Before I got a router (AT&T), all ports were stealthed (I use ZAP). Now that I have a router, this port is indicated as CLOSED, not stealthed. GRC says ZAP is uniquely good at stealthing port 113. Is the CLOSED status due to the router responding before anything even gets to ZAP? I even manually blocked incoming and outgoing TCP packets to/from port 113 via ZAP but the probe result is the same. I know little about configuring the router (my home net was installed). How do I stealth this port or is it so insignificant that I should not even concern myself with it?

Thanks.

Is the CLOSED status due to the router responding before anything even gets to ZAP?
Closed means blocked, it is stealth.

I guess it's a matter of semantics. GRC says that closed means that there was a response that indicated to the outside world that the port is closed rather than ignoring the probe; closed = response (you are there), stealth = no response (you areinvisible). Probably insignificant due to that ports function anyway.

Interestingly (to me), I went into my router software and looked at a few of the status pages. It says that I am, as we speak, under SYN Flood Attack. Google search indicates this is some sort of denial of service attack whereby client requests intentionally overwhelm a servers ability to respond. A little while back I installed Visual Studio.NET and reconfigured my tower as an IIS web server. I wanted to experiment with developing and hosting web apps. I have done almost none of that yet (not enough time) and I keep IIS locked down via ZAP, so I haven't seen any effects from this sort of attack. I guess I'm kind of in over my head there but the router also indicates that it just dropped all the packet during the attacks so no damage seen or done.

Ever heard of anything like that?

This is from grc: port 113 stealth (http://www.grc.com/port_113.htm)

Also:
"Or, you can leave the default rule in place and live with your system's IDENT service port being visible to the outside world. Be aware that this provides a means for intruders to detect an otherwise stealthed computer. And they'll know you're running a firewall since other things are stealthed, but not port 113."

Or, you can leave the default rule in place

Therein lies the rub. I would rather not leave whatever the default rule is in place, I just don't know how to change it. I could try the port forwarding that GRC describes but I wary of messing up my router setting in attempting to do that without more precise instructions.

A minor detail in the grand scheme of things, I guess. But to use a military analogy, it's like a submarine that should be undetectable but makes alot of noise so everyone knows it's there. There's probably a torpedo in its future.