dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
747
share rss forum feed


neam

@sbcglobal.net

[Midwest] failing "ShieldsUP" test

I have been probing my internet connection for holes and noticed Ports 135,139, and 445 showed closed instead of stealth when running shields up test from the grc website. I would like for these ports to be "stealth" like they always have been in the past. My router firewall is locked down in stealth mode. Even tried a different router. Tried static and DHCP on my LAN made no difference. I also forwarded these ports to non-existing ip addresses (in static mode) on my lan and it still fails. I've had at&t dsl (dynamic IP) for a long time and my internet connection always came back stealth before. I have not made any changes and use the same equipment that tested stealth before. Can at&t's equipment be responding to these ports? I have called tech support and they say that this issue is beyond their scope.



NetFixer
From my cold dead hands
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

Re: [Midwest] failing "ShieldsUP" test

said by neam :

I have been probing my internet connection for holes and noticed Ports 135,139, and 445 showed closed instead of stealth when running shields up test from the grc website. I would like for these ports to be "stealth" like they always have been in the past. My router firewall is locked down in stealth mode. Even tried a different router. Tried static and DHCP on my LAN made no difference. I also forwarded these ports to non-existing ip addresses (in static mode) on my lan and it still fails. I've had at&t dsl (dynamic IP) for a long time and my internet connection always came back stealth before. I have not made any changes and use the same equipment that tested stealth before. Can at&t's equipment be responding to these ports? I have called tech support and they say that this issue is beyond their scope.

What brand/model of modem and/or router do you use? Can you post detailed information of exactly how they are configured and connected? How is you PC configured and connected? Do you use a VPN or proxy?

There are too many variables for anyone to be able to answer your question. However, I can safely say that I have never run across a residential/soho grade NAT router that had RPC, NBT, and SMB ports exposed to the Internet by default (although a closed port is not really exposing anything since there is no server to respond). My best wild guess (assuming that you did not manually create firewall rules to expose those ports) is that your router has UPnP enabled, and some application or attached device has used that unlocked backdoor entry point to expose those ports.

Post some screen shots of your modem/router/PC firewall config/rules and someone can probably explain the problem to you. If you would like a second opinion on your RPC, NBT, and SMB port status on the Internet, feel free to go to »portscan.dcs-net.net and select the port scan test.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.


neam

@sbcglobal.net

My modem is a 2wire 2701hg-b in bridged mode. It is connected to the WAN side of my Netgear N300 router. UPnP is disabled, no DMZ's, & not running any servers. No port forwarding or port triggering exists. Even tried my trusty Linksys 54g and reconfigured my 2wire back to a modem/router ( set to stealth mode) combo and still fails the test so I don't think it's the routers. When reading up on port 445 it appears it's a windows only port? So, instead of running the test from my Win7 machine I ran it from my Linux box while all other devices on my LAN have been disconnected (wireless turned off) and it still fails on 135,139, & 445. I even ran the test from my IPOD while all other devices have been turned off and same three ports responded. The weird thing now since you had recommended that I go to portscan.dcs-net.net is that their test shows all stealth including ports 135,139,and 445 all come up green/masked like they don't even exist but when I immediately go to GRC it fails. Makes me wonder if GRC has some type of glitch and giving me erroneous readings or their port scan is better? Thanks for your feedback.



Dennis
Premium,Mod
join:2001-01-26
Algonquin, IL
kudos:5
reply to neam

Those are common blocked ports due to security concerns. Has been that way for probably 10 years.



NetFixer
From my cold dead hands
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast
reply to neam

said by neam :

My modem is a 2wire 2701hg-b in bridged mode. It is connected to the WAN side of my Netgear N300 router. UPnP is disabled, no DMZ's, & not running any servers. No port forwarding or port triggering exists. Even tried my trusty Linksys 54g and reconfigured my 2wire back to a modem/router ( set to stealth mode) combo and still fails the test so I don't think it's the routers. When reading up on port 445 it appears it's a windows only port? So, instead of running the test from my Win7 machine I ran it from my Linux box while all other devices on my LAN have been disconnected (wireless turned off) and it still fails on 135,139, & 445. I even ran the test from my IPOD while all other devices have been turned off and same three ports responded. The weird thing now since you had recommended that I go to portscan.dcs-net.net is that their test shows all stealth including ports 135,139,and 445 all come up green/masked like they don't even exist but when I immediately go to GRC it fails. Makes me wonder if GRC has some type of glitch and giving me erroneous readings or their port scan is better? Thanks for your feedback.

The GRC ShieldsUP! test does indeed often produce both false positives and false negatives. That was why I put my portscan site on-line; I patterned it after the defunct Sygate scan site (Symantec shut it down after they assimilated Sygate) because that test was always accurate, and I really missed it when it disappeared. Both the old Sygate site and my portscan site were/are slow for a reason; to make sure that the results are accurate.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.

upb
Premium
join:2004-03-15
Carriere, MS
kudos:1
reply to neam

GRC is going to revise its ShieldsUP test to reflect the new reality that some ISPs actively respond "for you" in the case of ports that they themselves have blocked. That is, grc.com may be sending a tcp SYN packet to one of the ports that you have properly stealthed, but your ISP answers instead of your router, yielding a closed port classification instead of what you were expecting. To reveal that case, Steve Gibson has said that his ShieldsUP is being revised to notice the source IP address of the reply packets, plus some other tests to see if the reply packets didn't really originate from your location.