(2.0.3) Shouldn't my ports be 'stealth'?

chpalmer

I do suspect it has to do with the ISP's modem/router doing the 'original' PPPoE, and PFS doing a 'pass through' PPPoE next to that.

X2

Mr. Jingles

@chpalmer:

X2

???

( ;D)

mr_bobo

@Hollander:

Which leaves me with why it does show all these open ports when I use internet test sites.

Nmap online scan

chpalmer

@Hollander:

@chpalmer:

X2

???

( ;D)

Means me also. I tend to agree with your theory. When I check against GRC (which I tend to believe spreads a little FUD around) I get everything except the one port I have open as invisible.

razzfazz

@Hollander:

Which leaves me with why it does show all these open ports when I use internet test sites.

What open ports? Your earlier screen shot shows everything either as "stealth" or "closed" (i.e., "drop" or "reject" in terms of pf rules). Neither of these are harmful or dangerous.

The closed ports that you're seeing are most likely ports that are filtered by your ISP; i.e., they get rejected upstream from you, and requests for them never even get to your box.

PhoenixOrion

I am having the same problem but. With some of the ports not stealthed. When I am connected through pfsense on the WAN with dhcp all is stealthed. Which is what I want. But I use a vpn service, to share anonymous internet with the whole house and have pfsense connect as a client on openvpn. When it is connected as a client I get about 10 ports that are closed but not stealthed and am wondering what I can do to get them to stealth. I can also vpn directly from my computer not the pfsense box and all is stealthed with comodo firewall so not sure where these closed ports are coming from. But I do have a Wireless linksys router in between the pfsense box and my computer. I haven't tested it for a while but I believe all ports on it should be stealthed it is running ddwrt. Any help I would appreciate as well.

cmb

as long as you haven't added any reject rules, you're either open or "stealth" or something other than the firewall is responding. When it's a small number of ports, it's almost certainly because the ISP (or VPN provider in that case) is doing blocking.

PhoenixOrion

@cmb:

as long as you haven't added any reject rules, you're either open or "stealth" or something other than the firewall is responding. When it's a small number of ports, it's almost certainly because the ISP (or VPN provider in that case) is doing blocking.

It is vpn checked with openvpn connection and it is them. If I connect sstp,pptp or l2tp they are stealthed but their openvpn is not fully stealthed? For my vpn provider. All this time pulling out my hair unless it is a openvpn problem not sure yet.

Mr. Jingles

Hmmm, sorry if I may come back at this again :-X

I ran the test at grc.com again, but the funny thing is: the ports that grc.com shows as 'closed' but not 'stealth' (I take it this is 'reject' versus 'drop') are the ports that also do not show in Status/System logs/Firewall. For example, you see 'port 992' is 'closed' but not 'stealth' in the first screenshot, and in the firewall log you see no port 992 blocked (second screenshot).

So this would then mean that PFS isn't blocking that since it never reaches PFS since my ISP is already blocking that?

grc.jpg_thumb

Mr. Jingles

Still only one screenshot at a time to be posted :P Here is number 2:

2013-07-07_194752.jpg_thumb

Mr. Jingles

@mr_bobo:

@Hollander:

Which leaves me with why it does show all these open ports when I use internet test sites.

Nmap online scan

Thank you very much for this link ;D

That links shows the first 5000 ports all filtered. So this might confirm what I wrote right before this reply, I think.

chpalmer

Good bedtime reading-

http://cable-dsl.navasgroup.com/#CheckSecurity

http://web.archive.org/web/20060215171504/http://blog.netwarriors.org/articles/2003/11/11/shieldsup-analyzed

and all this if you really have allot of time on your hands-

http://web.archive.org/web/20060204120906/http://www.grcsucks.com/

Im not posting this to flame but to educate on some past "disagreements" in the online security field.

Take it all with a grain of salt!

Mr. Jingles

@chpalmer:

Good bedtime reading-

http://cable-dsl.navasgroup.com/#CheckSecurity

http://web.archive.org/web/20060215171504/http://blog.netwarriors.org/articles/2003/11/11/shieldsup-analyzed

and all this if you really have allot of time on your hands-

http://web.archive.org/web/20060204120906/http://www.grcsucks.com/

Im not posting this to flame but to educate on some past "disagreements" in the online security field.

Take it all with a grain of salt!

:o

???

:-X

:P

;D

You sir, thank you very much for these links; that is a lot of reading to do, but I skimmed through some of them and it was like: :o

Thank you ;D

kejianshi

How could anyone take GRCsucks as a flame job? haha.

That said, a simple scan from their site comes up for me all ports stealth except the ports I opened purposefully.

All is well on my pfsense (except perhaps the holes I punched in the firewall myself)

Then again, I may be riddled with backdoor trojans… Apparently hard to know from their results.