Dakota_3725
join:2007-01-06
Shady Cove, OR
| Stealth
I am running a modem with firewall, router with firewall, and Zone Alarm, all at once. Would there be any conflict between the 2 hardware firewalls? The reason I ask is that I have gone to a few testing places, grc included, and I show all ports closed but not stealhed. |
|
BlitzenZeus
Burnt Out Cynic
Premium,MVM
join:2000-01-13
Beaverton, OR
 ·Verizon FIOS
 ·Verizon Online DSL
| Stealth is not more secure than a simple tcp/ip rfc compliant closed response, and your fine. You might encounter issues with multiple hardware firewalls as far as port forwarding/upnp/lan setups go, however as long as your not having issues don't worry about it. |
|
Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB | reply to Dakota_3725
»Place your bets - Closed vs Stealthed
Blake |
|
Dakota_3725
join:2007-01-06
Shady Cove, OR | Read through some of that Link Logger, but how do I get it to change to stealth, from closed. I have just about come to my wits end.. |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| There really isn't any need to change to stealth. That's what people are trying to explain.
If you really want to change, then you may need to do this is the firewall settings of your modem or your router (whichever sees the public IP address). Or, if not supported, you would have to replace that modem or router by one that does provide stealth.
But, once again, there really isn't a need to change anything.
--
Never underestimate the ability of a large organization to screw up |
|
garys_2k
join:2004-05-07
Farmington, MI | reply to Dakota_3725
Don't worry so much about what Steve Gibson writes about stealth, it's actually not any big deal for lots of reasons (like, for example, a determined person could STILL tell you're there, even when stealthed). Closed is more than "good enough." |
|
BurntCricket
Gotta Do What Ya Gotta Do
Premium
join:2000-09-02
Here
clubs:
 ·RoadRunner Cable
3 edits | reply to Dakota_3725
Since you have a router unless something from the inside holds the door OPEN you are fine, firewalls simply decide whether this OPEN door is ok.
They can beat on your Public IP# all they want but your Private IP# will NEVER answer.
OPEN: Yeah, I am here what do you want ?
CLOSED: Go Away, Joe is not here !
STEALTH: No answer
Is isn't good to run more than one firewall at a time.
--
There is nothing more valuable than a man whos loyalty can be purchased with cold hard cash. |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
 ·Callcentric
·RoadRunner Cable
·AT&T CallVantage
| reply to Dakota_3725
If your modem with firewall is configured by your ISP and you cannot change it, nothing you can do to stop the modem from responding to PINGs and port scan replies. If you can change it, set the modem/router to not respond to WAN PINGs.
If, after reading the above recommendations, you still feel you need to change it, contact your ISP and convince them to change it for you or let you use the modem with no firewall or routing and set your local router/firewall to not respond to PINGs.
For instructions on how to change settings, see your particular router model's user or reference guide for the router or its firmware.
--
We are what we repeatedly do. Excellence, therefore, is not an act but a habit.
Aristotle |
|
Daniel
Premium,MVM
join:2000-06-26
Pleasanton, CA
clubs:
4 edits | reply to Dakota_3725
One's fascination with "stealth" is inversely proportional to his understanding of TCP/IP -- Steve Friedl
A less succinct, more polite way to say this would be to say that you don't need to worry about closed ports. You should trust us on this; once you learn about how the protocols actually work you'll agree completely. 
Cheers,
--
dmiessler.com -- grep understanding knowledge |
|
Dakota_3725
join:2007-01-06
Shady Cove, OR | Thanks one and all, I appreciate this, I guess I could bridge the modem, but for now I am not going to worry. |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
·Callcentric
·RoadRunner Cable
·AT&T CallVantage
2 edits | reply to Dakota_3725
I agree with Daniel and the others - "stealth" buys only psychological comfort for the typical home or small business user.
I respectfully disagree with BurntCricket  's statement that it is not good to run more than one firewall at a time. It's common practice to have multiple firewalls - Except - don't run multiple software firewalls on the same PC - they often do not play well together, although I've seen ZA coexist nicely with the Windows XP firewall. If you play online games or have other port rules, the configuration may become more complex, so design your network to your ability to administer it.
In OP's case he's using a hardware modem/router/firewall at the network perimeter, a second hardware router/firewall cascaded behind the modem/FW and a software firewall at the PC level that provides application level notification/protection.
Unless OP wishes to segment his network (e.g. a wired from a wireless network) the second router/firewall provides no significant benefit. However, adding the PC level FW provides application protection and prevents automated distribution of malware from an infected PC to others within the LAN.
--
We are what we repeatedly do. Excellence, therefore, is not an act but a habit.
Aristotle |
|
Newbie365
@optonline.net | reply to EGeezer
Please explain why one needs to set a router/firewall to NOT respond to PINGs. Specifically, what is the advantage or disadvantage of being pingable or NOT. Thanks for your reply. |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country! | I answered that in the first sentence of the post above yours. |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to EGeezer
said by EGeezer :. . "stealth" buys only psychological comfort for the typical home or small business user. . . . Well . . . is that so bad?   |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country! | Excellent point - If it feels good, do it! |
|
Newbie365
@optonline.net
| reply to EGeezer
Thanks for your quick reply. So the answer then is that to be pingable or NOT is nothing more than a setting for pshycological comfort. The reason I asked this question was because DSLR requires one's router to be pingable in order to run line quality tests. Thanks again.
|
|
Daniel
Premium,MVM
join:2000-06-26
Pleasanton, CA
clubs:
| reply to Newbie365
said by Newbie365 :
Please explain why one needs to set a router/firewall to NOT respond to PINGs. Specifically, what is the advantage or disadvantage of being pingable or NOT. Virtually nothing, really. It is possible to get *some* information about a host by how they respond to ICMP sometimes, but that information is usually useless except in the rarest of cases. And here's the thing -- if you have to ask whether or not you are one of those cases, you aren't.
In short, anyone who wonders whether or not information disclosure through ICMP is an issue for them does not have to worry. Leave it enabled; it's the way things are supposed to work.
--
dmiessler.com -- grep understanding knowledge |
|
CPM
join:2001-08-24
Miami, FL
| reply to Dakota_3725
Oh,How we love Microsoft. If windows was a car it would be the biggest lemon in the world.
--
»www.forbroadwaytickets.com - »www.Broadwayman.com |
|
DSHIELD
join:2006-05-27
Micmac, NS
| reply to Dakota_3725
Discard PING from WAN side should be disable but if you want to get ping for this test you need to enable that, You can always close it later on.
Or just open your DMZ (Demilitarized Zone) for that private ip address 192.168.0.xxx like always you can close it after test is done.
^^^ is router talk^^^ |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
·Vonage
·AT&T Southeast
 ·Cingular Wireless
·AT&T CallVantage
| reply to CPM
said by CPM :Oh,How we love Microsoft. If windows was a car it would be the biggest lemon in the world. 
Would you be so kind as to explain what your MS bash post has to do with this thread?
--
Outsourcing is not the same as Offshoring!
Test your firewall. | Smell the flowers. |
|
