zone Labs is the only personal firewall to “adaptively” stealth port 113. Unlike any other firewall or NAT router (any of which could also do the same) this allows port 113 to be stealthed to any passing Internet scanners or probes, but “unstealthed” for any valid IDENT connection attempts originating from remote servers with which the user’s computer is attempting to connect. (Since this could easily be done by any personal firewall or even NAT routers, I am hopeful that this feature might yet appear in other products.)

“Adaptive Stealthing” means that when a TCP SYN packet arrives to request a connection to your machine’s port 113, ZoneAlarm checks, on the fly, to see whether your machine currently has any sort of “relationship” with the remote machine (such as a pending outgoing connection attempt). If so, the remote machine is considered to be “friendly” and its IDENT request packet is allowed to pass through ZoneAlarm’s firewall. But if the IDENT originating machine is not known to ZoneAlarm as a “friendly” machine, the connection requesting packet is dropped and discarded, rendering port 113 stealth to all unknown port scanners. It’s very slick.

IDENT, ZoneAlarm, and ShieldsUP!

Even though your computer’s web browser already has a relationship with the web server at GRC, our tests originate from a different “foreign” IP address. ZoneAlarm therefore drops incoming packets to port 113 from this different probing IP address and ZoneAlarm users see that port 113 is stealthed to passing Internet scans.

To demonstrate how ZoneAlarm (and perhaps someday other firewalls or NAT routers) selectively “unstealth” port 113 — but only for known “friendly” machines — we simply initiate a connection from your web browser to the ShieldsUP! scanning IP. Even though the connection attempt will ultimately fail (since there’s no web server at the probing address), ZoneAlarm will note the outgoing attempt and will unstealth port 113 for subsequent probes.

Step One: Verify that our scan currently show port 113 stealthed. (You may wish to use one of the other remote port tests which will be faster than an entire 1056-port grid scan.)

Step Two: Open a secondary web browser window to initiate a connection to the probing IP. (Users of Microsoft Internet Explorer can press Ctrl-N to “clone” their current browser window.)

Step Three: In the secondary web browser window, click this URL or enter this address:
This second connection attempt will ultimately fail, but ZoneAlarm will notice the effort, which is all that’s necessary.

Step Four: Finally, refresh the port probe window or repeat the scan to check your system’s current port status. You should find that port 113 is no longer “stealth” to the probing IP address because you are attempting to connect to it and it has been determined to be “friendly”.

Step Five: If you’re curious, stop and close the secondary web browser window and periodically refresh your port probe window to see how long the “friendly” status persists before Zone Alarm returns the probing IP to unknown status and port 113 to full stealth.[/i]

I did this at home (Windows 10 Pro with CIS 8 last release) and it actually failed this “friendly” status check.
The result from ShieldsUP! was still full stealth ports, but I got this remark:

[i]Solicited TCP Packets: PASSED — No TCP packets were received from your system as a direct result of our attempts to elicit some response from any of the ports listed below — they are all either fully stealthed or blocked by your ISP. However . . .

Unsolicited Packets: RECEIVED (FAILED) — Your system’s personal security countermeasures unwisely attempted to probe us in response to our probes. While some users believe that “tracking down” the source of Internet probes is useful, experience indicates that there is little to gain and potentially much to lose. The wisest course of action is to simulate nonexistence — which your system has failed to do. Your counter-probes immediately reveal your system’s presence and location on the Internet.

Ping Echo: PASSED — Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests) from our server.[/i]