Results 1 to 10 of 10

Thread: Stealth mode not stealth according to ShieldsUp > Not ZA but The router or NAT modem

  1. #1
    schmavie Guest

    Default Stealth mode not stealth according to ShieldsUp > Not ZA but The router or NAT modem

    I just went to the ShieldsUp website to check the security of my local machine which is being protected by ZoneAlarm. I clicked on the link for ShieldsUp (https://www.grc.com/x/ne.dll?bh0bkyd2), clicked Proceed,and ran the test for Common Ports. Here is the text results of the scan:<PRE>----------------------------------------------------------------------GRC Port Authority Report created on UTC: 2005-12-31 at 19:52:34Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113, 119, 135, 139, 143, 389, 443, 445, 1002, 1024-1030, 1720, 5000 0 Ports Open 26 Ports Closed 0 Ports Stealth--------------------- 26 Ports TestedALL PORTS tested were found to be: CLOSED.TruStealth: FAILED - NOT all tested ports were STEALTH, - NO unsolicited packets were received, - A PING REPLY (ICMP Echo) WAS RECEIVED.----------------------------------------------------------------------</PRE><PRE>I have verified that in ZoneAlarm I have both "Internet Zone Security"
    and "Trusted Zone Security" set to "High" or "Stealth Mode." But even so,
    the ShieldsUp results are telling me my ports are **NOT** running in Stealth.</PRE><PRE>What gives? Is this false advertising on ZoneAlarm's part? Or, do I need to
    change some other configuration settings?</PRE>

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Pro
    Software Version:6.0

  2. #2
    ad_hock Guest

    Default Re: Stealth mode not stealth according to ShieldsUp

    Hi Schmavie
    Are you behind a router or a modem that does NAT (Network Address Translation)? Because if that is the case it's the hardware device (the router or the modem) that is scanned and not your pc. Hit start-run-cmd and then, in the command line type ipconfig and see what is your ip. If it is within one of this ranges:
    10.0.0.0 - 10.255.255.255
    172.16.0.0 - 172.31.255.255
    192.168.0.0 - 192.168.255.255
    means that you have a private ip not usable and not scannable from the internet and what is scanned is the external ip assigned by your ISP to your router or your modem.
    If your ip is inside one of the ranges above do this, go to GRC and run shiels up and take note of the ip that is scanned. Then proceed as explained above with the command ipconfig to get your ip. Compare with the one GRC scanned and you'll see they are different.
    Best regards and a Happy New Year

  3. #3
    magical_trevor Guest

    Default Re: Stealth mode not stealth according to ShieldsUp

    ----------------------------------------------------------------------

    GRC Port Authority Report created on UTC: 2006-01-04 at 12:20:01

    Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
    1056 Ports Stealth
    ---------------------
    1056 Ports Tested

    ALL PORTS tested were found to be: STEALTH.

    TruStealth: PASSED - ALL tested ports were STEALTH,
    - NO unsolicited packets were received,
    - NO Ping reply (ICMP Echo) was received.

    ----------------------------------------------------------------------

    Message Edited by magical_trevor on 01-05-2006 12:20 AM

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Internet Security Suite


    Message Edited by magical_trevor on 01-05-2006 12:21 AM

  4. #4
    schmavie Guest

    Default Re: Stealth mode not stealth according to ShieldsUp

    I followed your instructions and re-ran the test at GRC, noting the IP address that was reported as scanned. I then compared that against what IPConfig told me is my actual IP address (it was in the 192.168.xxx.xxx range). They were in deed different IP's. So, what does that mean? That GRC cannot provide me with an accurate scan? That I would need to somehow tell GRC what IP address to actually scan? How can I know that my ports are in fact actually"stealthy?"

  5. #5
    ad_hock Guest

    Default Re: Stealth mode not stealth according to ShieldsUp

    Hi Schmavie
    There is nothing wrong with the grc scanning. What happens is either you have a router or a modem that does NAT (Network Address Translation). You ISP assigns the external ip, valid for the internet,to your router or modem. Is this IP that grc scans. Then the device with NAT features assigns a private ip as you said in the range of 192.168.x.x. This ip cannot be used in the internet and is not reachable from the internet side, which means you have good incoming protection as only the external ip can be targeted. The router or NAT modem acts as a natural hardware firewall isolating your computer from the internet side.Put simply your computer makes solicitations to the router or modem and meanwhile packets are sent to your computer, and only the ones that corresponds to yor computer solicitations are passed for the interior or private ip and distributed to your computer and due ports.You are not stealth as the router or modem answers to incoming packets, but this packets doesn't pass to your computer unless they correspond to solicitations made by it. Resuming your ZA is not targeted because those packets just don't arrive there, they are blocked before(if you look the ZA logs you must not have blocked incoming intrusions). Now the ideal would be that the hardware device didn't answer to this requests (be stealthed),for that you need to know what harware you are using and see the manual or the web site of the manufacturer to see if it is possble to set it that way.
    Best regards

  6. #6
    schmavie Guest

    Default Re: Stealth mode not stealth according to ShieldsUp

    You said, "This ip cannot be used in the internet and is not reachable from the internet side, which means you have good incoming protection as only the external ip can be targeted."That's whatI needed to hear. Thanks

  7. #7
    ad_hock Guest

    Default Re: Stealth mode not stealth according to ShieldsUp

    You're welcome
    Best regards

  8. #8
    magical_trevor Guest

    Default Re: Stealth mode not stealth according to ShieldsUp

    Ad-HockQuestion for you, for some ports jsut to be closed, and not stealthed. Can that be because people are allowing broadcast/multicast????

  9. #9
    ad_hock Guest

    Default Re: Stealth mode not stealth according to ShieldsUp

    Hi magical_trevor
    A closed port is one that is not in use.It's visible but doesn't answer to solicitations the danger is it gives an indication to hackers to try that address.About your question I don't think that has to do with that as by default with internet security at high allow broadcast/muticast is enabled. In internet zone security click custom and you'll see that option checked by default.
    Best regards

  10. #10
    datlee Guest

    Default Re: Stealth mode not stealth according to ShieldsUp


    <blockquote><hr>magical_trevor wrote:

    ----------------------------------------------------------------------

    GRC Port Authority Report created on UTC: 2006-01-04 at 12:20:01

    Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
    1056 Ports Stealth
    ---------------------
    1056 Ports Tested

    ALL PORTS tested were found to be: STEALTH.

    TruStealth: PASSED - ALL tested ports were STEALTH,
    - NO unsolicited packets were received,
    - NO Ping reply (ICMP Echo) was received.

    ----------------------------------------------------------------------



    Message Edited by magical_trevor on 01-05-200612:20 AM


    Operating System: Windows XP Home Edition
    Product Name: ZoneAlarm Internet Security Suite


    Message Edited by magical_trevor on 01-05-200612:21 AM
    <hr></blockquote>

    <hr>
    I'm confused by this. I assume you're trying to make a point that the above results were obtained using a machine at a non-192.168 address. But most home users who use a router are routed using 192.168 addresses. Why wouldn't Steve Gibson, who is extremely thorough and interested in network security for all &quot;common people&quot;, not make some mention of the limitation of his tool in such cases? If he did, can you tell me where -- I apparently missed it. Thanks.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Zone Alarm -Stealth Mode
    By ecopolist in forum ZoneAlarm Configuration
    Replies: 3
    Last Post: February 25th, 2009, 02:17 AM
  2. Router security, port stealth and Zonealarm
    By poodpood in forum Security Issues
    Replies: 5
    Last Post: August 29th, 2006, 10:00 AM
  3. Windows XP Pro, SP2, Stealth mode disabled
    By wflenniken in forum General - Questions that don't fit any other category
    Replies: 4
    Last Post: August 23rd, 2006, 11:37 AM
  4. ZA blocks allowed programs in stealth mode
    By hector in forum Access Issues
    Replies: 1
    Last Post: May 8th, 2006, 01:53 AM
  5. Replies: 3
    Last Post: December 10th, 2005, 12:29 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •