Shields Up query

CurlyWhirly

CurlyWhirly

CurlyWhirly

Associate
Joined
24 May 2003
Posts
1,429
Location
UK
When running GRC's 'Shields Up' firewall test at https://www.grc.com/x/ne.dll?bh0bkyd2 I get the same results whether I have:

1. Just my software (McAfee) firewall enabled
2. Just my hardware (router) firewall enabled
3. Neither enabled
4. Both enabled

I get stealth results when I run the 'All service ports' test in all the above configurations.

Is this normal or is the 'Shields Up' test just using cached data from the previous test(s) resulting in inaccurate assessments :confused:
 
most probably the router is running in default deny so all the ports will appear as closed unless you have set up forwarding. Its a useful tool to double check security and open ports. Sygate also have a useful one
 
mike1210 said:
most probably the router is running in default deny so all the ports will appear as closed unless you have set up forwarding
Click to expand...
Phil99 said:
Probably NAT on the router
Click to expand...

So the above 2 answers are basically the same thing then?
This gives me the impression that even if you don't have a firewall running, using a router is fairly safe but obviously I prefer to run them both.

Before I upgraded to a router, I can remember running the 'Shields Up' test firstly with McAfee enabled and then without it and on the second run nearly all ports were in stealth mode apart from only a couple which were closed.

I know one of them was Port 80 (HTTP) but I can't remember what the others were :o

So even with a software firewall (McAfee), when it was disabled it also must have been running in default deny mode but it doesn't appear to do as good a job as the NAT router which still managed to stealth all ports even when disabled.
 
With a router setup with NAT you can get away with running no firewall as incoming traffic can only get to the PC if the PC requests it, unless you forward a port of course.

What this doesn't give you that your software firewall does, however, is outbound protection to stop any malware "phoning home" or a worm distributing itself via your connection.
 
yes NAT in a sense "hides" your PC from the net and as such cannot be accessed (in theory) unless you open ports to it. Im guessing the firewall part you mention is maybe the SPI feature of the router or similar. This basically tracks connection to and from your machine and makes sure they are legitamate, by putting the stages of the connection into a table and making sure the connections follow the right procedure.

As a basic guide:

Software firewalls work on applications, you may have allowed a web server service or silimar to run on your machine.....did you install IIS?????

Hardware firewalls in routers work on IP address (from 0.0.0.0 to 255.255.255.255) port 0-65535 and protocol being TCP/UDP

example of this. Internet is port 80 TCP, Secure internet is port 443 TCP
 
Last edited:
Phil99 said:
With a router setup with NAT you can get away with running no firewall as incoming traffic can only get to the PC if the PC requests it, unless you forward a port of course.
Click to expand...
I don't think I have forwarded a port as I wouldn't know how to being new to routers as I have only had this Speedtouch for a few weeks :o


Phil99 said:
What this doesn't give you that your software firewall does, however, is outbound protection to stop any malware "phoning home" or a worm distributing itself via your connection.
Click to expand...
Yes I know what you mean as when McAfee is enabled then GRC's 'Leaktest' can't get outbound unless I permit it when the warning dialogue box appears on my screen.

When I disable the software firewall then the Leaktest utility 'phones home' without me realising it.

By the way can a router firewall be disabled by a hacker or malware for example or because it is independent of the O/S is this unlikely to happen :confused:
 
CurlyWhirly said:
By the way can a router firewall be disabled by a hacker or malware for example or because it is independent of the O/S is this unlikely to happen :confused:
Click to expand...

Only if they can get access to your router so make sure you use a strong password (difficult to guess with random letters/numbers) and if possible tell it to deny access to people trying to access the config pages from the WAN (Internet) side.
 
mike1210 said:
http://www.draytek.co.uk/natmovie.html

watch that movie for nat explanation :)
Click to expand...
That movie is excellent :cool:

I now understand how NAT routers work and the way they work certainly seems quite secure.
Am I right in thinking that what happens in the movie happens even when the router firewall is disabled and is entirely seperate to the router firewall?
I think it is and if so it could explain why the 'Shields Up' test showed all my ports in stealth mode even when I had both my software and hardware firewall disabled.


Phil99 said:
Only if they can get access to your router so make sure you use a strong password (difficult to guess with random letters/numbers) and if possible tell it to deny access to people trying to access the config pages from the WAN (Internet) side.
Click to expand...
I have a strong password and also have disabled the 'Remote Assistance' option (it was disabled by default anyway).
 
Last edited:
CurlyWhirly said:
That movie is excellent :cool:


Am I right in thinking that what happens in the movie happens even when the router firewall is disabled and is entirely seperate to the router firewall?
Click to expand...

in a sense yes, the firewall should add more meticulous inspection to the incoming packets, but by default....as the movie....NAT only lets in traffic to your PC that YOU requested. All other traffic gets rejected :)
 
Thanks for answering my queries mike1210 :)

I am glad that I invested in a router now and not only for the security side of things as also for a more reliable connection than USB modem, etc.
 
I'm using the Netgear WPNT834 router, it works fine except the ports are not stealthed. They're closed but I cannot find any options to stealth them.

I've tried to connect via telnet/ssh using putty, but the connections are refused :(
 
You must log in or register to reply here.
Back
Top Bottom