caprichoso Premium Member join:2009-07-24 Menlo Park, CA |
[Connectivity] grc shields up shows 3 ports not in stealth modeComcast Extreme 105 Make & Model: SMC Networks smcd3gnv Serial Number# 0026F37B98F0
I am on a mid 2010 MacPro running OS/X 10.8.3. My virus software is Intego VirusBarrier X6. I have Comcast Extreme 105 (running at 114/21 Mbps) and telephone. When I run www.grc.com's ShieldsUP! to test my port security the test fails. 3 ports (23, 80, and 443) show up as closed rather than as stealth. According to Intego this is a hardware issue with the SMC router/gateway. It should not respond.
Comcast support sent me to SMC. SMC has no way of contacting them - they send you to Comcast. 20+ calls. Multiple modem resets. 5+ disconnects and I am nowhere. |
|
gar187erI DID this for a living join:2006-06-24 Seattle, WA |
Re: [Connectivity] grc shields up shows 3 ports not in stealth mdid you check the firewall settings in the gateway? and or the port settings? |
|
|
caprichoso Premium Member join:2009-07-24 Menlo Park, CA |
I tried changing the firewall setting to maximum security. It is unclear whether the setting took as the setting web page hung after I clicked on "Maxium Security". ShieldsUp! still shows the ports as closed. Now I can't connect to the gateway even though my Mac is directly connected to the modem. Tried another browser and the gateway is no longer responding to direct HTTP requests. I did hit the "help" button on the firewall security page before changing the setting, but the resulting web page was useless. |
|
gar187erI DID this for a living join:2006-06-24 Seattle, WA |
to caprichoso
i would think you want to do custom settings, or lower the security on the modem. do you have a router? |
|
NetFixerFrom My Cold Dead Hands Premium Member join:2004-06-24 The Boro Netgear CM500 Pace 5268AC TRENDnet TEW-829DRU
2 recommendations |
to caprichoso
said by caprichoso:Comcast Extreme 105 Make & Model: SMC Networks smcd3gnv Serial Number# 0026F37B98F0
I am on a mid 2010 MacPro running OS/X 10.8.3. My virus software is Intego VirusBarrier X6. I have Comcast Extreme 105 (running at 114/21 Mbps) and telephone. When I run www.grc.com's ShieldsUP! to test my port security the test fails. 3 ports (23, 80, and 443) show up as closed rather than as stealth. According to Intego this is a hardware issue with the SMC router/gateway. It should not respond.
Comcast support sent me to SMC. SMC has no way of contacting them - they send you to Comcast. 20+ calls. Multiple modem resets. 5+ disconnects and I am nowhere. It is not unusual for an ISP gateway to respond to an Internet port scan with the ports that are used for remote access being closed instead of stealth. And even though the Comcast cable gateways have a dedicated maintenance IP address, the normal user IP address sometimes needs to be used. Closed means exactly that; the port scan was not able to get past the closed door. Closed is just as good as stealth for security purposes, and it is nothing to worry about. While I will certainly give Steve Gibson credit for raising the public awareness of computer/network security, his closed vs stealth mania is dead wrong, and causes unnecessary angst for many users who don't really understand why they should be worried (except that Steve Gibson tells them that they should worry). Think about it; do you camouflage your home so that it can't be seen, or do you just lock your doors and windows (and perhaps activate a security system)? As to why you can no longer connect to your gateway from the LAN after all of the changes you made trying to make the gateway do something it was not designed to do, you will probably need to do a full reset to factory defaults to recover the use of your gateway. |
|
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
|
to caprichoso
Okay, just thrashed your way around to nowhere. Here is a GRC result of my connection: ----------------------------------------------------------------------
GRC Port Authority Report created on UTC: 2013-04-17 at 22:59:49
Results from scan of ports: 3469-3489
1 Ports Open
0 Ports Closed
20 Ports Stealth
---------------------
21 Ports Tested
NO PORTS were found to be CLOSED.
The port found to be OPEN was: 3479
Other than what is listed above, all ports are STEALTH.
TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.
----------------------------------------------------------------------
Supposedly being pingable is bad; but I can't run a DSLR group monitor if I am not pingable. The open port is a concern; it means the Pace 4111N-030 RG from my ISP is insecure, dependent on any vulnerability in the firmware. But it has no direct security implications for my LAN, per the 'netstat' command: C:\util\dig>netstat -aon
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:7 0.0.0.0:0 LISTENING 1980
TCP 0.0.0.0:9 0.0.0.0:0 LISTENING 1980
TCP 0.0.0.0:13 0.0.0.0:0 LISTENING 1980
TCP 0.0.0.0:17 0.0.0.0:0 LISTENING 1980
TCP 0.0.0.0:19 0.0.0.0:0 LISTENING 1980
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 844
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 524
TCP [::]:7 [::]:0 LISTENING 1980
TCP [::]:9 [::]:0 LISTENING 1980
TCP [::]:13 [::]:0 LISTENING 1980
TCP [::]:17 [::]:0 LISTENING 1980
TCP [::]:19 [::]:0 LISTENING 1980
TCP [::]:135 [::]:0 LISTENING 844
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:3587 [::]:0 LISTENING 3308
TCP [::]:5357 [::]:0 LISTENING 4
TCP [::]:49152 [::]:0 LISTENING 524
UDP 0.0.0.0:7 *:* 1980
UDP 0.0.0.0:9 *:* 1980
UDP 0.0.0.0:13 *:* 1980
UDP 0.0.0.0:17 *:* 1980
UDP 0.0.0.0:19 *:* 1980
UDP 0.0.0.0:3702 *:* 432
UDP 0.0.0.0:3702 *:* 432
UDP 0.0.0.0:3702 *:* 644
UDP 0.0.0.0:3702 *:* 644
UDP 0.0.0.0:5355 *:* 1140
UDP 0.0.0.0:53154 *:* 3868
On this computer there is nothing listening on port 3479. None of the ports shown as "Listening" are accessible from the Internet. The difference between "Open", "Closed", and "Stealth" is in the reaction to probes; "Closed" is just as secure as "Stealth". As for being "Stealth", I never saw any significant difference between probes to a system showing as "Stealth" and one not showing as "Stealth". Random probes of entire netblocks is common. The only IP addresses of interest to probers are those with open ports. |
|
pflogBueller? Bueller? MVM join:2001-09-01 El Dorado Hills, CA 1 edit |
pflog
MVM
2013-Apr-17 7:24 pm
I don't personally block ICMP pings, but a lot of malware out there will ping first before attempting to attack/infect a host. So I guess from that perspective it'd be worth turning off ping. But it's certainly not a "security" measure directly, only indirectly in deterring the malware that relies on ICMP ping to find a host worth attacking. *edit* I couldn't resist... » cdn.memegenerator.net/in ··· 3694.jpg |
|
graysonf MVM join:1999-07-16 Fort Lauderdale, FL |
to caprichoso
You are overreacting to a complete non-problem.
20+ phone calls? You have got to be kidding. |
|
caprichoso Premium Member join:2009-07-24 Menlo Park, CA |
After a reboot my SMC Networks smcd3gnv started responding to HTTP requests again. It still fails the ShieldsUp! common ports test. |
|
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
|
said by caprichoso:After a reboot my SMC Networks smcd3gnv started responding to HTTP requests again. It still fails the ShieldsUp! common ports test. It is not "failing". The "Closed" port result is by design, and indicates the TCP/IP process is functioning normally. P.S. What do you get when you run 'netstat -aon' at a command prompt? |
|
caprichoso Premium Member join:2009-07-24 Menlo Park, CA |
ShieldsUp! says that it fails their security test.
The custom security controls for the gateway (no access to local network from internet) are:
Block http (TCP port 40, 443) Block ICMP Block Peer-to-peer applications Block IDENT (port 113) Disable entire firewall
When I checked "Block http (TCP port 40, 443) both my browser connecting to the gateway and all other internet connection through other devices went down. I had to pull the power and battery to reset it.
netstat -aon is invalid on OS/X (no -o). netstat -an results in 677 lines. Anything particular you are looking for?
Also stealth mode is enabled in OS/X preferences. |
|
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
|
said by caprichoso:ShieldsUp! says that it fails their security test. A failure to pass the GRC Shields Up! test is just that; failure to pass that test. But that test is not a valid test of your security, it is nothing more than a port test. Interpretation is everything, and closed ports do not represent a security failure. netstat -aon is invalid on OS/X (no -o). netstat -an results in 677 lines. Anything particular you are looking for? Anything listening on ports 23, 80, and 443. I doubt if you have anything listening. I have not been "Stealth" for at least a decade, nor have I been attacked. |
|
NetFixerFrom My Cold Dead Hands Premium Member join:2004-06-24 The Boro Netgear CM500 Pace 5268AC TRENDnet TEW-829DRU
|
NetFixer
Premium Member
2013-Apr-17 11:30 pm
said by NormanS:said by caprichoso:ShieldsUp! says that it fails their security test. A failure to pass the GRC Shields Up! test is just that; failure to pass that test. But that test is not a valid test of your security, it is nothing more than a port test. Interpretation is everything, and closed ports do not represent a security failure. You are wasting your time. The OP is obviously a Steve Gibson (if it ain't stealth, it ain't secure) groupie. |
|
|
Ditto to what has been said so far. It is of no significant concern.
If you are still bound and determined to get stealthed, ditch the gateway in favor of a modem, and put in your own router.
-Alan |
|
Anonymous_Anonymous Premium Member join:2004-06-21 127.0.0.1 |
to caprichoso
these ports are use as a government back doors, you can not close them. This is the only way they can access your computer with out a warrant. |
|
|
Gee,
On my system they are closed (and stealth, not that it matters)... Besides if the government wants to monitor what you do on the internet there is no need to open ports on your gateway / router. If the feds want to monitor what you do on the internet I am sure there are easier ways. |
|
graysonf MVM join:1999-07-16 Fort Lauderdale, FL |
Gee,
You take things too literally. |
|
1 recommendation |
to NormanS
said by NormanS:A failure to pass the GRC Shields Up! test is just that; failure to pass that test. But that test is not a valid test of your security, it is nothing more than a port test. Interpretation is everything, and closed ports do not represent a security failure. Well said. said by NormanS:I have not been "Stealth" for at least a decade, nor have I been attacked. I haven't cared about anything that nutter Steve Gibson said since Spinrite and I will continue to not care (although he did write a decent DNS benchmarking application). His communications are sensational to attract the attention of the kind of people that don't know any better and scare easily. Stealth, closed or wide open, it won't make an ounce of difference to the bots that are going to hammer away at your ports regardless of their status. |
|
graysonf MVM join:1999-07-16 Fort Lauderdale, FL |
I've always found Gibson's website style to be along the lines of Dr. Suess and his tone to be inflammatory and condescending. |
|
Anonymous_Anonymous Premium Member join:2004-06-21 127.0.0.1 |
to luckmann
said by luckmann:Gee,
On my system they are closed (and stealth, not that it matters)... Besides if the government wants to monitor what you do on the internet there is no need to open ports on your gateway / router. If the feds want to monitor what you do on the internet I am sure there are easier ways. fyi it was sarcasm |
|