stealth all ports

mapuche2012
mapuche2012 used Ask the Experts™
on
How do I stealth all ports? Windows 7/Windows XP Pro. (Various security apps.)
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
One simple way is to use the Windows Firewall.

netsh firewall set opmode mode=ENABLE exceptions=DISABLE

On command prompt will set the firewall to no exception mode. No inbound connections will be accepted.

This should work on Windows XP, Vista and 7.
The command requires an admin/elevated account to perform.

Windows 7 may show a "this command is depricated" message, but it works anyway.

To return to normal firewall operation (exceptions allowed) use:

netsh firewall set opmode mode=ENABLE exceptions=ENABLE

Dave HoweSoftware and Hardware Engineer
Commented:
Don't bother, honestly.

"stealth" is one of those supposed beneficial states of the firewall that in fact have little or no advantage against real world attacks, and unless your firewall is 100% stateful, is going to fail when you are using ports for real-world web activity anyhow.

sending a RST is harmless, although blocking ping can block some of the cruder attacks from even starting a port scan, so is potentially worthwhile. Unless the firewall is true stateful (and most aren't, including the windows one) an ack scan (as opposed to a syn scan) will usually give a RST anyhow. if you have ports open, that's a different matter, but then, those ports won't be/can't be "steath" anyhow.

Author

Commented:
I cannot agree. In today's world, where even the protection software is more or less a hoax, one should try to hide as much as possible using the operating system tools.

Free ZoneAlarm and AdAware are good examples, these are widely used, but what do they do? Next to nothing.

netsh advfirewall firewall set opmode mode=ENABLE exceptions=DISABLE is a good start, but using accepted test tools, port 80 (and 22) are still shown.

On Vista/Windows 7 the command results in:
IMPORTANT: "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .

The requested operation requires elevation (Run as administrator).

This command replaces the old:
netsh advfirewall set currentprofile firewallpolicy blockinboundalways,allowoutbound

I have done this, and will test.

Some security testsites:
http://www.whatsmyip.org
http://www.grc.com
http://www.auditmypc.com/
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Author

Commented:
I have to increase the value of this.
I really would like to "stealth" my PC. If I cannot close port 80 (and 22) what about trying to somehow show/forward calls to false IP-addresses? Would that be possible, and if so, how?
IF you are running any services over port 80 and 22 or any other port for that matter, then it would be impossible to stealth ALL of those ports, otherwise incoming connections wont be accepted. If you are not running services on those ports then there is no reason for exceptions in the firewall. Therefore all services would be set to stealth if your firewall supports a 'stealth' mode

Author

Commented:
Personally I am not running ANY services on port 80 and 22, but my proxy provider must be. The only explanation I can have is that the proxy provider is running some kind of hidden service from my pc? I have not been able to determine if Windows Firewall or Comodo Firewall (which I am using) are able to stealth my ports, b. ut at least they are in theory able to say that all ports should be closed except those I open myself. This I have done but still these two ports are open??
It seems very strange if a third party was able to override my setup! Then they would have to be logged in as (super)administrator, not just part of the administrator group.
Top Expert 2014
Commented:
You can't stealth a port that you are running a service on because that port must respond.  So if you are running a web server that listens on port 80, you can't stealth port 80.

If you are not running a service on port 80 (normally a web/http server) or port 22 (normally a ssh server) and these are showing up as open on a port scan from the internet, then something between your computer and the Internet, must be responding to probes on those ports.

What is between your computer and the Internet?  It could be a cable modem, ADSL modem, or a firewall.
Dave HoweSoftware and Hardware Engineer

Commented:
usual cause of a true (not false!) positive on ports 80 and 22 is a cable or broadband router - typically, they have those two ports open for administration, and will respond (either with a syn/ack or a rst) even if the router is "stealth"

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial