Stealth your Computer Ports
Port
Stealthing is a security feature whereby ports on an Internet
connected PC are hidden from sight, evoking no response to
opportunistic port scans.
General Note: Your computer
sends and receives data to other computers and to the Internet
through an interface called a 'port'. There are over 65,000
numbered ports on every computer - with certain ports being
traditionally reserved for certain services. For example, your
machine almost definitely connects to Internet using port 80 and
port 443. Your e-mail application connects to your mail server
through port 25. A 'port scanning' attack consists of sending a
message to each of your computer ports, one at a time. This
information gathering technique is used by hackers to find out
which ports are open and which ports are being used by services on
your machine. With this knowledge, a hacker can determine which
attacks are likely to work if used against your machine.
|
Stealthing a port effectively makes it invisible to a port scan. This differs from simply ‘closing’ a port as NO response is given to any connection attempts (‘closed’ ports respond with a ‘closed’ reply- revealing to the hacker that there is actually a PC in existence.) This provides an extremely high level of security to your PC. If a hacker or automated scanner cannot 'see' your computers ports then they presumes it is offline and move on to other targets. You can still be able to connect to Internet and transfer information as usual but remain invisible to outside threats.
Comodo Firewall provides a user with flexible stealthing options.
- Click on 'Stealth Ports' link in Firewall Tasks
You have two options to choose from:
Block incoming connections
Selecting this option means your computer's ports are invisible to all networks, irrespective of whether you trust them or not. The average home user (using a single computer that is not part of a home LAN) finds this option the more convenient and secure. You are not alerted when the incoming connection is blocked, but the rule adds an entry in the firewall event log file. Specifically, this option adds the following rule in the 'Global Rules' interface:
Block And Log| IP | In| From Any IP Address| To Any IP Address | Where Protocol is Any
If you would like more information on the meaning and construction of rules, please click here.
Alert incoming connections
You see a firewall alert every time there is a request for an incoming connection. The alert asks your permission on whether or not you wish the connection to proceed. This can be useful for applications such as Peer to Peer networking and Remote desktop applications that require port visibility in order to connect to your machine.
Specifically, this option adds the following rule in the 'Global Rules' interface:
Block| ICMP | In| From Any IP Address| To Any IP Address | Where Message is ECHO REQUEST
If you would like more information on the meaning and construction of rules, please click here.