New
#91
Set the firewall to 'off' but you are right. NAT was still enabled (just checked). I'll re-test later. Thanks.
Set the firewall to 'off' but you are right. NAT was still enabled (just checked). I'll re-test later. Thanks.
an applicable FAQ (<-linky) from the outpost firewall forum. a few years old but still generally applicable.
an excerpt:
if you run the grc steallth test, the section of the results page below the graphic goes into more detail on why you might pass without any apparent hardware or software protection. worth reading the whole thing.
...
Scans with a Router
If your Internet connection uses a router (an option for xDSL, cable and satellite connections - not dial-up however) then that router will have its own Internet address and will use Network Address Translation (NAT) to amend packets allowing you to share the Internet connection between several computers. This is an advantage security-wise since the router will be visible on the Internet rather than your computer, but it can make certain applications and online scans harder to set up.
In this case, check the router's configuration - many can be set to give "stealthed" ports but the exact details will depend on the make and model of router. If you do not have appropriate documentation on this, then try an Internet search to see what other users have done.
To scan your PC (and Outpost) you will need to either:
- Reconfigure your router (temporarily!) to pass all incoming packets to your computer - this may be refered to as creating a DMZ, DeMilitarized Zone, or Port Forwarding (for all ports) or;
- Disconnect from your router and use a dial-up connection for the duration of the test only.
Scans with Proxy Servers
If you do not use a router but still have different IP addresses reported, then the next most likely cause is a proxy server. These are common in work or school environments and may be used by some ISPs. In such a case, there may no easy method of obtaining a direct connection, other than attempting a dial-up connection (with another ISP if possible). If in doubt, contact the proxy administrator.
ISP Filtering
There have been cases of people getting "Closed" results for certain ports without having a router or proxy server. In such cases, it is possible that the ISP is blocking some ports and returning an error message in order to prevent the spread of certain worms or trojans. This is most likely for ports widely used by such worms - notably 135-139 and 445.
while a hardware router/firewall in general offers excellent protection from the outside, it does not protect you from threats inside the firewall, ie. other pc's on the network and/or software that communicates from inside.
i use a software firewall to take care of that aspect, and it also covers a number of other aspects of malware protection, such as HIPS, IP blocking via lists of bad sites, registry and system file protection, anti-leak protection from unpatched exploits, etc. that the hardware firewall does not.
windows 7's upgraded firewall will now cover outgoing, but is quite difficult to configure and manage effectively.
all in all, a layered defence is still a good choice, tho some may not need all the layers. depends on your level of perceived threat and past experience with removing infections or having been a victim of more malicious stuff.
i am of course prejudiced as to which third party firewall to use.
Then you know your hardware firewall is doing its job. The router's firewall is far better than any software firewall. The only reason I use a software firewall is to monitor outgoing.
I got the same results from ShieldsUp with my hardware firewall disabled as I did when when I plugged directly to the internet with a modem. I had total stealth both ways using Comodo.
I noticed in another post that this was not the case. The poster turned off his hardware firewall and the results were the same - as if the hardware firewall was still on.
I am not questioning you; I am just trying to learn and I thank you for the excellent read on how firewalls work.