GRC shields up solicited packets received

Hi all,
After I ran GRC "shields up" tru-stealth it displayed "solicited TCP packets received" on my home network and I was wondering how to change that or where I'd begin to change that, I use nordvpn but the same end result is displayed regardless of whether that is active or not so it's not that. Do you think it has something to do with the firewall honestly I am a bit of a noob when it comes to network security.

As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers.

89/90 are closed with or without vpn. i think those are the ones linked to the solicited packets being received, from checking online/own knowledge these are needed for TCP, wonder if those can be stealthed?

options listed in firewall:
Capture — ImgBB

Your VPN has NOTHING to do with this. And using your VPN should give you the VPN's server open ports, not your home connection. So, using the VPN while using GRC's Shields Up is not what you want to do to test your home network. If you're getting the same result, then your VPN has leaks which it probably has... Many people don't realize things like WebRTC, canvas data, HTML5 local storage and a whole slew of other stuff rats you out whether you use a VPN or not. In other words, you need to know what you're doing.

Do yourself a favor, if your modem is directly connected to the PC, then get a good, reputable router. This will have something called SPI (Stateful Packet Inspection). Which means you have a firewall from unconsolidated packets headed your way.

I'd go with a quality ASUS router that can be flashed with a third-party firmware like ASUS Merlin or DD-WRT. Not something everyone can do however. Just know that like Windows and software, routers need security updates as well...That's why you roll third-party firmware to mitigate having your router turned into a zombie botnet.


Some interesting reading: These 7 Companies Secretly Own Dozens of VPNs


Now, if your external IP address is IPv6, then you need a router or its firmware capable with using NAT64. Without it you're as open as ever. In fact, the last part of the IPv6 address tells all what hardware you're running... Unless SLAAC is used...

I switched my firewall's settings (through avast one which controls Windows Firewall/I think?) to a trusted network rather than unsecured/untrusted on both Nord and EE broadband and re-done ShieldsUp, now all ports are secured and I got TruStealth :). Not 100 on how this worked but if someone can offer insight I'd be interested to learn a bit more. Thanks.