|
Posted by Duane Arnold on March 11, 2005, 5:46 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> We have a NAT router with SPI protecting our small LAN.
>
> When I go to http://grc.com and run the shields up scan on common
> ports, it shows the following ports as open; 21, 23 and 80. If I run
> the scan again afew seconds later all ports show a stealthed. If I
> leave it for a few minutes and run the scan again the ports are open
> again.
>
> OK so the firewall is "reacting" to an intrusion attempt, but wouldn't
> it be better to be closed or stealthed the FIRST time an intrusion was
> attempted? Can anyone comment on this routers behaviour? I have never
> seen a router do this before, is it a potential risk, or is it being
> "smart"?
>
> Thanks
>
> Paul
>
>
What router are you talking about? Stealth means nothing to the router. The
machine or machines are *stealth* because they are behind the router. The
ports on the router are *closed* by default. The only way they are open is
due do a machine running a program and the program is making a solicitation
to a remote IP causing the port(s) to *ONLY* (especially true with SPI) be
open to that traffic. Or you have configured the router by doing port
forwarding to open and (leave open) to the public Internet specified
inbound ports for a specific program to listen on those port(s).
You should seek out some other testing sites and not depend solely on the
Gibson site to tell you what's happening with the ports.
And if the NAT router is like most NAT routers, then it's likely a NAT (no
true firewall) router with FW like features.
Duane :)
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map