8 replies to this topic

[frapper]

When I go to Steve Gibson's "ShieldsUP" site https://www.grc.com/x/ne.dll?bh0bkyd2
whether in XP using the Comodo firewall or on machines running Win7 Home Premium running the Win7 firewall, I get the same result. Everything is fine except for responding to "ping" when I run the "common ports" test.

Quote

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

What can be done, and is this really an issue? Do all Win7 firewall machines fail in this? Why aren't all firewells set up to block this by default?

Also, is there a better lightweight firewall-only for XP? The machine runs  MSSE and MBAM in realtime.

[Corrine]

Both Windows Vista Firewall and Windows 7 Firewall were "true stealth"

Quote

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

For Windows XP, I've heard favorable comments for Private Firewall:  Intrusion Detection and Prevention, Security Data Analytics, Personal Firewall - Privacyware.

[frapper]

I tested this on two new Win7 machines, a netbook and a desktop, both connected to a DSL modem and switch. Why would both fail if yours is "true stealth"?

[Corrine]

Have you made any changes to the Windows firewall?

[frapper]

Corrine, on 03 August 2012 - 09:59 PM, said:

Have you made any changes to the Windows firewall?

None. All default settings as received from the factory.

[securitybreach]

Most routers have the option to block ping requests (block anonymous WAN Requests or something similar) :

[ross549]

Yes, your router's firewall is the problem here, unless you don't have one.

Adam

[frapper]

I'm not a security expert, but the DSL modem* shows activity even when the machine(s) are shut down. I assume it's responding to random pings from the ISP to verify that it's "still there". That's what the ISP has told me. So couldn't it be the modem that responds to Steve Gibson's pings, and not the machine?

Adam, there is no router. It's a DSL modem that runs through a switch, and that's connected to Netgear powerline adapters for two other PC's in the house.

*Gigaset 4300 ADSL modem, Part # 060R-D148-A27

[frapper]

PC Flank's tests say it's stealthed.



Recommendation:

All the ports we have scanned are Stealthed (by a firewall). So just continue following the fundamental security measures and regularly update your security software.

I also ran the full port scan at https://www.securitymetrics.com/ and everything came up "stealth" including the common  trojan ports. Both tests used the Win7 firewall.