Shields Up query

CurlyWhirly · 21 Apr 2006 at 16:31

When running GRC's 'Shields Up' firewall test at https://www.grc.com/x/ne.dll?bh0bkyd2 I get the same results whether I have:

1. Just my software (McAfee) firewall enabled
2. Just my hardware (router) firewall enabled
3. Neither enabled
4. Both enabled

I get stealth results when I run the 'All service ports' test in all the above configurations.

Is this normal or is the 'Shields Up' test just using cached data from the previous test(s) resulting in inaccurate assessments :confused:

CurlyWhirly · 21 Apr 2006 at 19:50

mike1210 said:
most probably the router is running in default deny so all the ports will appear as closed unless you have set up forwarding

Phil99 said:
Probably NAT on the router

So the above 2 answers are basically the same thing then?
This gives me the impression that even if you don't have a firewall running, using a router is fairly safe but obviously I prefer to run them both.

Before I upgraded to a router, I can remember running the 'Shields Up' test firstly with McAfee enabled and then without it and on the second run nearly all ports were in stealth mode apart from only a couple which were closed.

I know one of them was Port 80 (HTTP) but I can't remember what the others were

So even with a software firewall (McAfee), when it was disabled it also must have been running in default deny mode but it doesn't appear to do as good a job as the NAT router which still managed to stealth all ports even when disabled.

CurlyWhirly · 21 Apr 2006 at 21:27

Phil99 said:
With a router setup with NAT you can get away with running no firewall as incoming traffic can only get to the PC if the PC requests it, unless you forward a port of course.

I don't think I have forwarded a port as I wouldn't know how to being new to routers as I have only had this Speedtouch for a few weeks

Phil99 said:
What this doesn't give you that your software firewall does, however, is outbound protection to stop any malware "phoning home" or a worm distributing itself via your connection.

Yes I know what you mean as when McAfee is enabled then GRC's 'Leaktest' can't get outbound unless I permit it when the warning dialogue box appears on my screen.

When I disable the software firewall then the Leaktest utility 'phones home' without me realising it.

By the way can a router firewall be disabled by a hacker or malware for example or because it is independent of the O/S is this unlikely to happen :confused:

CurlyWhirly · 21 Apr 2006 at 21:29

mike1210 said:
did you install IIS?????

I doubt it as I had to Google it as I had never heard of it before

CurlyWhirly · 22 Apr 2006 at 20:31

mike1210 said:
http://www.draytek.co.uk/natmovie.html

watch that movie for nat explanation

That movie is excellent :cool:

I now understand how NAT routers work and the way they work certainly seems quite secure.
Am I right in thinking that what happens in the movie happens even when the router firewall is disabled and is entirely seperate to the router firewall?
I think it is and if so it could explain why the 'Shields Up' test showed all my ports in stealth mode even when I had both my software and hardware firewall disabled.

Phil99 said:
Only if they can get access to your router so make sure you use a strong password (difficult to guess with random letters/numbers) and if possible tell it to deny access to people trying to access the config pages from the WAN (Internet) side.

I have a strong password and also have disabled the 'Remote Assistance' option (it was disabled by default anyway).

CurlyWhirly · 22 Apr 2006 at 20:50

Thanks for answering my queries mike1210

I am glad that I invested in a router now and not only for the security side of things as also for a more reliable connection than USB modem, etc.