grc.com shieldsup test

Since I found out about the ShieldsUp! test at grc.com I have run it a couple of times.

It always made me wonder why all the ports showed up as closed but never as stealth. Additionally the test showed that a response was received for the ping test.

I have a Dynamic DSL connection networked to 4 machines through a Linkys BEFSR41 Router/Switch. Zone Alarm Pro on all 4 machines with TCP/IP bound only to the LAN adapter. File and Print Sharing is bound to NetBEUI.

With the setup above I was concerned that I was missing someting obvious (read as BIG GAPING HOLE) somewhere in my network setup.

After comparing the 10.100.xxx.xxx address my Router has for a WAN Address with the 216.221.xxx.xxx address that ShieldsUP! reports it is scanning the following occurs to me:

I know that the Dynamic DSL I have is nonPPOE, with a non-routable IP.

I would assume that with a setup like that my ISP probably uses a NAT router working on a similiar principle to my Linksys Router; i.e. that my DSL 10.100.xxx.xxx address is a private range and does not correspond to any particular public IP Address - the ISPs NAT router handles those requests as presented to it.

So it would seem that the 216.221.xxx.xxx address that Shieldsup! test is reporting is the IP address of one of my ISPs NAT routers and the results represent that specific router.

Does it sound like I'm on the right track here?

So I have a mental picture as such:

Internet-->ISP NAT Router-->MY DSL CIRCUIT-->LINKSYS NAT ROUTER --> Firewalled PC.

I would really like to know if there is a way to just obtain the response of a test such as ShieldsUp! only on my setup. I would like to run the test without the ISPs NAT router in the picture. I want to know how my setup reacts when queried directly.

Anyway to do this?

Cheers,

ICE.

 

Shield's Up is testing your LINKSYS NAT ROUTER, not the ISP NAT Router.
You would have a tough time getting your ISP's router out of the way, you need to take your router out of the way.

 

Hmm,

When I run the test at ShieldsUp! it states: "Your computer at IP address 216.221.96.233 is being profiled." A traceroute shows this address to be nat3.srt.com.

This takes place even without the Linksys Router connected. My Dynamic DSL IP is in the 10.100 range, so it doesn't seem to be profiling any machine on my DSL line.

Furthermore even if I turn off my firewall on a pc hooked directly to the DSL line - the test still reports all ports as closed which shouldn't be the case, should it?

Cheers,

ICE

 

iceolated

I would like to ask a favor of you.

Please try going to Symantec.com and run their port test.

I myself have the same questions so it would be interesting to know the results you get from Symantec.

In the meantime I will try to find the other Thread that I wrote about this.

BillyBob

 

From another thread that I replied to

Sygate can't even find my machine. Due to ( it says ) the Router.

Symantec can't find the ports either for the same reason.

Gibson lists some 25 ports and all as being closed or Stealthed.

Securitymetrics does the same.

Now a question.

" Who in heckl am I supposed to believe/trust out of the above " ?

BillyBob

 

BillyBob,

I get the same result from symantec as I do shieldsup! - It reports it is testing an IP address of 216.221.96.233 (nat3.srtnet.com) and shows all ports as closed but does respond to ping requests.
My 10.100.x.x address for my DSL is referenced nowhere in the test results - seems like the port scan gets stuck at my ISPs NAT router or can't get past it due to the nature of NAT.

Again, this is with a single machine hooked straight to the DSL modem - no router connected - no firewall enabled on the PC. I get the exact same results if I run the test with my my router and 5 machines connected to my DSL modem....the test reports the same IP address as being tested with the same ports shown as closed.

This further leads me to beleive that since my 10.100 IP address is not routable none of these test will give me an accurate view of how vulnerable any of my computers are.

Cheers,

ICE

 

That is dangerous ?

If you get the same results with or without the Router then there has to be something VERY different between our setups. It could be DSL vs Cable. I do not Know.

Do you have a Router/Switch or a Router/Hub ? They are different.

Don't take this as Gospel but it reads almost like you have a HUB and not a Router.

But I just ran the 4 tests on my 98SE machine and got the same results as on this XP machine.

But what still puzzles me is that two sites report they can not get to me because of the Router and the other two appear to get past it.

I also wonder about the accuracy.

BillyBob

 

I also tried the tests at Securitymetrics and Sygate. I tried the tests with one machine and no router and with 5 machines and router hooked up. I tried the test from different machines each time. 98,ME,XP and all machines had their firewall programs turned off.

All of the sites say they are scanning 216.221.96.233 (nat3.srtnet.com) and return the status as closed for all ports.

I trully believe that these tests are scanning my ISPs NAT server (it is the NAT server's IP address after all) and not getting to my local machines.

In your case BB,

If you have a Static IP or Routable Dynamic IP bypassing your router should let the tests 'hammer away' at your individual machines. As to which tests to believe...I'm sure some are more accurate than others. We know that closed is good - stealth is better but if everything shows up as stealth or closed without the router connected that's great - if you hook the router up and tests say they can't find your ports....better still!!

I'm calling the IT department at my ISP today - see what they have to say about my dilema - the mystery continues.

 

- I have firewalls I just turned them off to see if the tests were actually getting to my machine or if the firewall was blocking them.....All my computer run with software firewalls normally.

I do have a Router with a built in 4 port switch - Linksys BEFSR41 - I bought the router becuase of the 'extra' protection of NAT. At the time my ISP only provided one dynamic IP and I needed 5 - The router was also a way hook the additional machines without paying for IP addresses.

What I do know about my 10.100 DSL IP address is we are told that it is non-routable. We don't use a PPoE setup with my DSL nor a proxy server. I think the non-routable aspect of the IP is what makes the online tests unable to trace back to my machine. I am almost positive that if I switched to a static address the results would be much different.

Cheers,

ICE.

 

Hub vs Router question settled. No more questions there.

Same one I have and for the same reason(s)

Question;

Have you changed settings anywhere on the Router ?

I left mine to the default settings and have never changed them.

I was looking at the incoming log on the Router today and WOW ! It sure does blocks at a lot of stuff.

Another question on something I just noticed and something I recall from one of your posts.

How so you get 5 machines plugged into a Linksys BEFSR41 4 port Router ?

BillyBob

 

I haven't changed any settings on the Router.

Easy!! - Typo - I do have 5 machines but only 4 are plugged in at any one time - the Fifth is an older box that I have Mandrake 9 on - but that is another ordeal.

Cheers,

ICE

 

After a call to the IT department and a little reading on my own I have found that the 10.100 address I have for DSL is indeed a private address much like the 192.168 that routers use.

Since that private address is useless on the Internet that is why none of the online security tests get past the NAT router that my ISP uses. So in essence when I run the tests they test the NAT router of my isp and don't even get to my router or computers.

Even if I could bypass my ISPs NAT router (not likely) I would still have to bypass my router in order to get an accurate read of my machines.

Well, on to the next challenge.

Cheers,

ICE.

 

Well hello TonyT and thank you for the info.

But I have enough problems with three units and 4 kids from next door.

Plus I can't keep track of the cables ( two under the floor and one across it sometimes ) I have now. Do I really need to add any more

Of course I could dig out my old hub and throw a couple of more units together.

Naw. I would rather spend my time TRYING to beat my Wife at a game of Golf.

BillyBob