It wouldn't be for me. Just the other day I connected my laptop directly to the DSL modem rather than running it through the router, to check the software firewall before traveling. The firewall was logging a port scan about every five seconds.
No. My firewall had my machine in "stealth" mode, so the scanners didn't even know there was a machine at that IP address. You're just seeing a small part of the stuff everybody gets.
Yes. You should make sure such scans are unsuccessful. I use the "Shields Up" tests at
formatting link
I'm sure the more sophisticated folks on this newsgroup can suggest other tests.
I think most people would recommend shutting down the XP firewall, since the two can interfere with each other. But again I'll defer to the experts here.
No, no, and no. The Internet is like the old West. There's no law, so you've gotta carry your own sixgun. And know how to use it.
Bullshit. If there really was no machine at that address, the last router *before* your machine would have responded with a "host- unreachable" or "network-unreachable" ICMP message. There is no such thing like "stealth" in IP.
The more sophisticated folks especially suggest
formatting link
Probably. And they'd be wrong.
Bullshit. Of course the Internet is *not* a lawless place. However, there's no law to prohibit portscans.
That web site contains a lot of material objecting to Gibson and his site, but I don't see anything a relatively naive user (which describes the vast majority of Internet users) can do to test his firewall against port scans.
You can't test a firewall against portscans. That just makes no sense. You can use a portscanner to determine whether some host has open ports.
Actually that's very constructive, because Gibson's interpretation of portscanning results is misleading, to say the least. GRC isn't a source anyone should use.
As for online-portscanners: there's this really great website where you can find just about everything:
Joe Average doesn't need a firewall. Just disable binding of unneeded service to network interfaces, there are numerous scripts out there and heck, even Ahab Gibson has got his BUZZWORDbubbler^WDCOMbobulator.
Joe Average doesn't know how to properly use a firewall, so it doesn't offer any security.
Personal firewalls are no firewalls. They're host-based packet filters, in a pretty lousy implementation, plus a lot of pseudo-security bullshit.
There's neither a need nor a way to stop port scans.
Do you? Hint: GRC and derived wrong knowledge isn't constructive either.
Wow. I've obviously come to the wrong place to learn about firewalls or get constructive advice about making my system more secure against random scans. Sorry for bothering you folks.
With except of not letting your system be vulnerable, which should be a general goal apart from random port scans, what exactly do you thinkg you could do?
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.