Visble Ports [Resolved]

[Guest]

[MitchA]

Hi, Just being using Comodo for the last few days, great firewall and  it's amazing the amount of traffic trying to get into my machine. I've being conducting some online tests and most of them keep telling me this message:
      
Warning!
The test found visible port(s) on your system: 80, 138, 1080

There closed ports, but are still visible. Is there something i'm doing wrong or is this normal?

[Little Mac]

If you used Automatic setup when installing CPF, you should be "stealthed" right from the start.

If you went with a custom configuration, that could change...

Also, if you have a router when you do the online tests, you're testing the router, not CPF.

So the questions are:

Are you using a router?

Did you do Automatic installation, or a custom one?

LM

PS:  Welcome to the forum, Mitch!  You should be able to get some good help here.  We are the users of Comodo products, and most are very happy to help.  Comodo Staff also has a presence here, and will jump in from time to time.

[MitchA]

Thanks for the welcome. To answer the questions:
I'm not using a router, I'm directly connected to my cable modem

I did a standard install but since have made my own Network Control Rules as follows:



Also when I run tests I can see in the log that Comodo is blocking attempts, I just never see anything about those 3 ports

[Little Mac]

Okay, now for some more questions...

1.  What online tests are you running?  - sites, etc

2.  What version of CPF do you have?

3.  What type of modem do you have?  - Brand/Model (some function as a sort of router, or have a hardware firewall)

4.  Did you try the aforementioned tests with CPF's default rules, or only after you had changed them?

That will help give a better idea of what is occurring.

LM

[MitchA]

I'm running tests from http://www.pcflank.com/

I've tried with auto config and my own ones

My Modem is a Motorola SB5100

[Little Mac]

Mitch,

Best I can tell, your Modem does not serve as a Router or serve any NAT function; nor does it appear to block any ports.  Yikes!  However, your cable provider may have certain physical safeguards in place on their end.

Here's a couple things to check that will help clarify that side of the equation...

Go to Start/Run and type "cmd".  When the DOS window opens up, type "ipconfig /all" at the prompt.
See what your IP address is.  If it something like 192.168.x.x, your modem is probably serving as a router in some way (also see if shows a "Default Gateway" IP address).  If it is not that, go to www.whatismyip.com and see what the results there are.  If the IP there differs from the one shown by ipconfig, something between your modem and the website is rerouting you; this will be a function of your cable provider.

Online tests are not the best determination of closed ports, IMO.  Some users seem to have a very low opinion of them, especially PC Flank (not sure exactly why, but there you go...)

CPF's default configuration is known to provide a strong level of protection, and you should not have any issues regarding any online tests.   A resident scanner such as Superscan 4 will give better results, as it actually scans your localhost to give you results there.

But let's take it one thing at a time.  Check the IP addresses as I indicated, and confirm if they are the same or not, and if you have a "Default Gateway" as well (and whether that matches the other two for IP range).

LM

[MitchA]

Thanks for that, yeh I've got a unique IP 220.x.x.x

I turned off Comodo and ran some tests, no ports were ever open all were closed. just none were stealthed. When I turn Comodo back on, every port is stealthed except those 3 which are closed, luckily none are ever open

[Little Mac]

There's debate between some about whether it's a good idea to be "stealthed;" if a someone scans your computer and there's no return/a "dropped" message, they know there's a computer there (and might want to try harder to get in).  If they scanned and it was blocked (or dropped because the computer was off, etc) the return would be an "unreachable" message; perhaps less tempting, as it could also be a dead end. 

That said, however, that's the philosophy side of it.  CPF still should "stealth" all ports.  You might try the Shield's Up! test at www.grc.com; like PCFlank, it's a security-based site that will do a port scan for you.  See if the results there are any different.  (there might be an application using them, or communication between you and the modem, or it might be a glitch in PCFlank's scan)

Another option (which is considered better by the security-guru types) is a resident port scan utility, like SuperScan 4.  It's a free tool from Foundstone (a division of McAfee), available here:  http://www.foundstone.com/  If this takes you to the main page, go to Resources and then  Free Tools.  It's in the Scanner section, at the top.  Download, install, run it and scan your localhost, which is IP 127.0.0.1.  This will return information about your computer, kind of from the inside out.  This eliminates any internet junk or misreads.  If you still have those ports showing, and don't know why, Foundstone also has a tool called FPort.  FPort not only identifies open ports, but also their associated applications - ie, what's using them.

So there's three things for you to check - GRC's website (Shields Up! test), SuperScan 4, and if needed, FPort.

LM

[MitchA]

Thanks for that.

I tried a test at HackerWatch.org and it told me HTTP Port 80 was completely invisible

I tried the test at GRC, here's my test

GRC Port Authority Report created on UTC: 2006-12-09 at 03:44:42

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
                            119, 135, 139, 143, 389, 443, 445,
                            1002, 1024-1030, 1720, 5000

    0 Ports Open
    0 Ports Closed
   26 Ports Stealth
---------------------
   26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - NO Ping reply (ICMP Echo) was received.

So no problem with them, thanks for that. I onder why on some tests there closed and others there stealthed

I also did the service port tests and not one port open, thanks for all your help LM

[Little Mac]

Great, I'm glad that all worked out.  As to why the different results, I know I've read some posts from "panic" (Ewen) that discuss some of that, but I don't remember the details.  The easy explanation is that they all do things a little differently, and none of them are all that reliable.  The best thing is the resident scan, which you passed with flying colors, it sounds like.

You're very welcome for the help; I'm glad to give it.  Even more glad that it all worked! 

LM

PS:  Since it appears everything is good for your initial question in this topic/thread, would you do the following, for other readers' benefit:  Go to your first post in this topic, click on the Edit icon (I call it a "finger" but I think it's actually a "pencil" on a sheet of paper) - on the lower right, just above your IP address.  Then add "[Resolved]" in the Subject line, either before or after your original text.  TNX.

[AOwL]

I can lock this thread.

[Tags:]