Online port scan failure

[vryni]

Having installed nftables on my desktop

Linux debian 4.19.0-9-amd64 #1 SMP Debian 4.19.118-2 (2020-04-29) x86_64 GNU/Linux

I did an online port scan with the following results :

GRC Port Authority Report created on UTC: 2020-05-12 at 09:07:29

Results from scan of ports: 0-1055

0 Ports Open
15 Ports Closed
1041 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be CLOSED were: 1036, 1038, 1039, 1041, 1043,
1044, 1047, 1048, 1049, 1050,
1051, 1052, 1053, 1054, 1055

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

Being uninformed on this subject

I'd appreciate your insight on the severity of these failures

and suggestions on how to repair them

[kedaha]

Hi,
I think that must be the default configuration of your router which leaves those particular ports visible to the outside world, unless you have configured the router yourself.
I don't think it poses a risk at all, since you are not running a server, even with a default Debian desktop environment. I also think it would be virtually impossible for any remote exploit because only you can log on to your system locally while remote login and root access are impossible without ssh access for which port 22 would have to be opened both in the router and the ssh server would need to be installed and configured on your desktop system as well.
Did you run the scan both before and after making any changes?
Out of curiosity I have just done a similar scan of one of my machines, which reports:

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet.

And I haven't bothered to install or configure any firewall software apart from the defaults. But it's a desktop system, not a server, which would certainly "fail" the scan because it has to be visible to the wide, wide world.

[Head_on_a_Stick]

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

A response to an ICMP request is not generally considered to be an issue. And as kedeha notes that site is just scanning your router, the Debian box is behind the hardware firewall (NAT).

[vryni]

I have a little confession to make

I used my smartphone for tethering - for web access
instead of using a modem, while making the port scan

I know i should have mentioned this

How does that change the picture ?

[Head_on_a_Stick]

s/router/smartphone/g