Posted: Sat Apr 03, 2021 12:19 Post subject: How to pass the GRC stealth test
I am running DD-WRT r45219 on a Linksys WRT1200AC. The ports probe test on GRC.COM reports ports 135,137,139,445 as "Closed" while all others are reported as "Stealth". I have placed the following in my firewall (on the Administration/Firewall page):
it is very possible that your ISP is automatically closing those ports.
The other thing is that you would need to put those rules on the INPUT chain, because shields up is probing your router's IP which means that it goes to the router. Shields up has no knowledge of anything behind your router that is why NAT acts as a filter/firewall.
As @Wildlion stated, it's highly likely your ISP is to blame here. GRC assumes there's nothing blocking those ports between them and the WAN of your router. But many ISPs do block certain well-known ports (particularly the ones you've specified), thus reporting a lack of stealthiness. There's nothing you can do about it. And it doesn't mean YOUR router isn't blocking these ports already. By default, the WAN DROPs all unsolicited inbound requests unless YOU specifically open those ports using port forwarding.
Many thanks to both of you, @wildlion and @eibgrad, for your kind help. Your explanation stands to reason and is further supported by the fact that a few months ago, with my same router and its setup but a different ISP, I got a straight Stealth verdict from GRC.
Do you use Access Restrictions? I ran into a case where using more than 12 of the 15 URL entries available per Policy would unstealth ports, and even leave ports open. Supposed to have been fixed for versions after r46096. I've not tested since before that though.