# Stealth Test Failed, not all ports are Stealth



## peiraster (Jul 5, 2007)

I regularly check my ports by going to the following link and clicking "All Service Ports":
http://www.grc.com/x/ne.dll?rh1dkyd2

I always pass the Stealth Test but today I found that it failed with the results copied below. I use NIS2007 and never changed any firewall setting or any other config. Does this pose a security threat? If so, how to fix it? Thanks

Results from scan of ports: 0-1055

0 Ports Open
2 Ports Closed
1054 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be CLOSED were: 1048, 1052

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.


----------



## Slapshot (Feb 3, 2008)

Doesn't look to bad..
As long as all your ports are closed/stealth.

What 2 ports are closed?


----------



## peiraster (Jul 5, 2007)

Slapshot said:


> What 2 ports are closed?


 As mentioned in my opening post: Ports found to be CLOSED were: 1048, 1052


----------



## johnwill (Sep 26, 2002)

Those are odd port numbers to suddenly pop up. I'd probably want to know why...

It would help to know the exact make/model of the modem, any router, etc.


----------



## Slapshot (Feb 3, 2008)

Those aren't important ports. They are secure enough. As long as the important ports (ie; 23) remain stealth, you should be fine.


----------



## johnwill (Sep 26, 2002)

Sorry *Slapshot*, but I don't agree with your hasty assessment. Malware can be running on the computer and use any port number.


----------



## Slapshot (Feb 3, 2008)

The port is still closed.


----------



## johnwill (Sep 26, 2002)

Slapshot said:


> The port is still closed.


That still doesn't explain why it appears as all.


----------



## Cellus (Aug 31, 2006)

Open the command prompt (Start -> Run... -> type _cmd_) and enter in the command _netstat -a_ . See if ports 1048 and 1052 show up, and if so, tell us what it says.


----------



## Tekmazter (May 22, 2008)

I would recommend you run your own port scan from a separate system using nmap. Learn the different types of scans. There are some scans SYN for example which waits for a reponse to see if it's open. However, there are other types of scans which can be run which will attempt to prop open a port to see if it's actually open and being actively filtered for something specific etc... 

This is a perfect time to dig around with a great tool like this.


----------



## kirk99 (Jun 7, 2008)

I also have the same problem(once stealth ports now only closed) and I'm running McAfee Security Center Firewall in stealth mode.

Ports 1-103 are the ports with the changed status.

I ran GRC Shields Up and got those results. I am really worried. Can someone please advise??


----------



## af3 (Jun 18, 2008)

Closed or stealth are fine. It may be your cable modem or DSL modem that are responding on those ports. The only thing you can really do is hope that your ISP put a firm password on the device and changes it periodically.


----------



## kirk99 (Jun 7, 2008)

Thank You. I had been lead to believe that Closed was bad because someone now knew you where there.


----------



## af3 (Jun 18, 2008)

That is true, you are not hidden. Unless you have your own private T1 line without any servers running, you won't be stealth without your modem unpluged. Your ISP needs some way to configure your modem remotely. For example, my modem appears to be running a FTP and a SMTP server.


----------

