• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Re: Stealth Blocked Ports Firewall Setting

Hi :-)

I'm confused by the Stealth Blocked Ports firewall setting. When it's on are all ports supposed to be: 1) stealthed or 2) are all ports supposed to be steathled or blocked?

Replies

Kudos0

Re: Re: Stealth Blocked Ports Firewall Setting

Hi, Let me explain this : Ports> The ports are communication destinations or sources at server and client. Without opening a port, communicating is not possible.. . . . . . . . . . . . . . . . . . . . . . Blocked ports> The blocked ports are the ports which are prevented from communication. But blocking a port will prevent only datatraffic, not hide it from outside world. Its like a locked down door. Even if a port is blocked, a port scan can identify whether the target system is active on network due to the working of TCP & UDP protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Stealth ports> These are the ports which are either blocked or open, but cannot be detected by a port scan. Its like a camouflaged locked door. This is because, when a port is stealthed, the system will not respond or firewall will drop the response packets from system for the connection or scan attempt. Thus it makes impossible to detect a system via port scanning.... Hope it clears your doubt.....
regards, CV | There is no ONE TOUCH KEY to security . Be alert and vigilant. . | Always have a Backup Plan!
Kudos0

Re: Re: Stealth Blocked Ports Firewall Setting

Thanks Nikhil_CV for your response.

Well I understand all that. It's just that I thought Norton's Firewall Stealths all ports which it doesn't. Most ports are stealthed but many are only blocked but not stealthed.

Given what you explained, the help section for Stealth Blocked Ports is confusing to me. It says:

"When you turn on Stealth Blocked Ports, your Norton product hides the status of your computer ports from the other computers. In this state, the firewall does not respond to the port scanner on the other computers. The unused and blocked ports on your computer do not respond to any inquiries from the network when Stealth Blocked Ports is enabled."

This would seem to imply that all ports are stealthed by the NS Firewall, including blocked ports. But as I said. Many of my ports are only blocked and not Stealthed.

Is this how it's intended to be?

Kudos1 Stats

Re: Re: Stealth Blocked Ports Firewall Setting

Not all ports can be blocked or stealthed at all times. There are certain ports which need to be open or be in blocked state. Can you pinpoint some of ports which are blocked but not stealthed in your machine? I havent explained based on the product Norton Security, but is more of general sense. A better understanding from reading the kb articles of Norton is that its explaining general scientific and technical terms either in their way or just as its defined. The below are some links of interest : http://security.stackexchange.com/questions/24462/if-a-port-is-closed-ho... and http://www.dslreports.com/forum/r28769512-ports-not-stealth
regards, CV | There is no ONE TOUCH KEY to security . Be alert and vigilant. . | Always have a Backup Plan!
Kudos0

Re: Re: Stealth Blocked Ports Firewall Setting

The following ports are blocked but not stealthed":

0, 1, 2, 3, 4, 5, 6, 7, 8, 22, 23, 24, 26, 27, 28, 29, 30, 31, 55, 56, 57, 58, 59, 60, 61, 62, 63, 87, 88, 89, 90, 91, 92, 93, 94, 95, 119, 120, 121, 122, 123, 124, 125, 126, 127, 151, 152, 153, 154, 155, 156, 157, 158, 159, 183, 184, 185, 186, 187, 188, 189, 190, 191, 215, 216, 217, 218, 219, 220, 221, 222, 223, 247, 248, 249, 250, 251, 252, 253, 254, 255, 279, 280, 281, 282, 283, 284, 285, 286, 287, 311, 312, 313, 314, 315, 316, 317, 318, 319, 343, 344, 345, 346, 347, 348, 349, 350, 351, 375, 376, 377, 378, 379, 380, 381, 382, 383, 407, 408, 409, 410, 411, 412, 413, 414, 415, 438, 439, 440, 441, 442, 443, 444, 446, 447, 471, 472, 473, 474, 475, 476, 477, 478, 479, 503, 504, 505, 506, 507, 508, 509, 510, 511, 535, 536, 537, 538, 539, 540, 541, 542, 543, 567, 568, 569, 570, 571, 572, 573, 574, 575, 599, 600, 601, 602, 603, 604, 605, 606, 607, 631, 632, 633, 634, 635, 636, 637, 638, 639, 663, 664, 665, 666, 667, 668, 669, 670, 671, 695, 696, 697, 698, 699, 700, 701, 702, 703, 727, 728, 729, 730, 731, 732, 733, 734, 735, 759, 760, 761, 762, 763, 764, 765, 766, 767, 791, 792, 793, 794, 795, 796, 797, 798, 799, 823, 824, 825, 826, 827, 828, 829, 830, 831, 855, 856, 857, 858, 859, 860, 861, 862, 863, 887, 888, 889, 890, 891, 892, 893, 894, 895, 919, 920, 921, 922, 923, 924, 925, 926, 927, 951, 952, 953, 954, 955, 956, 957, 958, 959, 983, 984, 985, 986, 987, 988, 989, 990, 991, 1015, 1016, 1017, 1018, 1019, 1020, 1021, 1022, 1023

Kudos0

Re: Re: Stealth Blocked Ports Firewall Setting

OK: This is my third attempt at posting this info. Last attempt was made about two hours ago.

The ports that the NS Firewall is blocking but not stealthing are ports #:

0, 1, 2, 3, 4, 5, 6, 7, 8, 22, 23, 24, 26, 27, 28, 29, 30, 31, 55, 56, 57, 58, 59, 60, 61, 62, 63, 87, 88, 89, 90, 91, 92, 93, 94, 95, 119, 120, 121, 122, 123, 124, 125, 126, 127, 151, 152, 153, 154, 155, 156, 157, 158, 159, 183, 184, 185, 186, 187, 188, 189, 190, 191, 215, 216, 217, 218, 219, 220, 221, 222, 223, 247, 248, 249, 250, 251, 252, 253, 254, 255, 279, 280, 281, 282, 283, 284, 285, 286, 287, 311, 312, 313, 314, 315, 316, 317, 318, 319, 343, 344, 345, 346, 347, 348, 349, 350, 351, 375, 376, 377, 378, 379, 380, 381, 382, 383, 407, 408, 409, 410, 411, 412, 413, 414, 415, 438, 439, 440, 441, 442, 443, 444, 446, 447, 471, 472, 473, 474, 475, 476, 477, 478, 479, 503, 504, 505, 506, 507, 508, 509, 510, 511, 535, 536, 537, 538, 539, 540, 541, 542, 543, 567, 568, 569, 570, 571, 572, 573, 574, 575, 599, 600, 601, 602, 603, 604, 605, 606, 607, 631, 632, 633, 634, 635, 636, 637, 638, 639, 663, 664, 665, 666, 667, 668, 669, 670, 671, 695, 696, 697, 698, 699, 700, 701, 702, 703, 727, 728, 729, 730, 731, 732, 733, 734, 735, 759, 760, 761, 762, 763, 764, 765, 766, 767, 791, 792, 793, 794, 795, 796, 797, 798, 799, 823, 824, 825, 826, 827, 828, 829, 830, 831, 855, 856, 857, 858, 859, 860, 861, 862, 863, 887, 888, 889, 890, 891, 892, 893, 894, 895, 919, 920, 921, 922, 923, 924, 925, 926, 927, 951, 952, 953, 954, 955, 956, 957, 958, 959, 983, 984, 985, 986, 987, 988, 989, 990, 991, 1015, 1016, 1017, 1018, 1019, 1020, 1021, 1022, 1023

Kudos0

Re: Re: Stealth Blocked Ports Firewall Setting

Thanks for reply. Please note that there was a transfer to new software recently and forum is settling down, thus your posts may take a while to appear, especially if it contains hyperlinks/urls. The ports 0 to 1023 fall under well known ports category. These ports are assigned to some specific purposes and applications. Visit the wiki article http://en.m.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers . . . . . . . . . . . . . . . . . . . . . . . That said, even if the port appears to be blocked, only by scanning the system from outside will help you know which posts are blocked / stealth / open / close. A lot of online and offline tools are available for this suppose. But inorder to scan your firewall protection, you must be directly connected to internet, not via a router or NAT router.
regards, CV | There is no ONE TOUCH KEY to security . Be alert and vigilant. . | Always have a Backup Plan!
Kudos0

Re: Re: Stealth Blocked Ports Firewall Setting

Hi Nikhil:

I did my scan with Shields Up -Gibson research - I use no router - direct connection.

Frankly I do not care if my ports are blocked or stealed.

All I want to know is if this is the way the NS Firewall is intended to work. Haven't checked my ports with NIS 2014 installed in a long time, but if I recall correctly the NIS Firewall stealthed all ports. The help section on the Stealth Blocked Ports control seems to imply that turning it on will stealth all ports, including blocked ones.

"Smart Firewall settings provide the Stealth Blocked Ports option to protect your computer against attackers who scan your computer for any free ports to gain access to your computer.

When you turn on Stealth Blocked Ports, your Norton product hides the status of your computer ports from the other computers. In this state, the firewall does not respond to the port scanner on the other computers. The unused and blocked ports on your computer do not respond to any inquiries from the network when Stealth Blocked Ports is enabled."

So I am asking if these unstealthed ports is the way NS is supposed to work or is there a bug in the program that is preventing it from doing so.

Kudos0

Re: Re: Stealth Blocked Ports Firewall Setting

Hello hok,

Have you chosen your network as 'Public' since you have a direct internet connection?

Kudos0

Re: Re: Stealth Blocked Ports Firewall Setting

Hi mohankumar :-)

My setting is on "private", which I assume is the default setting since I never touched it.

Kudos0

Re: Re: Stealth Blocked Ports Firewall Setting

Why is this the slowest, snail's pace, forum I have ever experienced?

2nd attempt: My Network is set to "private", which I assume is the default setting since I have never touched it.

Kudos0

Re: Re: Stealth Blocked Ports Firewall Setting

Hi,

Thanks for your time, comments and contributions. Norton firewall is expected to stealth the Blocked ports. We are actively investigating into the mentioned report.  

-Mani G

Kudos0

Re: Re: Stealth Blocked Ports Firewall Setting

Hok,

The private setting, according to NS manual is to be used when pc has no public address, pc acquires public IP address while connecting to the internet and when pc connects through a secure network, wired or wireless.

Since I think you mentionned that you have no router, the recommended setting for you is "Public" traffic is still monitored and protected

See if this helps, if you change it reboot also your pc & post back here...

Cheers,

Kudos0

Re: Re: Stealth Blocked Ports Firewall Setting

Hi Hok,

Very interesting find... (and I wish now that I had done the Gibson test prior to reverting my test system back to NIS...)

Couple of questions:

Firstly - Could you elaborate a little more about the nature of your Internet connection - is it some sort of Broadband, i.e. DSL, Cable, FIOS, etc., or is it Dialup?

Secondly - Can we assume that this issue only started after you installed the NS product, and that prior to that the Gibson port scan test was passing all okay?

Kind regards,

John

Kudos2 Stats

Re: Re: Stealth Blocked Ports Firewall Setting

It would help to know the make and model of the modem you are using to connect to the internet.  Many of them incorporate NAT, which would give the kind of results you are seeing.
 

Kudos2 Stats

Re: Re: Stealth Blocked Ports Firewall Setting

I tried posting a couple hours ago but got an error,

I agree with SendOfJive, please open a command prompt and type: ipconfig /all

Look for the IP address of the network adapter being used, if the first numbers are one of the following then your modem is causing it.  192, 169, 172, or 10

Dave

Kudos0

Re: Re: Stealth Blocked Ports Firewall Setting

Dave:

‎ Modem config address begins with 192

Kudos0

Re: Re: Stealth Blocked Ports Firewall Setting

I am using a direct cable connection to a the newest (as of 5 months ago) Motorola SB6141.

The best I recall with NIS everything was stealthed -- while I'd prefer full stealth, I really don't care if they are stealthed or blocked as long as they are one or the other. Lots of excellent firewalls (Kaspersky, Latest firewall in Emisoft IS 9 on a private network-based on the best stand-alone Online Armor fw) are not fully stealthed and many say that full stealth is just a marketing gimmick.

Kudos0

Re: Re: Stealth Blocked Ports Firewall Setting

This is the craziest board to post on :-) Posts disappear-takes forever to post sometimes

It's a Motorola SB6141 - it's config address begins with 192.

Kudos0

Re: Re: Stealth Blocked Ports Firewall Setting

If you are having a private address like the 192.168.xxx.xxx then you're on a private network, channeled to internet via a NAT router and not directly connected to internet. Thus scans from gibson etal. can see only your public facing IP, and can scan only the firewall or security protection on the modem. One easy method to find which is your IP address on the network adapter connected to modem/internet is look into your recent history of NS/NIS, where you will see the IPv4/IPv6 address of the adapter. Usually it will be with a log message similar to 'Protecting you ...' If that has IP address staring with numbers otherthan 192.168.xxx.xxx or 10.xxx.xxx.xxx or 172.16.0.0 - 172.31.255.255. Motorola SB6141 cable modem, does it have a real firewall or similar protection? I couldnt find a correct feature spec telling about it. (sorry, i lost track of this thread for sometime :()
regards, CV | There is no ONE TOUCH KEY to security . Be alert and vigilant. . | Always have a Backup Plan!
Accepted Solution
Kudos1 Stats

Re: Re: Stealth Blocked Ports Firewall Setting

Hok et al

Thanks for your time and Appreciate your quality inputs. It would be great if you can retest and report your observations after pulling down the latest updates. 

- Mani Gurunathan.

Kudos1 Stats

Re: Re: Stealth Blocked Ports Firewall Setting

All ports full stealth :-)

Kudos0

Re: Re: Stealth Blocked Ports Firewall Setting

Hok,

Thanks. We appreciate testers like you  who report problems and genuinely provide enough information to fix it. Appreciate it.

-Mani G. 

This thread is closed from further comment. Please visit the forum to start a new thread.