Closed ports instead of stealth ports


#1

After performing a port scan using the GRC shields up tool, my results were closed ports. On my old router, all my ports were stealth. Can anyone else verify this, or is it my setup?


#2

Yes, default action in OpenWRT is Reject, which sends RST back.
Stealth (at least for that tool) means, that traffic is dropped silently (nothing gets sent back).

You can change this behaviour under firewall, change WAN input to Drop.

Anyway it is not an real security concern and it depends on actual setup and services, which option would be best.
Both are equally secure, only difference would be that scanner will know that there is actually somekind of device with that ip.


#3

Thanks very much. After making that change, the ports now show up as stealth. I also noticed that “Forward” is set to reject, should I also change that to drop? I’m not sure what forward means in this context.


#4

A good scanner may even find out that there is a stealth device. The last router in the chain to you will not say destination unreachable. If the IPs in the subnet answer or create a destination unreachable you can deduct there is a stealth device because of no answer and no destination unrechable. Stealth won’t make you invisible but it will break some protocols quite nice. If you have to wait for a timeout because your host drops anything not expected you may think about this again.


#5

Point is, it would work for those websites.
Stealth does not mean it makes you completely invisible. There are still plenty of ways to detect if that ip is used and for what.


#6