Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Stealth all ports in Kaspersky and configure it for max security.

  1. #1
    Join Date
    Dec 2010
    Location
    India
    Posts
    688

    Stealth all ports in Kaspersky and configure it for max security.

    There are many kis lovers and fanboys in our forum. I am also currently using kaspersky 2011. If using kasperskys default settings you try to do any leaktest like Grc ShieldUP! you will fail as all your ports wont be stealthed, although some will be and some will remain closed. The stealth ports will keep on changing. So to make all your ports stealth follow the guide.
    1- Open Kis
    2-Go to settings-- select firewall
    3-Under network rules select settings
    4-Go to packet rules tab
    5-Look for the entries any "Any incoming TCP streams" and "Any incoming UDP streams".
    6- Now right click on the permissions column and select "blocked" for both of them.
    7- This would stealth all your ports.
    {Pls check the post of "Jeremy" before you use this feature"}
    If u are further security conscious you can also set "ICMP Echo reply(in) to blocked so your computer does not respond to pings.


    Thats it your kaspersky has gotten more secure.
    Last edited by avibky; 23-10-11 at 07:02 PM.

  2. #2
    Join Date
    Feb 2010
    Location
    New Delhi
    Posts
    2,042
    Thanx bala.

    But you cannot block each and every port. Loads of applications need open ports to work properly. So unless you are sure of the consequences of blocking each port, a average user should stay away from this.

  3. #3
    Join Date
    Dec 2010
    Location
    India
    Posts
    688
    No avi instead of remaining in closed mode it gets stealthed.

  4. #4
    Join Date
    Nov 2010
    Location
    United States
    Posts
    492
    Just think of the Internet as the outside world, and your ports as your house. To completely protect your house, you'd have to have no doors or windows. Now while you'd be perfectly protected, you'd have no access to the outside world, and the outside world would have no access in to your house. Therefore you need to have windows and doors in able to allow information in and out. You can stealth those windows and doors, but they are still there. Now you can get a security system for your house to warn of an intrusion, but a security system isn't going to stop all intruders. Some will just ignore it and get through.

    So as Avi said you need open ports to communicate, and yes you can stealth those ports and it can help, but if you have open ports, stealth or not, you're still never 100% protected. That's just the nature of the house.

    But nice post avibky, using stealth ports will help improve your security a bit, just be careful what ports you stealth as stealth ports basically only protect against Port Scanning.
    If a hacker or automated scanner cannot 'see' your computer's ports then they presume it is offline and move on to other targets. You can still be able to connect to Internet and transfer information as usual but remain invisible to outside threats.


    Some basic facts about ports:


    Ports are the virtual data connections that facilitate direct exchange of data between two or more computers. Ports can be in either one of the following states:

    Open - Facilitates an Internet connection. Open ports send a positive response to an incoming connection request.

    Closed
    - Prevents an Internet connection. Closed ports send a negative response that denies an incoming connection request.

    Stealth-mode firewalls are considered harmful

    In stealth mode, the firewall causes the PC just to ignore incoming connection attempts, rather than rejecting them, as would be normal for incoming connection attempts to closed ports. The result is that the PC appears to be switched off and absent from the network.

    This approach to security causes some difficulties. Internet standard RFC 1112 states categorically about ICMP Echoes (ping):

    3.2.2.6 Echo Request/Reply: RFC-79


    "Every host MUST implement an ICMP Echo server function that receives Echo Requests and sends corresponding Echo Replies."

    Note the MUST rather than SHOULD. This means that any internet user, or ISP server, has a right to expect that all live PCs connected to the internet will respond to ICMP ping requests with an ICMP reply. If a firewall user chooses to stealth ICMP requests so that no response is sent, they have only themselves to blame if they start experiencing problems, because they are in breach of RFC 1122


    The problems that might arise if you kill ICMP responses with stealth are:



    • Difficulties with DHCP lease acquisition or renewal in cases where the DHCP server checks on the availability of IP addresses, or your presence on the network, with ICMP ping requests [this doesn't actually happen on the original NTL network, but ICMP requests have been seen coming from the DHCP servers of digital TV set-top boxes. No problems seen with blueyonder];
    • Slowness of web connection setup in cases where the remote web server uses ICMP to determine the MTU of the response path;
    • Frustration at ISP help-desks (and with informal helpers) if your PC does not respond to pings and traceroutes, as it is difficult to distinguish this situation from a broken connection.


    So you are strongly advised not to apply stealth techniques to the ICMP protocol.

    If you stealth all of your ports, it cloaks every single port to make a computer undetectable to port scans, however I think the best option is just to stealth blocked ports.

    If you'd like to check what ports you have stealthed and the security status of your network, you can use a free tool from ShieldsUP! from the Gibson Research website located here:


    Last edited by Jeremy; 24-10-11 at 05:12 AM. Reason: Added link

  5. #5
    Join Date
    Dec 2010
    Location
    India
    Posts
    688
    Oh thanks jeremy. I never knew switching of ICMP echos have such a big prob.

    ---------- Post added at 06:33 PM ---------- Previous post was at 06:31 PM ----------

    I prefer stealthing. Anyway most of the s/w firewalls automatically do this.
    eg Vipre, even Windows firewll(Trust me if u use windows firewall and run GRC leaktest you would see that all prots are stealthed).

    The only idea behing stealthing ports is when a hacker runs a portscan your system wont respond and he may just move on. IT just makes you invisible. Its like covering the whole house with an invisibility cloak and lifting it only when ur friends come.
    Last edited by avibky; 27-10-11 at 07:56 PM.

  6. #6
    Join Date
    Dec 2009
    Location
    Canada
    Posts
    185
    I'm running Windows firewall behind a Linksy's router.Is there anything I needs to tweak?

  7. #7
    Join Date
    Dec 2010
    Location
    India
    Posts
    688
    Clyde which av are u using. If you are behind a hardware firewall no need to worry u are very secure. Pls not hardware f/w cannot use hueristics or behaviour analysis to your applications as normal firewall have HIPS included in them. Pls if u dont use an av with HIPS i advice u to get winpatrol or spyware terminator.

    Thnx

  8. #8
    Join Date
    Nov 2010
    Location
    United States
    Posts
    492
    Quote Originally Posted by clyde View Post
    I'm running Windows firewall behind a Linksy's router.Is there anything I needs to tweak?
    If you want to check your port's security you can run free tests here:

  9. #9
    Join Date
    Dec 2009
    Location
    Hyderabad, India
    Posts
    411
    Quote Originally Posted by clyde View Post
    I'm running Windows firewall behind a Linksy's router.Is there anything I needs to tweak?
    By default, Windows Firewall will allow all outbound connections. That means any process (including malware) on your system can freely access internet. So, it'll be better to block outbound connections. After blocking outbound connections, no process will be able to access internet. So, you have to manually configure, web browsers, antivirus updaters to have access to internet.

  10. #10
    Join Date
    Dec 2010
    Location
    India
    Posts
    688
    Yup sam very right i was using this setup, with trend micro titanium 2012. But yet soemtimes my programs could not connect to the net. Thats why i asked clyde if he had a behaviour blocker it will analyse programs and if suspicious ones try to connect it will opo a warning. Configuring windows firewall if you are non geek is a challenging task. It took 2-3days for me to learn how to properly use it.

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •