Router and/or Firewall

Discussion in 'Hardware Discussion & Support' started by Asmodeus, Jan 21, 2005.

  1. Asmodeus

    Asmodeus New Member

    Joined:
    Jan 12, 2005
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    0
    Not sure if this is in the right place or not but anyway.

    I have got a router on my PC and went to Sheilds-UP to test it out.
    Every port came back as stealth if this place can be trusted for testing.

    If these tests are correct is a firewall still needed?

    Here is the test results:

    ----------------------------------------------------------------------

    GRC Port Authority Report created on UTC: 2005-01-21 at 04:33:58

    Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
    1056 Ports Stealth
    ---------------------
    1056 Ports Tested

    ALL PORTS tested were found to be: STEALTH.

    TruStealth: PASSED - ALL tested ports were STEALTH,
    - NO unsolicited packets were received,
    - NO Ping reply (ICMP Echo) was received.

    ----------------------------------------------------------------------

    Your Internet port 139 does not appear to exist!
    One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.

    Unable to connect with NetBIOS to your computer.
    All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

    ----------------------------------------------------------------------

    GRC Port Authority Report created on UTC: 2005-01-21 at 04:39:30

    Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
    119, 135, 139, 143, 389, 443, 445,
    1002, 1024-1030, 1720, 5000

    0 Ports Open
    0 Ports Closed
    26 Ports Stealth
    ---------------------
    26 Ports Tested

    ALL PORTS tested were found to be: STEALTH.

    TruStealth: PASSED - ALL tested ports were STEALTH,
    - NO unsolicited packets were received,
    - NO Ping reply (ICMP Echo) was received.

    ----------------------------------------------------------------------
     
  2. Judas

    Judas Obvious Closet Brony Pony

    Joined:
    May 13, 2002
    Messages:
    39,625
    Likes Received:
    1,491
    Trophy Points:
    138
    looks like your routers doing a pretty good job, Every machine that has some form of firewall i ALWAYS run the sheilds up test.

    Although, to full test your router, i'd suggest disabling windows XP's own Firewall. (be warned, disabling it may allow hackers in IF your routers not up to the task for sure)
     
  3. TwistedMetal

    TwistedMetal MC John-117

    Joined:
    Jul 27, 2003
    Messages:
    728
    Likes Received:
    0
    Trophy Points:
    0
    You should be ok with the router, but you can use both if you want. I just use a router myself.
     
  4. Asmodeus

    Asmodeus New Member

    Joined:
    Jan 12, 2005
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    0
    Windows firewall was disabled during the test.

    i ran another test over at audit my pc and it found one open port TCP 2420 DSL Remote management. I tested every single port there and that was the only one it could detect as open.

    **EDIT** Sheilds UP also found this port open when I force scanned that port since it wasnt in the normal scan of first 1056 ports.
     
    Last edited: Jan 21, 2005
  5. Asmodeus

    Asmodeus New Member

    Joined:
    Jan 12, 2005
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    0
    Just tried running the test again with Look N Stop firewall which is suppose to be #1 and that port (2420) was still open.

    Same when using just windows firewall.

    Is this a port that needs to be open or something?
     
  6. Judas

    Judas Obvious Closet Brony Pony

    Joined:
    May 13, 2002
    Messages:
    39,625
    Likes Received:
    1,491
    Trophy Points:
    138
    i'm not sure, might try doing a Google on that port....
     
  7. Vampyromaniac

    Vampyromaniac confutatis maledictis

    Joined:
    May 15, 2002
    Messages:
    5,974
    Likes Received:
    10
    Trophy Points:
    0
    Look through your router's settings, there might be an option to turn that off, if you wish.
    My guess is it's a port for accessing the router's settings from a remote location.

    Keep in mind when you run those scan tests, you're testing your router, and not your computer.
    I've never found a need for a software firewall, when behind a router already, but that's just me.
    You can use a software firewall if you're worried about possibly evil things installed on your computer communicating over the Internet without your knowledge.
     
  8. Asmodeus

    Asmodeus New Member

    Joined:
    Jan 12, 2005
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    0
    So basically you think I am fine without the firewall even though that port is open? It is the only one. i tested them all and thats the only open port.

    I cant figure out a way to disable it either. I am trying some googling to try and figure out how to deny that port but so far not looking good.
     
  9. Vampyromaniac

    Vampyromaniac confutatis maledictis

    Joined:
    May 15, 2002
    Messages:
    5,974
    Likes Received:
    10
    Trophy Points:
    0
    Look through your router's manual.
    You're probably fine, as long as you have a password set on the router's settings (not the default password.)
    As for a firewall, like I said, "You can use a software firewall if you're worried about possibly evil things installed on your computer communicating over the Internet without your knowledge."
    That's up to you to decide.
     
  10. Asmodeus

    Asmodeus New Member

    Joined:
    Jan 12, 2005
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    0
    That the problem I dont have a manual or anything for it.

    it came with my new ISP and there isnt nothing they provide you for it they just hand it to you. Its a Westel Versalink Gateway and I went to there website and they say the manual is on the disk they provide with the router.

    What I dont understand is why does it still show up even with a firewall installed?

    Here is a link to a page where they discuss it in better terms than I can understand if you care to take a look at it. I couldnt make heads or tails what they were saying.

    http://www.dslreports.com/forum/remark,12337755~mode=flat
     
  11. Vampyromaniac

    Vampyromaniac confutatis maledictis

    Joined:
    May 15, 2002
    Messages:
    5,974
    Likes Received:
    10
    Trophy Points:
    0
    From that link, it looks like it's nothing to worry about.

    Like I said before. When you run a scan test like Shields-Up, it is scanning your router, not your computer. Nothing running on your computer would be touched or have any effect on the test results, unless you are specifically forwarding ports from your router to the PC.
     
  12. pr0digal jenius

    pr0digal jenius Delete Me

    Joined:
    Mar 15, 2004
    Messages:
    14,526
    Likes Received:
    28
    Trophy Points:
    0
    I don't have a single port open all the way through 2500, nor are any "game" ports open (20000-22500) :p
     
  13. Asmodeus

    Asmodeus New Member

    Joined:
    Jan 12, 2005
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    0
    So I guess I am safe to go without the firewall then?

    I hate them things with a passion they seem to cause more headaches than one needs but also dont want the risk of someone getting in.
     
  14. Asmodeus

    Asmodeus New Member

    Joined:
    Jan 12, 2005
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    0
    I only have one and its 2420 :duh: and its really getting on my nerves. [​IMG]
     
  15. pr0digal jenius

    pr0digal jenius Delete Me

    Joined:
    Mar 15, 2004
    Messages:
    14,526
    Likes Received:
    28
    Trophy Points:
    0
    if you have DSL, my guess is that that port is used for PPPoE and you shouldn't bother with it ;)
     
  16. Asmodeus

    Asmodeus New Member

    Joined:
    Jan 12, 2005
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    0
    Yeah I am on Verizon DSL.

    From the way that person said on that forum link I provided as long as remote access isnt enable then there is nothing to worry about.

    I hope he is talking about the remote access feature on Windows because I have that turned off and I dont have anyclue if verizon has there own feature and how it works but I done some poking around the PC and couldnt come up with anything. First thing I did when I got this provided was uninstall there online help deal so maybe that could be it too.
     
  17. Vampyromaniac

    Vampyromaniac confutatis maledictis

    Joined:
    May 15, 2002
    Messages:
    5,974
    Likes Received:
    10
    Trophy Points:
    0
    Well, he had some guy try to connect to it from a remote location, and he couldn't. That's why I said it's probably nothing to worry about.
     
  18. Asmodeus

    Asmodeus New Member

    Joined:
    Jan 12, 2005
    Messages:
    187
    Likes Received:
    0
    Trophy Points:
    0
    Would you trust it without a firewall?
     
  19. Ubergrendle

    Ubergrendle Semper ubi sub ubi

    Joined:
    Nov 24, 2004
    Messages:
    702
    Likes Received:
    2
    Trophy Points:
    0
    drop windows firewall

    Based on where the IT industry has gone, firewalls are pretty much exclusively considered network devices -- they run better on independent hardware, are more secure, and help keep your network topology 'clean'. This is on the enterprise scale.

    I take this thinking to my desktop. A cable/DSL router w/ NAT translation is a much better firewall than any piece of software you can run on your PC. So #1 its more secure. (note: remember to patch your router BIOS regularly)

    #2, if you run software AND hardware based firewall, when you have connectivity problems you'll have to investigate two tiers, not just one. God forbid your problem is a result of an interaction between the two. So running a software firewall ontop of hardware is redundant and confusing. The chances of your software firewall blocking a malicious attack that circumvents your physical router is a very remote possibility.

    #3 Every WinXP sp2 system now has windows firewall. if a hacker had to pick a firewall he wanted to circumvent, he'd pick this product since it will be the most widely distributed and most poorly administered. "Security through obscurity" is not a comprehensive strategy, but it has its benefits from time to time.

    3 reasons not to run Windows firewall.
     
  20. BWX

    BWX get out and ride

    Joined:
    Nov 29, 2002
    Messages:
    19,684
    Likes Received:
    63
    Trophy Points:
    73
    Ditto ^^^ :)

    If you have a router you are set. The only reason t run a software firewall now is for outgoing connection monitoring. I actually don't even run a software firewall for that. I use a program called Currports. It shows all connections. If I think something weird is going on I just look and see.

    http://www.nirsoft.net/


    http://www.nirsoft.net/utils/index.html
    Network Monitoring Tools on that page.

    No need to thank for the link. ;)
     

Share This Page

visited