Posted: 4/23/2004 7:00:39 AM EDT
|
i'am using this site that someone posted while back https://grc.com/x/ne.dll?bh0bkyd2 to check ports on the computer. i used to be in stealth all the time. now i got a new computer and i get theses failures
before i never got these failures i am using a router split to two comp,have windows xp firewall enable also tried norton firewall but it still fails. so how do i get back to toal stealth? |
|
The problem is at the router/firewall. Not the computer. You have probably inadvertently change the security settings on the firewall. The "113 IDENT Closed" is a common problem. If you go the website of the manufacturer of your router. And then search their FAQ for port 113. It will most likely tell you how to resolve the issue. |
|
Why isn't my Port 113 Stealthed? I'm using a firewall to stealth my entire machine, but the ShieldsUP! port probe shows port 113 to only be closed instead of stealthed! What gives? Port 113 is associated with the Internet's Ident/Auth (Identification / Authentication) service. When a client program in your computer contacts a remote server for services such as POP, IMAP, SMTP, or IRC, that remote server sends back a query to the "Ident" server running in many systems listening for these queries on port 113. Essentially, the remote server is asking your system to identify itself . . . and you. This means that port 113 is often probed by attackers as a rich source of your personal information. You may recall, from my explanation of Stealthed ports, that attempting to connect to a stealthed port is both costly and painful for the contact initiator — which is why it's so cool to stealth our machines. But the problem with simple stealthing of port 113 is that we don't want to hurt the servers we are trying to contact when they turn around and send us their IDENT query. If they get no response at all from their port 113 query, our connection to them (which initiated their query in the first place) will be delayed or perhaps completely abandoned. Note that not all servers generate IDENT queries. So, depending upon your ISP, stealthing port 113 may not be any problem for you. However, you'll note that requirements for port 113 are common enough that most mature firewalls (BlackICE Defender, AtGuard, NIS2K, etc.) include built-in default rules allowing IDENT queries to pass through. These rules result in the IDENT's status being "closed" rather than "stealth." So what can you do? You may be able to remove or disable your firewall's default rule for IDENT (port 113) and run it in full stealth mode without trouble. If you do this, keep on the lookout for trouble connecting to less common servers, like IRC, which might have problems that you haven't encountered before. Or, you can leave the default rule in place and live with your system's IDENT service port being visible to the outside world. Be aware that this provides a means for intruders to detect an otherwise stealthed computer. And they'll know you're running a firewall since other things are stealthed, but not port 113. Or, you can switch to the very latest, highest technology, and best adaptive firewall which is smart enough to stealth this port against random probes, while still showing it as "closed" to queries from valid servers . . . My current favorite firewall — soon to be recommended — is the completely free ZoneAlarm 2.0 (ZA2) from ZoneLabs. ZoneAlarm is the only firewall I know of that's smart enough to stealth your ENTIRE machine while still allowing your remote servers to see port 113 as closed. Read the FAQ on his site |
|
If you are using a router, hopefully a firewall router, one way to block port 113 is have the router forward all 113 requests to a non-existant computer, such as 192.168.1.175 (where there is no 175). Then the requests are never answered and you are invisible to the requester. Not all routers let you manually set this, but the ones that do are worth the extra $20 or $30. |
|
Having "port 113 IDENT Closed" vs. stealthed is not the issue Gibson or Berlind makes it out to be. David Berlind’s mDDoS attack was not caused by having port 113 closed vs. stealthed. Gibson is not the internet security guru he claims to be. Much of the info on his web site is misleading or inaccurate. Forwarding port 113 to a non-existant IP on your LAN is a simple way to "stealth" it. Your first line of defense should be a correctly configured hardware firewall. The WinXP firewall is pretty useless. If you want a software firewall in addition to your HW firewall use Zone Alarm Pro or Sygate Pro. |
|
I forgot about this before: Is the router hooked up directly to the modem? If so, Port 113 is *probably* handled *only* by the router. It does not matter what firewall you are running on the computer, there is no way to block or stealth it in the software firewall. It can only be done within the router itself. As I pointed out before, if you have one of the better routers it will let you manually configure where you want Port 113 requests to go, and just point at it a non-existant computer so the requests will go unanswered. |
|
ZoneAlarm can't stealth your routers ports, only your computers ports. Software firewall programs will only block ports like 113 if the computer is DIRECTLY connected to the internet (internet+modem+computer+software_firewall). If the router is the connection (plugged into the modem), the computer is NOT directly connected to the internet, it is connected only to the router (internet+modem+router+computer). The router in this case handles Port 113 and whether it is open, closed, or stealthed. It has nothing to do with the computer or its software firewall program. The router handles Port 113 even when the computer is off (modem+router-computer) (assuming you have an always-on connection that does not have to be dialed-up). The only time a software firewall is your first (and only) protection is when the computer is directly plugged into the modem. Then you can use ZoneAlarm to stealth it. If you connect through a router, you must stealth it at the router. That's why routers with built-in user configured firewalls are better (internet+modem+router/firewall+computer). . |
Yes, that is correct. I didn't mean to imply otherwise. I should have added "only if directly connected to the internet." |