Firewall strealthing

[BoB]

I was informed today that (e-mail address removed) is no longer a valid
fake email address. Privacy.net has a new owner who no longer
authorizes the use of the site for a fake email address. I now
use (e-mail address removed).

Now for my question. While at Privacy.net I initiated their firewall
test. It reported:

Out of the above ports, the following are open and permitting outbound
traffic: 554,1755,443,80
Firewall status: NOT PRESENT (you may have a firewall, but it is not
configured to block these ports from outbound traffic)

GRC tests firewalls but as I recalled it only tests inbound traffic.
I ran the GRC firewall test on the first 1024 ports which covered the
lower numbered three ports above. GRC reported all ports are stealth.

Is the Privacy.net comment that four outgoing ports are not blocked
legitimate and/or relevant.

In Kerio 215 I set up the four ports to block outgoing TCP/UDP and ICMP.
In a re-test at Privacy.net it made no difference. Why not?

I removed the 4 port blocks.

Since I'm over my head in trying to make sense of the above tests,
could anyone shed some light on this?

I'd be much obliged for your input.

XP2 SP2

BoB

 

[Carey Frisch [MVP]]

Please visit the experts in the Firewall newsgroup:
news://msnews.microsoft.com/microsoft.public.windows.networking.firewall

--
Carey Frisch
Microsoft MVP
Windows Shell/User

---------------------------------------------------------------

I was informed today that (e-mail address removed) is no longer a valid
fake email address. Privacy.net has a new owner who no longer
authorizes the use of the site for a fake email address. I now
use (e-mail address removed).

Now for my question. While at Privacy.net I initiated their firewall
test. It reported:

Out of the above ports, the following are open and permitting outbound
traffic: 554,1755,443,80
Firewall status: NOT PRESENT (you may have a firewall, but it is not
configured to block these ports from outbound traffic)

GRC tests firewalls but as I recalled it only tests inbound traffic.
I ran the GRC firewall test on the first 1024 ports which covered the
lower numbered three ports above. GRC reported all ports are stealth.

Is the Privacy.net comment that four outgoing ports are not blocked
legitimate and/or relevant.

In Kerio 215 I set up the four ports to block outgoing TCP/UDP and ICMP.
In a re-test at Privacy.net it made no difference. Why not?

I removed the 4 port blocks.

Since I'm over my head in trying to make sense of the above tests,
could anyone shed some light on this?

I'd be much obliged for your input.

XP2 SP2

BoB

 

[Mark Dormer]

I get the exact same ports open as you

This is an outbound test, I don't block outbound so everything is fine.
All inbound connections to my PC are blocked by my Cisco router.
I have tested that with GRC and my own port scanning.

Below is the connections, you can see they are from Internet Explorer to the
ports mentioned on their server.

iexplore.exe:3528 TCP x:3516 ev1s-66-98-244-117.ev1servers.net:http
ESTABLISHED
iexplore.exe:3528 TCP x:3517 ev1s-66-98-244-117.ev1servers.net:16771
ESTABLISHED
iexplore.exe:3528 TCP x:3518 ev1s-66-98-244-117.ev1servers.net:554
ESTABLISHED
iexplore.exe:3528 TCP x:3519 ev1s-66-98-244-117.ev1servers.net:1755
ESTABLISHED
iexplore.exe:3528 TCP x:3520 ev1s-66-98-244-117.ev1servers.net:https
ESTABLISHED
iexplore.exe:3528 TCP x:3521 ev1s-66-98-244-117.ev1servers.net:http
ESTABLISHED

Regards
Mark Dormer

 

[BoB]

Subject: Re: Firewall strealthing

Please visit the experts in the Firewall newsgroup:
news://msnews.microsoft.com/microsoft.public.windows.networking.firewall

--
Carey Frisch
Microsoft MVPOn Sat, 2 Feb 2008 19:32:57 +1100, "Mark Dormer"

Thanks for info on the correct NG.

BoB

 

[BoB]

Thanks Mark, appreciate the feedback and time you spent on it.

Since Privacy.net offers no info on correcting this anomaly, it's
probably not a big thing.

BoB