Author Topic: Port 0 and Port 1 not "stealth"  (Read 8264 times)

Offline ConnieD

  • Newbie
  • *
  • Posts: 4
Port 0 and Port 1 not "stealth"
« on: December 24, 2010, 03:15:39 PM »
I am reporting everything I could think may be relevant, for your tech staff, here.

I am interested in having all ports stealth, to avoid malicious attacks on the old Windows PC I have brought back out of storage and updated.

I don't go internet places that are especially problems. However, I have experienced Windows OS computers attacked, netbook, laptop, PC or public library.

I wouldn't have Windows OS, except I use some windows-only software.

In the "Stealth Ports Wizard" I selected "Block all incoming connections and make my ports stealth for everyone".

GRC Shields Up! reports port 0 and port 1 are "closed" not "stealth". They are only "closed".

All other ports are "stealth".

I noticed "View Firewall Events" has no items to show. I would think the GRC Shields Up! test would show up there, for port 0 and port 1. Maybe not.

I have Alltel Broadband Connect USB data plan, if that matters.

How can I have port 0 and port 1 "stealth" as well?


Offline HeffeD

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6827
Re: Port 0 and Port 1 not "stealth"
« Reply #1 on: December 24, 2010, 03:35:23 PM »
Is your modem connecting to a wireless router, or perhaps has a built in router? The ShieldUp! test will probe whatever is between you and the internet. If you are connecting through a router, the router will be probed instead of your software firewall.

Offline ConnieD

  • Newbie
  • *
  • Posts: 4
Re: Port 0 and Port 1 not "stealth"
« Reply #2 on: December 24, 2010, 03:49:42 PM »
I only have the Pantech USB stick, provided by Alltel.

It uses cellphone service protocols.

ShieldsUp! shows:
Quote
Your Internet connection's IP address is uniquely associated with the following "machine name":

h-174-39-164-250.ip.alltel.net
« Last Edit: December 24, 2010, 03:52:28 PM by ConnieD »

Offline ConnieD

  • Newbie
  • *
  • Posts: 4
Re: Port 0 and Port 1 not "stealth"
« Reply #3 on: December 24, 2010, 03:56:38 PM »
BrowserSpy.dk shows me located near Wichita, KS.

I am in Montana.

Maybe this information is helpful?


Should I run Comodo without "stealth" selected and report the results?

I could only select Alert me... and I blocked the incoming request. I had the same result.
« Last Edit: December 24, 2010, 04:01:46 PM by ConnieD »

Offline HeffeD

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6827
Re: Port 0 and Port 1 not "stealth"
« Reply #4 on: December 24, 2010, 04:58:45 PM »
I had the same result.

Then your software firewall isn't getting tested.

In my opinion, it's really not a problem. The ports are closed. It doesn't matter if they're stealthed. And if someone does get past whatever gateway/router you're behind, they'll then encounter your software firewall. :)

But if it's really important to you that these two ports show stealth, you'll need to either refer to your modems documentation, or contact the manufacturers technical support to find out if this is possible. It may not be.

Offline ConnieD

  • Newbie
  • *
  • Posts: 4
Re: Port 0 and Port 1 not "stealth"
« Reply #5 on: December 24, 2010, 06:40:25 PM »
I will see what I can find out, from Alltel.

I do a lot of development, and the like. I run into "script-kiddies" who like to harm Windows OS. Nevertheless, I like to encourage the "kids" to know more.

I was hoping this software and this access is a really secure one.


I heard about Comodo at the Eeec forum.
« Last Edit: December 24, 2010, 06:44:07 PM by ConnieD »

Offline HeffeD

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6827
Re: Port 0 and Port 1 not "stealth"
« Reply #6 on: December 24, 2010, 09:48:41 PM »
I was hoping this software and this access is a really secure one.

The software is secure. Unfortunately the way GRC's test works, unless you have a direct connection to the internet, it's not going to be testing your PC's defenses. However, like I said, that does mean you have another layer of protection between you and the internet. :)

Offline CherMas

  • Newbie
  • *
  • Posts: 4
Re: Port 0 and Port 1 not "stealth"
« Reply #7 on: March 23, 2011, 01:41:40 PM »

ConnieD wrote:
...
I am interested in having all ports stealth, to avoid malicious attacks on the old Windows PC I have brought back out of storage and updated.
In the "Stealth Ports Wizard" I selected "Block all incoming connections and make my ports stealth for everyone".

GRC Shields Up! reports port 0 and port 1 are "closed" not "stealth". They are only "closed".
All other ports are "stealth"...

Here's my recent experience with this issue that may lead somewhere.

I run 2 rigs XPsp3 & Win7sp1 through Internet Connection Sharing(ICS) on the XP rig that is running CIS 5.3.181415.1237. Internet via Cable modem.

I'm used to seeing a clean report from GRC Shields Up!, but noticed that since I connected my second rig through ICS I get back a 'Fail' from Sheilds Up! because port 0 & port 1 status is 'closed', but not 'stealthed'.

When I first ran the Shields Up! scan from XP, my Win7 rig was powered off. When I turned the Win7 rig on and ran Sheilds Up! from it - I got a clean scan, all passed inc. ports 0 & 1. Meanwhile... back to the XP rig and I got a clean scan there too! Completely stealthed on both platforms.

Tryed to emulate original conditions by turning off the Win7 rig, and ran scan on XP but no change - still all stealthed. Then I switched OFF ICS in 'Local Area Connection Properties' (see attached pic) and bingo. Sheilds Up! reports ports 0 & 1 as closed, but not stealthed.

I'll come back if I can get a better handle on what's going on. Ideas from all very welcome.


Offline Black_ice_Spain

  • Newbie
  • *
  • Posts: 23
Re: Port 0 and Port 1 not "stealth"
« Reply #8 on: March 23, 2011, 05:10:21 PM »
port 0 shows closed here but not stealth, has been like that forever.

I think in older versions of comodo it didnt, i have all my ports open on the router, and they show open if i deactivate comodo, but when i activate comod, they all go stealth, except 0 which remains closed. I think its not with router itself :X.

Mainlly because i have in router every traffic redirected to my gaming/p2p PC, so comodo its the only security layer there.

Anyways port 0 doesnt seem to exist anywhere, isnt it a special port or sumthing like that? i cant put router rules for it

Anyways this should be looked for, other firewalls dont show that "problem".
« Last Edit: March 23, 2011, 05:37:55 PM by Black_ice_Spain »

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 19132
Re: Port 0 and Port 1 not "stealth"
« Reply #9 on: March 24, 2011, 11:03:31 AM »
Are you sure your router forwards traffic on port 0?

Offline CherMas

  • Newbie
  • *
  • Posts: 4
Re: Port 0 and Port 1 not "stealth"
« Reply #10 on: March 24, 2011, 05:26:07 PM »
Black_ice_Spain wrote:
port 0 shows closed here but not stealth, has been like that forever...
Anyways port 0 doesnt seem to exist anywhere, isnt it a special port or sumthing like that? i cant put router rules for it...
...Anyways this should be looked for, other firewalls dont show that "problem"...


Just to add note: I don't think 'closed' ports are a major security issue, but an interesting anomaly. I prefer to be 'invisible' to port scanners, rather than perhaps being logged for further investigation.
Here's some links for further info on ports 0 & 1.
grc.com - Port 0
grc.com - Port 1 TCPMUX
Wikipedia - TCP Port 1 Service Multiplexer

Also IMO, 'other firewalls' don't always show a lot of 'problems'.

Offline HeffeD

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6827
Re: Port 0 and Port 1 not "stealth"
« Reply #11 on: March 24, 2011, 06:45:21 PM »
Black_ice_Spain wrote:
Just to add note: I don't think 'closed' ports are a major security issue, but an interesting anomaly. I prefer to be 'invisible' to port scanners, rather than perhaps being logged for further investigation.

Actually, it's invisible, or "stealthed" ports that are the anomaly, not closed ports.

Offline nondescriptusername

  • Comodo Member
  • **
  • Posts: 25
  • testing...
Re: Port 0 and Port 1 not "stealth"
« Reply #12 on: March 24, 2011, 11:16:06 PM »
These closed ports are being caused by your router, not Comodo.

Check your routers firewall and uncheck the option to 'block TCP flag scan'. Your ports 0 & 1 will be stealthed once again.

Offline Radaghast

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 4068
Re: Port 0 and Port 1 not "stealth"
« Reply #13 on: March 24, 2011, 11:37:02 PM »
These closed ports are being caused by your router, not Comodo.

Check your routers firewall and uncheck the option to 'block TCP flag scan'. Your ports 0 & 1 will be stealthed once again.

Quote
I only have the Pantech USB stick, provided by Alltel.

It uses cellphone service protocols.


If the OP is using this I doubt they'll have that option. However, it appears to offer an 'Advanced' configuration mode, so that might be worth exploring.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.”

Offline nondescriptusername

  • Comodo Member
  • **
  • Posts: 25
  • testing...
Re: Port 0 and Port 1 not "stealth"
« Reply #14 on: March 25, 2011, 12:09:05 AM »

If the OP is using this I doubt they'll have that option. However, it appears to offer an 'Advanced' configuration mode, so that might be worth exploring.

In this case it may be that the ISP has closed ports 0 & 1 for everyone on their network?

I have used those mobile dongles and they are not very user-configurable-friendly and are usually locked up by the ISP.

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek