Stealth vs Blocked ports

Hello everyone! :slight_smile:
I guess you know that there are three possible states of ports: Open, Closed (I guess it’s the same as Blocked) and Stealth. CIS makes them Stealth and we can check it by grc.com - ShieldsUP! - All Service Ports. I know one guy, he is a developer of one good security software and he claims that his software “does not do nonsense to make ports Stealth - it just Blocks or not Blocks the computer ports”. I know that he is a very qualified person but from policies of Comodo and grc.com it follows that the ports should be Stealth. So who knows what is better - Stealth or Blocked unused ports? I’m sorry if I wrote something wrong here - in this case you are welcome to correct me.

Cheers! :slight_smile:

stealth as silence is sometimes also an answer in the internet.
you are “perfectly” disguised only, as long as the station before you tells to the requester, “theres nothing behind me that fits your request”.

this means, dont get nervous if you have just blocked ports. and dont get too happy by having them stealthed :smiley:
blocked as minimum instance is important. and your computer should not respond to icmp requests also.

Stealth isn’t actually a possible state for a port.

Stealth is non-standard TCP/IP behavior. Contrary to what Steve Gibson would like you to think, (I believe he’s the one that made up the term ‘stealth’ in regards to ports scans) stealthing your ports doesn’t make you invisible, and can in fact point out that there is a live machine at that address. :o

Standard TCP/IP protocols allow for a range of responses to a port probe. However, some form of response is expected! Not hearing anything back from a probe is a definite indicator that someone is home and has a firewall interfering with the port scan. So much for being invisible…

Having a port reported as closed is just fine, and you are no less secure than if they report stealth.

Personally i beleive way to much faith is put on software firewalls. The only way for home user to be fully protected is a good router that has NAT and statefull inspection set on plus a good hardware firewall set to the highest secuirty level.

BTW - when connecting to one of these test sites when connected through a router, all the site is testing is your router security.

at donz
routers, well…

and what is the problem with computer firewalls? do you have an example of how, lets say comodo, can be bypassed on the firewall level in direction IN? because this direction would be protected by a router. to have a relation.

for direction out, you should have a software firewall, you should make a setting where you CAN put faith in. and as allways you should not test your luck too much by installing “wrong things”. because one day there might be a trick who manages to phone out. (wait, is comodo default still “allow outgoing all applications”?)
dont use default settings in routers and softwarefirewalls! i would say, before the programs and equipments “say”, is working now, they should lead the user through the necessary settings first.

This would only be true if the attacker knows that the IP address is connected to the web. If there is no prior knowledge then no reply means there is no internet connection at the moment of probing. there is apparently no connection or it is stealthed.

Edit: set some my sloppy reasoning straight

Yes.

Please check my edited reply. That was very sloppy … :stuck_out_tongue:

so, Steve Gibson is right for “random” probing?
but if the attacker allready know an ip, he assumes to find a computer anyway. in this cases “blocked” is important.

$0.02

I prefer the dropping silently (stealthing) rather than responding technique under all scenarios.

Bad