Security Focused? - many ports closed, responds to ping?
Device: Firewalla Gold in Router mode.
I'm surprised for a security focused device that it would natively respond to ping and all ports wouldn't be hidden unless explicitly opened.
I see this article to block ping, but in my opinion it should be a default setting and should be via a toggle to allow. I shouldn't have to edit and figure out how to script something to always block ping.
https://help.firewalla.com/hc/en-us/articles/360051624994-Guide-How-to-disable-ping-on-WAN-interfaces
Using a site I've used for years called Shields UP grc.com I'm seeing many ports in a closed state vs a stealth state, I've had much cheaper routers just block all of this unless I explicitly open and forward a port. I'm a novice so maybe this isn't a big deal but if a simple scan reveals this much then someone smarter then me that has obtained my IP address surely could attack the device to find a weakness and potentially gain access? Shouldn't a firewall in nature block all of this by default unless I open something?
GRC Port Authority Report created on UTC: 2020-10-16 at 16:35:31
Results from scan of ports: 0-1055
0 Ports Open
74 Ports Closed
982 Ports Stealth
---------------------
1056 Ports Tested
NO PORTS were found to be OPEN.
Ports found to be CLOSED were: 0, 1, 2, 3, 4, 5, 6, 22, 32,
62, 63, 92, 93, 121, 122, 150,
151, 181, 182, 208, 211, 236,
238, 266, 267, 296, 297, 327,
328, 356, 357, 386, 387, 416,
417, 448, 479, 510, 511, 540,
541, 570, 571, 600, 601, 631,
632, 661, 662, 691, 692, 721,
722, 751, 752, 782, 783, 810,
812, 835, 837, 864, 865, 895,
923, 926, 954, 955, 984, 985,
1014, 1015, 1044, 1045
Other than what is listed above, all ports are STEALTH.
TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.-
I assume you are talking about the Gold;
The WAN ping problem is a bug that will be fixed in 1.971, which is coming up very soon. It will be off, until you turn it on. As of other ports, the Gold has a default ingress firewall, you can see that by tapping on the rules button. The ingress firewall by default will block all traffic coming in.
-
Correct assumption for Gold device. I must have edited after your quick reply.
The the default rule Block Traffic from Internet enabled on all devices is the rule you mean? I guess I would have expected the results of the scanner to resolve everything in a stealth mode but maybe that is my novice view thinking.
-
Tap on rules, tap on "all devices", you will see two set
1. Block Traffic from the Internet, this is the rule that's the "ingress firewall". This is stateful.
2. Active Protect Rules. These are rules that automatically block both in and out sites that bad by default.
Scanner have different ways of presenting things; As of GRC, we absolutely have no idea how it is doing the scan, and that site itself is definitely not a good example of a clean design
-
I agree. I use GRC to test open ports and I have a image of a strange scan. But the post won’t let me attach a image. My Gold has been doing a great job of blocking bad IP addresses. I have 93 blocked in just 4 days. It is strange that it responds to ping requests and the firewall we have at work will actively block you if you ping the box more than once. I accidentally blocked myself running some tests.
I can send you my screen shot if you want to see.
-
I agree that by default Firewalla Gold should not respond to ping, and it should silently drop traffic on the outside interface(s). Internally, I generally use Reject so that I get the error immediately and know that it's likely a firewall problem vs something.
Personally I leave ping open on the outside interface so that I can monitor my network connection externally, but I have it geoblocked to US.
Please sign in to leave a comment.
Comments
5 comments