Results 1 to 3 of 3
  1. #1
    2 Star Lounger
    Join Date
    Dec 2009
    Oxfordshire, UK
    Thanked 0 Times in 0 Posts

    Are Closed Ports a security risk?

    I recently ran Gibsons Research 'Shields UP' On my Win 7/64 machine and received a report that all the common ports were in 'Stealth' mode except ports 135 - 139 which were 'Closed', and consequently I had failed the test.

    I am a bit confused at this result. Does the fact that these ports are closed mean that they pose a serious security risk? Or does it just mean that they were not in the 'Stealth' mode and the test expects all ports to be in this mode?

    As I understand it a port in 'Stealth' mode does not accept or respond to any probes and consequently not only blocks access but denies that the port actually exists. Whereas a Closed port blocks access but in doing so unwittingly sends back a message indicating that the port exists, and perhaps thus encourage whoever is trying to access my computer to continue trying. What I don't understand is, how serious is this latter position? It is hard enough imagining why anyone out there should be trying to get in to my little digital world in the first place but even more difficult to imagine them setting out to continue trying and possibly using stronger methods etc.

    I would welcome some advice on this matter and, if these closed ports do constitute serious, real risk, advice on how they can be set to 'Stealth' mode like all the others.

    I operate behind a Negear NAT router with built-in firewall and received this 'Failed' result using both Zone Alarm Free firewall and Avast Internet Security.

  2. #2
    Super Moderator bbearren's Avatar
    Join Date
    Dec 2009
    Polk County, Florida
    Thanked 451 Times in 357 Posts
    Your assessment is essentially correct. A closed port returns a "closed" status to a port query, and that does indeed confirm that a PC exists, and the IP address of the PC can easily be determined.

    As for someone's nefarious interest in your digital world, DDoS attacks and other such deeds are mounted by hacking vulnerable PC's, parking executable Trojans/malware there waiting for orders. Such stories are in the news frequently.

    My PC's are invisible to any and all probes (according to Shields UP!), but I (and most of us) leave a trail whenever we're online. Our IP's can be determined, but it's a lot more effort than just sending out probes looking for returned pings, open/closed ports, etc.

    "Stealth" ports are the product of your router's firewall.

    Shields UP! FAQ has more information.
    Last edited by bbearren; 2013-03-24 at 15:36.
    Create a fresh drive image before making system changes, in case you need to start over!

    "The problem is not the problem. The problem is your attitude about the problem. Savvy?"—Captain Jack Sparrow "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware.
    Unleash Windows

  3. #3
    WS Lounge VIP Browni's Avatar
    Join Date
    Dec 2009
    Rochdale, UK
    Thanked 180 Times in 156 Posts
    Quote Originally Posted by bbearren View Post
    [SIZE=3]"Stealth" ports are the product of your router's firewall.
    Don't forget the importance of the Windows Firewall.

    My router is configured to forward port 80 (HTTP) requests to my PC and quite properly GRC Shields Up reports this as open when I allow it.

    Rather than faffing about with router settings I enable/disable the Windows Firewall rule for port 80 as and when required. When disabled (ie blocked), Shields Up reports that the port is stealthed for want of a better word.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts