Having installed nftables on my desktop
Linux debian 4.19.0-9-amd64 #1 SMP Debian 4.19.118-2 (2020-04-29) x86_64 GNU/Linux
I did an online port scan with the following results :
GRC Port Authority Report created on UTC: 2020-05-12 at 09:07:29
Results from scan of ports: 0-1055
0 Ports Open
15 Ports Closed
1041 Ports Stealth
---------------------
1056 Ports Tested
NO PORTS were found to be OPEN.
Ports found to be CLOSED were: 1036, 1038, 1039, 1041, 1043,
1044, 1047, 1048, 1049, 1050,
1051, 1052, 1053, 1054, 1055
Other than what is listed above, all ports are STEALTH.
TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.
Being uninformed on this subject
I'd appreciate your insight on the severity of these failures
and suggestions on how to repair them
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Online port scan failure
Re: Online port scan failure
Hi,
I think that must be the default configuration of your router which leaves those particular ports visible to the outside world, unless you have configured the router yourself.
I don't think it poses a risk at all, since you are not running a server, even with a default Debian desktop environment. I also think it would be virtually impossible for any remote exploit because only you can log on to your system locally while remote login and root access are impossible without ssh access for which port 22 would have to be opened both in the router and the ssh server would need to be installed and configured on your desktop system as well.
Did you run the scan both before and after making any changes?
Out of curiosity I have just done a similar scan of one of my machines, which reports:
I think that must be the default configuration of your router which leaves those particular ports visible to the outside world, unless you have configured the router yourself.
I don't think it poses a risk at all, since you are not running a server, even with a default Debian desktop environment. I also think it would be virtually impossible for any remote exploit because only you can log on to your system locally while remote login and root access are impossible without ssh access for which port 22 would have to be opened both in the router and the ssh server would need to be installed and configured on your desktop system as well.
Did you run the scan both before and after making any changes?
Out of curiosity I have just done a similar scan of one of my machines, which reports:
And I haven't bothered to install or configure any firewall software apart from the defaults. But it's a desktop system, not a server, which would certainly "fail" the scan because it has to be visible to the wide, wide world.Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet.
DebianStable
Code: Select all
$ vrms
No non-free or contrib packages installed on debian! rms would be proud.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: Online port scan failure
A response to an ICMP request is not generally considered to be an issue. And as kedeha notes that site is just scanning your router, the Debian box is behind the hardware firewall (NAT).vryni wrote:TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.
deadbang
Re: Online port scan failure
I have a little confession to make
I used my smartphone for tethering - for web access
instead of using a modem, while making the port scan
I know i should have mentioned this
How does that change the picture ?
I used my smartphone for tethering - for web access
instead of using a modem, while making the port scan
I know i should have mentioned this
How does that change the picture ?
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times