Firewall/Packet filter testing

Hampton · 01-04-2009, 12:51 PM

I have a question, what firewall test sites are the best? I have always used "Test my shields" from GRC.com but I remember years ago seeing other test sites but don't remember the names or even if they still exist.

No matter which firewall I have installed I get "Failed" port 80 is open but the rest are stealth, @ GRC, here is the test results.

"GRC Port Authority Report created on UTC: 2009-01-04 at 17:39:45

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

1 Ports Open
0 Ports Closed
25 Ports Stealth
---------------------
26 Ports Tested

NO PORTS were found to be CLOSED.

The port found to be OPEN was: 80

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED."

Right now I am running direct to the modem but even when I am using a router / hard firewall, I get the same results.

Mak213 · 01-04-2009, 03:09 PM

Interesting. What firewall/router combo do you use.

This is my results from GRC.com:

Code:

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2009-01-04 at 20:08:22

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113, 
                            119, 135, 139, 143, 389, 443, 445, 
                            1002, 1024-1030, 1720, 5000

    0 Ports Open
    0 Ports Closed
   26 Ports Stealth
---------------------
   26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------

That is in Windows 7 no less. I have no firewall but hte Windows firewall on. I have Avast for my AV. I have a DLink DIR-628 WiFi Router that i use that has a built in firewall.

GRC has always been my favorite test site. I have seen others. But none have stacked up to what GRC can do with Shield's Up! and Spinrite.

Hefemeister · 01-04-2009, 03:33 PM

Hey Thanks. I always felt I had a good hardware/software firewall combo but had never tested it.

Code:

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2009-01-04 at 20:29:33

Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
 1056 Ports Stealth
---------------------
 1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------

Thanks again.

Mak213 · 01-04-2009, 03:43 PM

A good hardware firewall is always better than the best software firewall. This is because the hardware firewall will stop the activity before it even reaches the PC. By the time the software firewall catches it, it is already to your PC and it has to take action to stop the activity before something happens.

With a router with built in firewall it will be stopped at the router. I havent used a software firewall in a couple of years now since i first bought my DLink router with a firewall built in. That was like 3 years ago when i stopped using firewalls. I have not had a infection since. Even visiting those shady sites. But that is also helped by browser security measures like AdBlock, NoScript and FlashBlock to also prevent malicious things from running as well.

Opera is good at stopping the stuff as well. Only once did Opera allow something to get thru which was then blocked by the router. But for shady sites Firefox with the mentioned extensions is the best.

Hampton,

Your port 80 could be open due to the fact that it is the HTTP port and if you are downloading anything from a website at the time you are runnign the scan that port will be open.

Hefemeister · 01-04-2009, 03:50 PM

Excellent point Mak. I turned off my software firewall and still scored perfect.

Code:

Results from scan of ports: 0-1055

    0 Ports Open
    0 Ports Closed
 1056 Ports Stealth
---------------------
 1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

Does this mean I would be safe uninstalling my software firewall. Or should I leave it on to be safe?

Hampton · 01-04-2009, 03:54 PM

Quote:

Originally Posted by Mak213

Interesting. What firewall/router combo do you use.

This is my results from GRC.com:

Code:

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2009-01-04 at 20:08:22

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113, 
                            119, 135, 139, 143, 389, 443, 445, 
                            1002, 1024-1030, 1720, 5000

    0 Ports Open
    0 Ports Closed
   26 Ports Stealth
---------------------
   26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------

That is in Windows 7 no less. I have no firewall but hte Windows firewall on. I have Avast for my AV. I have a DLink DIR-628 WiFi Router that i use that has a built in firewall.

GRC has always been my favorite test site. I have seen others. But none have stacked up to what GRC can do with Shield's Up! and Spinrite.

Yes, I have been a GRC fan for many years too.

(yes I'm a nerd, lol) I was using D-link but it died a while back, my nephew is suposed to bring over a router for me this week, but I use as I test different ones. ZA, Comodo and right now AVG firewall (30 day trial) but yea always have port 80 open, I was thinking the reason for this was that was what my browser needed open cause why would that be the only one open..?

I use to know this crap for some reason I am brain farting on this port 80 thing even just googled on it to refresh my memory but that was useless many people discusing it but nobody says well here is what you do.. ahhh!

close port 80 on Vista?

Mak213 · 01-04-2009, 04:18 PM

Hefe,

If you have a router with a built in firewall you really dont need a software one as well. As you can see from my information i have no ports open and everything is stealth. Even in a Beta OS. It will protect you. As long as you take the necessary steps as well.

Hampton,

Port 80 is used by websites yes. But as you see with my results even on a website that port is stealth for me. So that means that either your firewall or your AV or another application has requested the firewall to leave that port open for some reason. Most likely for updates to the software.

It isnt good but it isnt bad. Port 80 is the most common port to have open. It is used by just about anything that deals with web updates of some kind.

While having it open can be dangerous. You have good software installed to help protect you. But if you are really worried. I would get a new router with built in firewall to stay protected.

Hampton · 01-04-2009, 04:38 PM

Thanks Mak, I was stressing for a min there.

in the old days I use to use 2 firewalls and was able to control things better but now they make it so you can't pick and choose what ports you want open. I want to be able to control these things and modern software firewalls don't allow you that option.

it may have been open due to my last OS install, I didn't turn off the remote connection feature that is checked by default when installing windows.

Mak213 · 01-04-2009, 04:44 PM

2 firewalls is overkill. Most routers and even firewalls do have ways you can control what ports you want open.

PortForward.com - Free Help Setting up Your Router or Firewall

That site will prove to be of use.

oldskool · 01-05-2009, 10:35 PM

Quote:

Originally Posted by Mak213

Hefe,

If you have a router with a built in firewall you really dont need a software one as well. As you can see from my information i have no ports open and everything is stealth. Even in a Beta OS. It will protect you. As long as you take the necessary steps as well.

Hampton,

Port 80 is used by websites yes. But as you see with my results even on a website that port is stealth for me. So that means that either your firewall or your AV or another application has requested the firewall to leave that port open for some reason. Most likely for updates to the software.

It isnt good but it isnt bad. Port 80 is the most common port to have open. It is used by just about anything that deals with web updates of some kind.

While having it open can be dangerous. You have good software installed to help protect you. But if you are really worried. I would get a new router with built in firewall to stay protected.

Yes, and Port 443 is used for https (SSL transactions, like banking online). Ever notice when you go to a banking site, or when you purchase something online, the URL will start with https ? The "s" in "https" is secure. The site you would be accessing at such a time is using SSL (Secure Socket Layer certificates), which makes sure that the transactions are encrypted and verified with SSL certificates.

But just as Mak said, port 80 is what your browser uses for regular web activity. I threw in the part about port 443 SSL stuff because that is fairly common as well. SSL sessions end when you logoff the bank site, online transaction, PayPal, etc.

Member Login