Botnet scan

All stealth minus 22, 80, and 443 as expected.

get a non botnet ISP

>basically fresh windows 10 install
>this
I followed a guide I found here to disable some random telemetry services, uninstall bloatware, and disable forced updates. It basically consisted of editing registry keys. I then installed some random software (like iridium). That's the extent of my OS configuration.

>I am up and only port 646 isn't closed pls no bully

I have a similar port map (almost all ports are closed, but not stealthy). Am I being cucked by my ISP? Can I do something to turn all ports green?

...

I have UPnP enabled. All tests passed fully green.

>using "your" and "you're" correctly
what a newfag

kek

Stealth isn't better than closed. Both are pretty much equal in security.

Why are mine closed and not stealth?!

If all (or the more common) ports are "stealth", then you don't advertise your host as up. This will effectively foil many automated scanners' plans.
Also, advertising a port as closed means that your OS _does_ respond to to attack, and thus it's vulnerable to DDoS and so on.
Obviously this may or may not be relevant for you according to your usage case (server, residential router, remote webcam/surveillance system...)
For this specific usage case (residential IP) it's probably irrelevant. I suspect anyway it's a setting of the domestic "router".

Closed means that the port is available but nothing is listening on it, so the connecting machine got an error back. Stealth means that the port did not even reply.

fix your firewall user

>and thus it's vulnerable to DDoS and so on.
I'm not sure which you mean, but:

- If you mean that a PC can be DDoSed by receiving more packets than it can reject, doesn't dropping require a similar amount of effort, or only marginally less?
- If you mean that it signals to attackers that your host is up and running, and they are free to DDoS it: well, that'll be the case if you have ANY port open/closed. Which will be the case if you're offering some sort of service: if all your ports are stealth, that means none of them are open, in which case why are you even connected to the internet?

Unless I'm misinformed, in which case please do correct me

>This will effectively foil many automated scanners' plans.
Interesting. How does the website work, then? The scanner loses maybe a second or so per port, nothing major when he just has to scan the range for a single IP.
You aren't worse off, there's just no reason to feel safer.
Where's the security benefit in that?

>doesn't dropping require a similar amount of effort, or only marginally less?
no, dropping is way more efficient than rejecting, for all your server resources. even better, you could drop offending packets in the RAW table once they start hitting too much or once a botnet scan is revealed. dropping in RAW is almost equal to nullrouting.
>that'll be the case if you have ANY port open/closed.
open ports are reasonably configured only to accept this much from a single IP in a single timeframe, and then reasonably reject to friendly advertise to the connecting machine that they have to slow down. replying to all ports to tell that every single one of them is closed doesn't make much sense and is not really efficient for anyone.
>Interesting. How does the website work, then?
The port will be open and rules for that port will be considered.
>The scanner loses maybe a second or so per port, nothing major when he just has to scan the range for a single IP.
No. A scanner will have to wait until timeout and will effectively stall unless it's configured to wait only for little time (most will be configured so). A scanner does not go after targets that do no appear to be alive, so subsequent automated scans from that host will be less likely.
>You aren't worse off, there's just no reason to feel safer.
Server resources, advertising that your host is up and vulnerable to DDoS on $port is something you should consider when deploying services at large.

Bazinga!!

I guess the white dry cleaning vans are out now to "clean up". Hahahaha.

I have 2 open ports 22 and 80.
So???

>22 and 80
>not even port knocking to open 22
>not even 443 to serve websites
kek

>Gibson

Same here. But my UPnP isn't enabled for the outside network, so it's obvious it's not a problem.

So im safe?

well, if you were infected by some ransomware or some mining botnet the connection would be initiated on your side and the used port could still appear "stealth" to other third parties

Looks good.
If anyone ever figures out how to remotely hack a WiiU in sleep mode I'm fucked though, it's set as a DMZ.

>.dll
Hell no

Freshly installed. I guess im safe.

It only goes up to port 1055 so not necessarily. Try nmapping yourself from a server not on your network.

A URI's a bunch of text, and the guarantees are few and far between. They could name it .exe or .mp3 for all anyone cares, that doesn't mean that your browser send the request for an executable mime type, or some audio content type, or that the server is obligated to respond with that mime type.

Running nmap on yourself from a server not on your network or even going to shodan.io is better than this thing.

wait, was it a trap then or not`?

Just turn off ICMP in your router settings

Probably not no, you're getting scanned multiple times a day all around the world.

With powered off PS3 in DMZ

Am I good?

Without PS3 in DMZ

I got the good one. So I guess that's good.

>shodan.io
literal botnet, a constant presence in my ipset lists :^)

GRC Port Authority Report created on UTC: 2017-09-17 at 01:05:21 Results from scan of ports: 0-1055 2 Ports Open 0 Ports Closed 1054 Ports Stealth --------------------- 1056 Ports Tested NO PORTS were found to be CLOSED. Ports found to be OPEN were: 22, 443 Other than what is listed above, all ports are STEALTH. TruStealth: FAILED - NOT all tested ports were STEALTH, - NO unsolicited packets were received, - A PING REPLY (ICMP Echo) WAS RECEIVED

Am I being hacked?

I get this too.

>people doing the upnp test because it's presented with a GIANT BUTTON rather than the proper port test
nu-Sup Forums everyone

Got this too. I have a feeling this is just a placebo

the real test is "All service ports"...
>UPnP
>you hecking dumbos
you fucking idiots.

Eh guys, am I good?

I can nazi anything user

Phew.

Looks all Reich to me, user.

Oh shit! I'm laughing too hard!
>TFW you can't share the hilarity with anyone you know, because they wouldn't recognize a port scan if it were properly labeled and even then wouldn't care or recognize the effort
:(

...

...

is this bad? halp

kek
it's too late

GRC Port Authority Report created on UTC: 2017-09-17 at 03:36:54

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

can someone actually give me feedback

>THE EQUIPMENT AT THE TARGET IP ADDRESS
>DID NOT RESPOND TO OUR UPnP PROBES!

GRC Port Authority Report created on UTC: 2017-09-17 at 03:54:27

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

Shut up you double hecker dummy