|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Youtube video here One of the ways a home user can see if you are vulnerable for external attacks – especially if you have devices that allow for remo
[See the full post at: Tasks for the weekend – October 16, 2021 – what ports are open?]
Susan Bradley Patch Lady/Prudent patcher
Uhhh…why does clicking on that take me to a “browser reload suppressed” page at GRC?
That page complains and tells me to press my back button on the browser, but, of course, I cannot do that as I did not get to the page from somewhere within the GRC site but directly from the link in your post here.
(I don’t need to check as I know all ports GRC checks are closed but someone new to all this might get very confused with a bad link like that one).
That’s the same thing that happened to me… Is Susan subtly checking that we do actually hover over link to check where the URL will take us before clicking? 
You know, the good old “I wanted to see if you are paying attention“. 
Anyway, the good part is that all tested ports turned out to be “stealth” here and the UPnP Exposure Test did not reveal anything strange.
Regarding ICMP Echo, see THIS ASK WOODY TOPIC
Each port is in one of three states:
Apple Mac OS X | Nmap Network Scanning
But as Paul says, this is scanning the edge of your network, so it’s looking at your ISP router/modem.
Susan Bradley Patch Lady/Prudent patcher
An open port responds to incoming data requests. By default, when you buy a router at a retailer, the router will have no open ports. Only a router/gateway from an ISP will ship with any open ports.
A closed port responds to queries saying that it is closed.
A port in STEALTH status never responds.
Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com
Just be aware that this only tests your network gateway device connected directly to the public network, such as your modem/router and its associated NAT firewall at the public IP address assigned by your ISP.
If your PC is located behind a router on a private network, the Shields Up server cannot test your PC ports. They are already hidden from the public internet.
Windows 10 Pro 22H2
Applicable to ALL windows users.
The ‘Instant UPnP Exposure Test’ only checks the router.
Remember the Windows OS also has UPnP as well..
Fortunately Steve Gibson offers a freeware UnPlug ‘n’ Pray utility to disable the Windows internal UPnP which is on by default
(only 22kb in size and portable)
https://www.grc.com/unpnp/unpnp.htm
why have something open, facing the ‘world wild web’ when it’s not required? it can easily be reversed should you ever need the service.
Way back 22 years ago when I got my first computer, I worshiped Steve Gibson but I guess I have gotten a bit sloppy/forgetful as I have aged into elder-hood and it looks like I never used that little UPnP utility on this computer so it was ON…ugh. Off on the router but my router is rather old now and I might need, one day, to connect directly to the internet while I waited for a new router to arrive and what if I didn’t remember to check GRC and this sort of thing then?
So, this just illustrates one of many good reasons why a site like this is so valuable. Mahalo! 
Edit: I think it a bit sad that Microsoft tried to scare me into not installing that little utility simply because it did not come from the Microsoft Store. I do have “warn me” when installing apps, etc from outside Microsoft Store checked but still…. 
Do not put a Windows computer directly on the Internet. That is, do not connect it to a modem, always connect it to a router or gateway (combination modem and router). While there is a firewall in Windows it has as many holes as Swiss cheese.
Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com
Some thoughts on this:
The UPnP Exposure test is very important as it is a HUGE security hole. Huge. UPnP was intended to be a LAN-only thing but some routers were so miserably configured that it was exposed to the Internet. This is the only such test, as far as I know. Even if UPnP is disabled in your router, you should still run this test.
In terms of the status of ports Shields Up is the best such tester as it is very clear on whether a port is Closed (bad) or Stealth (good). Nmap terminology requires a translator to understand. However, the list of tested ports is about 12 years old and has not been updated, so it is is not nearly as useful as it could/should be. Gibson has moved on from ShieldsUP and not made any changes in, well, forever.
The test of a thousand ports can yield a false positive as some routers detect the mass connections and shut down everything.
There are more ways to test a router, both from the inside and the outside here
https://www.routersecurity.org/testrouter.php
There are just over 65,000 TCP ports. There are also just over 65,000 UDP ports. Shield sUP does nothing for UDP ports.
To be clear, this tests the firewall in a router or gateway (combination modem/router). It does not test a stand-alone modem. It will only test a computer if it is directly connected to a modem, which is a really bad idea.
The one exception to the above is if the test is run from a computer that is connected to a VPN. In that case, ShieldsUP is testing the VPN server, not your router. Ditto for Tor.
Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com
I found GRC “Shields Up” to be handy back in the days when I was still using a dial-up modem and Win95/98. There was no way to avoid being directly connected to the internet using that modem. The public IP address was directly attached to the PC. And it was scannable from the public network. So if you left a port open, oops!
So I always made sure to run a software firewall, and scan the ports to make sure I was stealth.
Nowadays it is best to check that your router is securely locked down on the WAN side, and your devices on the private network LAN are getting their internal IP address from your router. Your internal network should be completely “stealth” by default as far as the public network can see.
For further info on this topic, look up NAT (Network Address Translation), which is what your router is doing when it allows outbound/inbound WAN connections from your private IP address on the LAN.
Windows 10 Pro 22H2
I am currently in a rental property. Ran shields up and all the ports were closed. UNPNP is not on. But the ping test responded. What does this mean? Is there anything I can do about it?
I checked with the landlord – they have the Xfinity router and config. He had changed the name of the router. I asked about the password, he wasn’t sure. I tried to logon with the default userid and password. It let me in 
So I marched (ok, well I walked) downstairs and had him update the password – as soon as you logon with the default, the router said you need to change it, it wouldn’t let you proceed beyond that. I looked at all the devices on the network and it appears that they are all valid.
there were two unnamed Mac addresses but one of them was Amazon and the other was the same as the router – the satellite device. But I haven’t connected my Windows computer yet because I’m a little leery. Can I safely connect the computer I will run Nord VPN.
I tried to do a hotspot on my phone but Wi-Fi hotspot is greyed out. Turn Wi-Fi off and personal hotspot on iOS 14.something
thanks Donna
One more question ; )
Now mind you the attackers can still get you with browser attacks and phishing these days so I’d argue that this “direct attack” method is less likely to occur these days, but especially if you have older tech that relied on specific ports to be open, this is still a quick and dirty tool to use to check that your outside edge of your network is what you expect it to be.
what is direct attack?
A “direct” attack on your computer should only be possible if you are directly connected to the public network using a public IP address, such as when you are running a web service.
If your computer is not directly connected to the public network, then browser attacks and phishing are much more likely ways to get you than a direct attack.
Here are some examples of attacks that can be carried out directly.
https://www.cloudflare.com/learning/ddos/glossary/internet-control-message-protocol-icmp/
Windows 10 Pro 22H2
Failing the ping test at ShieldsUP is not a big big deal. It just means that your public IP address can be identified as live. Most every router/gateway has an option to turn this off, but the terminology will vary.
Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com
put your own router in between perhaps. The way I see it you are on a public wifi network. I always used my own router whilst attending class with a living facility with wifi. The locals are not IT pros just hotel staff, with hundreds of techie guys/gals a the facility from all over who is to trust??
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Notifications
