Author Topic: leaktest by GRC-ShieldsUp  (Read 8584 times)

Offline halu

  • Newbie
  • *
  • Posts: 2
leaktest by GRC-ShieldsUp
« on: November 01, 2006, 03:32:56 AM »
from GRC-ShieldsUp, testing Common Ports, I get the following message:
Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

What Network Control Rule in de Commodo firewall should I set to repair this leak? (Is it a leak?)
Everything else is tested as 'Passed' and 'Stealth'

Any suggestions?


[Topic Closed: If issue returns PM an online mod to open]
« Last Edit: February 29, 2008, 12:35:26 PM by goodbrazer »

Offline chthonic

  • Newbie
  • *
  • Posts: 22
Re: leaktest by GRC-ShieldsUp
« Reply #1 on: November 02, 2006, 04:09:43 PM »
I came to this forum to find the answer to this same question... I think I now have a good idea on how to correct this after reading lots of articles on web search....

I am going to give it a test and I will post my results.
"I treat everyone with equal disregard... I make fewer enemies that way!" (I also can't be accused of playing favorites!)

Offline chthonic

  • Newbie
  • *
  • Posts: 22
Re: leaktest by GRC-ShieldsUp
« Reply #2 on: November 02, 2006, 04:29:12 PM »
 (:NRD)


ok... it seems that the GRC failed notice is directly linked to another question I had....

rule # 5 should be a rule to block incoming and outgoing IP requests... if that rule is active then you pass the test.. but if its disabled you fail that particular security check..

which leads to the other question I had..  I am going to post it here because the two problems are integrated.

when rule #5 is active .. my server programs ... such as my FTP server and P2P programs cant operate correctly because the machine does not respond correctly... but the security test is flawless

when rule #5 is inactive my programs respond properly ...but... I fail at least one leak test item on several test sites.....


is there a way to set a specific rule to block just that item.. but still allow IP traffic for server type programs without breaking security.. .. and the ports would close when the server software is turned off....

I once had kerio firewall.. and it allowed me to set rules like that "PER" application rather than all or nothing..... some server programs require IP traffic in order to operate properly....

how about modifying the configuration options to "exclude or ignore" those kinds of programs? that way the software can do what it was meant to do while it is in use and the firewall still blocks what it was designed to block.

[example]

<allow_IP_IN_and_OUT> for this program

this way the program can do its function and the firewall doesnt fail a leak test.

also with this.. the rule options should allow us to configure port permissions per application and not just a blanket rule
"I treat everyone with equal disregard... I make fewer enemies that way!" (I also can't be accused of playing favorites!)

Offline AOwL

  • Comodo SuperHero
  • Comodo's Hero
  • *****
  • Posts: 2349
  • Comodo Firewall Pro - Be safe, use protection...
    • NordicNatureMedia
Re: leaktest by GRC-ShieldsUp
« Reply #3 on: November 02, 2006, 05:08:44 PM »
Welcome to the forum.

In Application monitor you can set up IP or/and ports for a program.
I think that in Network monitor, a port isn't open just because you have a rule there. It should be in stealth when not used. It opens when a program uses it in the computer.
Have you default rules? You should be in stealth with those.
Have you tried to set up network monitor rules for the P2p programs? Normally you have to open ports in there like in a router. You could say that it works like a router. Don't forget to move the rules up above the block rule, and maybe to the top of the list.
You might have to restart CPF.

Offline chthonic

  • Newbie
  • *
  • Posts: 22
Re: leaktest by GRC-ShieldsUp
« Reply #4 on: November 02, 2006, 05:10:18 PM »
I tested my changes and got this result from GRC testing ALL service ports


*******************************************************************
Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.
************************************************************************

in network monitor ... go to rule #5 .... split it into two separate rules

ALLOW IP IN
BLOCK IP OUT


then make an additional rule

BLOCK ICMP ECHO REPLY OUT

I also recommend disabling NETBIOS over TCP/IP if you are only using one computer (not networked) as well as file and print sharing... if you are not on a network.. those features are useless and risky.

if you are running XP you can use a program like FRESHUI to activate two other features in the NETWORK section

TCP/IP HARDENING
and
PROTECT AGAINST SYN ATTACKS


these setting worked flawlessly (so far) for my computer.. you might have to experiment a little depending on the way your own computer is configured.

these changes have reduced the port probing on my machine close to 60%.
"I treat everyone with equal disregard... I make fewer enemies that way!" (I also can't be accused of playing favorites!)

Offline halu

  • Newbie
  • *
  • Posts: 2
Re: leaktest by GRC-ShieldsUp
« Reply #5 on: November 17, 2006, 07:29:48 AM »
thanks all for your suggestions. I'll try them out and have a good feeling it will solve my problem.
thanks, halu

Offline AOwL

  • Comodo SuperHero
  • Comodo's Hero
  • *****
  • Posts: 2349
  • Comodo Firewall Pro - Be safe, use protection...
    • NordicNatureMedia
Re: leaktest by GRC-ShieldsUp
« Reply #6 on: November 17, 2006, 07:37:01 AM »
If you have your own server you have to go to security/advanced/misc and check "skip loopback TCP"
You should have both checked. UDP is by default, TCP is not, just to protect you, IF you are behind a proxy.

Offline AOwL

  • Comodo SuperHero
  • Comodo's Hero
  • *****
  • Posts: 2349
  • Comodo Firewall Pro - Be safe, use protection...
    • NordicNatureMedia
Re: leaktest by GRC-ShieldsUp
« Reply #7 on: November 17, 2006, 07:46:29 AM »
You should NOT remove the default Block rule!
If you set it to Allow all IP in... well do I have to say any more...
CPF reads the rules from top to bottom, so it checks if it should allow things to come in, and if no rule let it in, then the last rule should stop the unwanted stuff you haven't allowed to come in.

Make sure that before you do a port scan, that you bypass your router if you have one, or set your PC to DMZ in it, otherwise you test your router, and not CPF.

Offline Little Mac

  • Forum Volunteer
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6303
  • The Colonel told me to.
Re: leaktest by GRC-ShieldsUp
« Reply #8 on: November 17, 2006, 03:25:45 PM »
Here's a good explanation for how to set up a set of Network Control Rules for CPF, with some specifics for LAN, bitorrent.  These should allow/help you to get your rules set up.  Please note:  this explanation was written based on an older version of CPF; the facts are the same, but some of the language is different in the current version.

If you do not need to have other computers on a LAN connect to yours, or have game-specific port issues and whatnot, you only have two basic rules needed:
Your base rule:  Block (& log) IP In from IP Any to IP Any where IP Proto is Any.  This keeps everybody out (if you have to connect to others on a LAN, this will block that, too).
Your next rule:  Allow IP Out from IP Any to IP Any where IP Proto is Any.  This allows you to connect & surf, download, etc.

Read m0ng0d's post.  I'm sure you'll find it helpful.

Your Network Control Rules regulate your computer's connection to the internet, not your programs.  The Application Monitor is where you set rules for your programs, which is a separate deal.  When you allow or block an application from connecting in the Application Monitor, you are doing so based on your established Network Control Rules.

Hope this helps,

LM
These forums are focused on providing help and improvement for Comodo products.  Please treat other users with respect and make a positive contribution.  Thanks.
Forum Policy

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek