Link to home
Create AccountLog in
Avatar of MrGD

asked on

Advantages of Stealth ports vs Closed

I was working on a PC recently and ran a quick firewall test using Shields Up.  Oddly enough, most of the ports came back as closed and maybe a half dozen were identified as Stealth.  Usually when I run this test on someone's PC most if not all of the ports show Stealth.  Are there any security concerns or pitfalls of this type of configuration?  Did not have time to start figuring out what they had installed, they are not tech savvy at all and could not tell me what was installed,  is it possible there is no firewall and they are relying on just a software firewall?  They are have a PC connected via Ethernet and a mesh wireless system installed for portable devices.  Something is handing out IP addresses although I have never seen a home network hand out IP addresses starting with 10.x.x.x which this one is doing.
Avatar of Qlemo
Flag of Germany image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
For what it's worth, both my Comcast and CCI modems use 10.x.x.x/24 configurations so it isn't that uncommon.  Qlemo's info is right though.
And... thru the CCI DSL modem, only 5 ports are 'stealthed'.  Thru the Comcast cable connection, Everything but ports 80 and 443 are 'stealthed'.
This is an interesting question as it always raises many heated debates with security experts.   IMHO, it comes down to this.   If you go stealth, they KNOW something is there and is trying to hide.  Detecting what that is is not difficult.   Closing the port does sometimes unveil the hardware, but if it is a good solution, this should not be a problem.  The difference is hiding in the corner and hoping nobody finds you (but they will) vs standing up and actively defending the turf.    Remember that, in a scan, stealth ports DO NOT look the same as no response at all, so its really just a light veil over the hardware.
I agree on the "heated" part, but cannot follow the explanation for stealth. Stealth ports do not show any response, closed ports result in a RST - immediately.
Stealth ports do not show any response
That's also what I believe.

When one of my clients was having PCI scans done, we found out the that particular company couldn't do them on Godaddy hosting because Godaddy had some kind of software running to confuse port probing.  I'm not certain but I think it was switching between 'closed' and 'stealth' on otherwise unused ports to confuse the people that might be trying to break in.
Avatar of MrGD


I wish I could give some bonus points for additional supporting information to others, but this seems to be correct based on what others have posted here and was first.  I thank everyone for their help.  That participation is what makes this site so valuable.