Avatar of MrGD
 asked on

Advantages of Stealth ports vs Closed

I was working on a PC recently and ran a quick firewall test using Shields Up.  Oddly enough, most of the ports came back as closed and maybe a half dozen were identified as Stealth.  Usually when I run this test on someone's PC most if not all of the ports show Stealth.  Are there any security concerns or pitfalls of this type of configuration?  Did not have time to start figuring out what they had installed, they are not tech savvy at all and could not tell me what was installed,  is it possible there is no firewall and they are relying on just a software firewall?  They are have a PC connected via Ethernet and a mesh wireless system installed for portable devices.  Something is handing out IP addresses although I have never seen a home network hand out IP addresses starting with 10.x.x.x which this one is doing.
VulnerabilitiesSoftware FirewallsSecurity

Avatar of undefined
Last Comment

8/22/2022 - Mon

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Dave Baldwin

For what it's worth, both my Comcast and CCI modems use 10.x.x.x/24 configurations so it isn't that uncommon.  Qlemo's info is right though.
Dave Baldwin

And... thru the CCI DSL modem, only 5 ports are 'stealthed'.  Thru the Comcast cable connection, Everything but ports 80 and 443 are 'stealthed'.
Jon Snyderman

This is an interesting question as it always raises many heated debates with security experts.   IMHO, it comes down to this.   If you go stealth, they KNOW something is there and is trying to hide.  Detecting what that is is not difficult.   Closing the port does sometimes unveil the hardware, but if it is a good solution, this should not be a problem.  The difference is hiding in the corner and hoping nobody finds you (but they will) vs standing up and actively defending the turf.    Remember that, in a scan, stealth ports DO NOT look the same as no response at all, so its really just a light veil over the hardware.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy

I agree on the "heated" part, but cannot follow the explanation for stealth. Stealth ports do not show any response, closed ports result in a RST - immediately.
Dave Baldwin

Stealth ports do not show any response
That's also what I believe.

When one of my clients was having PCI scans done, we found out the that particular company couldn't do them on Godaddy hosting because Godaddy had some kind of software running to confuse port probing.  I'm not certain but I think it was switching between 'closed' and 'stealth' on otherwise unused ports to confuse the people that might be trying to break in.

I wish I could give some bonus points for additional supporting information to others, but this seems to be correct based on what others have posted here and was first.  I thank everyone for their help.  That participation is what makes this site so valuable.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.