Comcast XFINITY → [Connectivity] grc shields up shows 3 ports not in stealth mode

Comcast Extreme 105
Make & Model: SMC Networks smcd3gnv
Serial Number# 0026F37B98F0

I am on a mid 2010 MacPro running OS/X 10.8.3. My virus software is Intego VirusBarrier X6. I have Comcast Extreme 105 (running at 114/21 Mbps) and telephone. When I run www.grc.com's ShieldsUP! to test my port security the test fails. 3 ports (23, 80, and 443) show up as closed rather than as stealth. According to Intego this is a hardware issue with the SMC router/gateway. It should not respond.

Comcast support sent me to SMC. SMC has no way of contacting them - they send you to Comcast. 20+ calls. Multiple modem resets. 5+ disconnects and I am nowhere.

did you check the firewall settings in the gateway? and or the port settings?

I tried changing the firewall setting to maximum security. It is unclear whether the setting took as the setting web page hung after I clicked on "Maxium Security". ShieldsUp! still shows the ports as closed. Now I can't connect to the gateway even though my Mac is directly connected to the modem. Tried another browser and the gateway is no longer responding to direct HTTP requests. I did hit the "help" button on the firewall security page before changing the setting, but the resulting web page was useless.

i would think you want to do custom settings, or lower the security on the modem. do you have a router?

It is not unusual for an ISP gateway to respond to an Internet port scan with the ports that are used for remote access being closed instead of stealth. And even though the Comcast cable gateways have a dedicated maintenance IP address, the normal user IP address sometimes needs to be used.

Closed means exactly that; the port scan was not able to get past the closed door. Closed is just as good as stealth for security purposes, and it is nothing to worry about. While I will certainly give Steve Gibson credit for raising the public awareness of computer/network security, his closed vs stealth mania is dead wrong, and causes unnecessary angst for many users who don't really understand why they should be worried (except that Steve Gibson tells them that they should worry). Think about it; do you camouflage your home so that it can't be seen, or do you just lock your doors and windows (and perhaps activate a security system)?

As to why you can no longer connect to your gateway from the LAN after all of the changes you made trying to make the gateway do something it was not designed to do, you will probably need to do a full reset to factory defaults to recover the use of your gateway.

Okay, just thrashed your way around to nowhere. Here is a GRC result of my connection:

----------------------------------------------------------------------
 
GRC Port Authority Report created on UTC: 2013-04-17 at 22:59:49
 
Results from scan of ports: 3469-3489
 
    1 Ports Open
    0 Ports Closed
   20 Ports Stealth
---------------------
   21 Ports Tested
 
NO PORTS were found to be CLOSED.
 
The port found to be OPEN was: 3479
 
Other than what is listed above, all ports are STEALTH.
 
TruStealth: FAILED - NOT all tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - A PING REPLY (ICMP Echo) WAS RECEIVED.
 
----------------------------------------------------------------------
 

Supposedly being pingable is bad; but I can't run a DSLR group monitor if I am not pingable.

The open port is a concern; it means the Pace 4111N-030 RG from my ISP is insecure, dependent on any vulnerability in the firmware. But it has no direct security implications for my LAN, per the 'netstat' command:

C:\util\dig>netstat -aon
 
Active Connections
 
  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:7              0.0.0.0:0              LISTENING       1980
  TCP    0.0.0.0:9              0.0.0.0:0              LISTENING       1980
  TCP    0.0.0.0:13             0.0.0.0:0              LISTENING       1980
  TCP    0.0.0.0:17             0.0.0.0:0              LISTENING       1980
  TCP    0.0.0.0:19             0.0.0.0:0              LISTENING       1980
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       844
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:5357           0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING       524
  TCP    [::]:7                 [::]:0                 LISTENING       1980
  TCP    [::]:9                 [::]:0                 LISTENING       1980
  TCP    [::]:13                [::]:0                 LISTENING       1980
  TCP    [::]:17                [::]:0                 LISTENING       1980
  TCP    [::]:19                [::]:0                 LISTENING       1980
  TCP    [::]:135               [::]:0                 LISTENING       844
  TCP    [::]:445               [::]:0                 LISTENING       4
  TCP    [::]:3587              [::]:0                 LISTENING       3308
  TCP    [::]:5357              [::]:0                 LISTENING       4
  TCP    [::]:49152             [::]:0                 LISTENING       524
  UDP    0.0.0.0:7              *:*                                    1980
  UDP    0.0.0.0:9              *:*                                    1980
  UDP    0.0.0.0:13             *:*                                    1980
  UDP    0.0.0.0:17             *:*                                    1980
  UDP    0.0.0.0:19             *:*                                    1980
  UDP    0.0.0.0:3702           *:*                                    432
  UDP    0.0.0.0:3702           *:*                                    432
  UDP    0.0.0.0:3702           *:*                                    644
  UDP    0.0.0.0:3702           *:*                                    644
  UDP    0.0.0.0:5355           *:*                                    1140
  UDP    0.0.0.0:53154          *:*                                    3868
 

On this computer there is nothing listening on port 3479. None of the ports shown as "Listening" are accessible from the Internet.

The difference between "Open", "Closed", and "Stealth" is in the reaction to probes; "Closed" is just as secure as "Stealth".

As for being "Stealth", I never saw any significant difference between probes to a system showing as "Stealth" and one not showing as "Stealth". Random probes of entire netblocks is common. The only IP addresses of interest to probers are those with open ports.

I don't personally block ICMP pings, but a lot of malware out there will ping first before attempting to attack/infect a host. So I guess from that perspective it'd be worth turning off ping. But it's certainly not a "security" measure directly, only indirectly in deterring the malware that relies on ICMP ping to find a host worth attacking.

*edit* I couldn't resist...

»cdn.memegenerator.net/in ··· 3694.jpg

You are overreacting to a complete non-problem.

20+ phone calls? You have got to be kidding.

After a reboot my SMC Networks smcd3gnv started responding to HTTP requests again. It still fails the ShieldsUp! common ports test.

It is not "failing". The "Closed" port result is by design, and indicates the TCP/IP process is functioning normally.

P.S. What do you get when you run 'netstat -aon' at a command prompt?

ShieldsUp! says that it fails their security test.

The custom security controls for the gateway (no access to local network from internet) are:

Block http (TCP port 40, 443)
Block ICMP
Block Peer-to-peer applications
Block IDENT (port 113)
Disable entire firewall

When I checked "Block http (TCP port 40, 443) both my browser connecting to the gateway and all other internet connection through other devices went down. I had to pull the power and battery to reset it.

netstat -aon is invalid on OS/X (no -o). netstat -an results in 677 lines. Anything particular you are looking for?

Also stealth mode is enabled in OS/X preferences.

A failure to pass the GRC Shields Up! test is just that; failure to pass that test. But that test is not a valid test of your security, it is nothing more than a port test. Interpretation is everything, and closed ports do not represent a security failure.Anything listening on ports 23, 80, and 443. I doubt if you have anything listening.

I have not been "Stealth" for at least a decade, nor have I been attacked.

You are wasting your time. The OP is obviously a Steve Gibson (if it ain't stealth, it ain't secure) groupie.

Ditto to what has been said so far. It is of no significant concern.

If you are still bound and determined to get stealthed, ditch the gateway in favor of a modem, and put in your own router.

-Alan

these ports are use as a government back doors, you can not close them.
This is the only way they can access your computer with out a warrant.

Gee,

On my system they are closed (and stealth, not that it matters)... Besides if the government wants to monitor what you do on the internet there is no need to open ports on your gateway / router. If the feds want to monitor what you do on the internet I am sure there are easier ways.

Gee,

You take things too literally.

Well said.I haven't cared about anything that nutter Steve Gibson said since Spinrite and I will continue to not care (although he did write a decent DNS benchmarking application). His communications are sensational to attract the attention of the kind of people that don't know any better and scare easily.

Stealth, closed or wide open, it won't make an ounce of difference to the bots that are going to hammer away at your ports regardless of their status.

I've always found Gibson's website style to be along the lines of Dr. Suess and his tone to be inflammatory and condescending.

fyi it was sarcasm