https


Port Authority – ShieldsUP!! and NanoProbe Enhancements
 by Steve Gibson,  Gibson Research Corporation.

Internet Port Status Definitions


Stealth

A "Stealth" port is one that completely ignores and simply "drops" any incoming packets without telling the sender whether the port is "Open" or "Closed" for business. When all of your system's ports are stealth (and assuming that your personal firewall security system doesn't make the mistake of "counter-probing" the prober), your system will be completely opaque and invisible to the random scans which continually sweep through the Internet.

Even if this machine had previously been scanned and logged by a would-be intruder, a methodical return to this IP address will lead any attacker to believe that your machine is turned off, disconnected, or no longer exists. You couldn't ask for anything better. Your personal firewall or NAT router protected system is acting like a black hole for TCP/IP packets. That's very cool.

If your system did NOT show up as Stealth, but you would like it to, you will need to use one of the many free or inexpensive personal firewalls that are now widely available. Of the many firewalls on that list, we recommend (in alphabetical order) firewalls from Agnitum, Kerio, Norton, Sygate, Tiny, and ZoneLabs. I describe the operation of personal firewalls on this page.


Closed

"Closed" is the best you can hope for without a stealth firewall or NAT router in place. At least the port is not "Open" for business and accepting connections from the probes which are continually sweeping the Internet searching for exploitable systems.

Anyone scanning past your IP address will detect your PC, but "closed" ports will quickly refuse connection attempts. Since it's much faster for a scanner to re-scan a machine that's known to exist, the presence of your machine might be logged for further scrutiny at a later time — for example, when a new operating system vulnerability is discovered and before the potential for exploitation has been repaired.

For this reason it is important for you to stay current with updates from your operating system vendor since new potential vulnerabilities are discovered frequently.

AS NOTED ABOVE: If your system did NOT show up as Stealth, but you would like it to, you will need to use one of the many free or inexpensive personal firewalls that are now widely available. Of the many firewalls on that list, we recommend (in alphabetical order) firewalls from Agnitum, Kerio, Norton, Sygate, Tiny, and ZoneLabs. I describe the operation of personal firewalls on this page.


OPEN!

If our tests have shown one or more of your ports to be OPEN!, then Internet packets requesting a connection with your machine are being accepted and connections are being created. If this is NOT what you intend, if you are not deliberately operating Internet servers and offering services to the public, then you should work to determine the source of the open port(s) and take measures to close them.

Why might ports be open?

Open ports are the result of something in your system or network deliberately preparing to accept unsolicited incoming connections from unknown and anonymous machines on the Internet. Due to the inherent difficulty of writing completely secure programming code, a high percentage of open ports are "exploitable" by malicious Internet hackers. This means that sooner or later some clever "exploit" could be crafted to take advantage of your open ports to gain an advantage without your knowledge or permission.

There are a number of sources of open ports:

 Windows Default Configuration

Unfortunately, any "out of the box" Microsoft Windows operating system is literally riddled with known exploitable and potentially exploitable Internet security vulnerabilities. Keeping Windows updated with all of the latest security patches is always a good idea, but even a fully patched Windows system STILL has many open ports creating opportunities for external intrusion. This is an unfortunate result of Microsoft's policy of turning everything "on" in the system in case it might be required — even if it's not required — and even if it means opening exposed Internet services to every other machine on the global Internet.

Since even Microsoft's own built-in Internet Connection Firewall (ICF) leaves ports open that might be vulnerable to external attack, the only safe practice is to place and Windows systems behind a NAT router, and/or to run personal firewall software on every Windows machine. By doing so it is possible to attain a 100% "TruStealth" rating and for your computer or network to be completely invisible while it is operating on the Internet.

 Poorly Secured NAT Routers

The default configuration of some NAT routers exposes their management access ports to the "WAN" (Wide Area Network) Internet. Since router configuration management is usually only performed from the "LAN" (Local Area Network) side of the router, this exposure is unnecessary. Fortunately, it is usually a very simple matter to close these external openings through simple router reconfiguration.

 Deliberate Operation of Internet Servers

It is uncommon though certainly possible for end-users to operate their own Internet servers of one sort or another. Such users might simple have a computer on the Internet with deliberately open ports, or they might be using a NAT router which has been configured with "port forwarding" to allow incoming connection requests to reach into the local network and access a service running on a machine. In either case, operating an Internet server is not something to be taken lightly. You should keep abreast of any security notices, patches, and upgrades to your server's software so that any exploits which the software publisher discovers and corrects will be corrected on your machine(s) as well.

For specific information about individual ports, you may access our ports database by clicking on the port numbers appearing in our various online tests.


Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2014 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Aug 07, 2006 at 21:42 (2,808.27 days ago)Viewed 27 times per day