comodo firewall failing TCP FIN packet test

I ran pcflank stealth firewall test and only TCP FIN packet showed non-stealth which according to pc flank means: “Non-stealthed” - Means that your system (firewall) responded to the packet we have sent to it. What is more important, is that it also means that your computer is visible to others on the Internet that can be potentially dangerous."

Also I turned my router firewall off last night and ran a pc flank stealth test for comodo firewall and all the packets showed non-stealth. So with the router firwall back on and comodo firewall I only get TCP FIN non-stealth. I am using proactive security setting on comodo firewall.

I always take the results with a grain of salt from these port scanner tests as there could be a router along the path interfering with the tests. I always test firewalls by port scanning them from another computer that is directly connected on the same local area network, or scan a VM from the host machine. With that being said, I can’t get a response from any type of port scan against comodo firewall when I ran nmap against it. Did you run the stealth ports setting under firewall tasks and select block incoming connections?

yes I did. Did you tried the pcflank stealth test? This is the test I am talking about: Stealth Test | PCFlank

Please try it on windows 8.1 64bit and let me know if you get any non-stealth, specially tcp fin packet test. I included the test pic for you to see.

[attachment deleted by admin]

I know of the test site and as I said before I never really trust the results of these port scanner sites as sometimes they produce inaccurate results. But I did run that test and was able to get a stealth status for each tcp packet scan type including tcp fin. When you run these kinds of tests and want to bypass your router, you need to put your computer as a DMZ host from within your routers web configuration page. I know you said you disabled your routers firewall and ran the test but that won’t be effective enough to expose your computer directly to the internet, unless you set it as a DMZ host see attached screenshot.

[attachment deleted by admin]

yeah I hesitant to set DMZ for my pc outside a hardware firewall. I have heard the best is a router hardware firewall then a software firewall. But for this test i will do this and re-test to see. Will update here.

well I did set my conputer DMZ outside the router as you said but still the retest showed the exact same thing. only TCP fin packet is non-stealth? This is strange and odd.

So what does this tcp fin is for and what danger and risk has it?

TCP FIN is sent to close or ‘finish’ a connection. If a host receives a FIN packet out of sync, then the host will respond with a TCP RST (reset) packet to tell the sending machine to reset its connection state. There really is no danger per se, but a good firewall will silently drop the packet and not send a response to the sender of the TCP FIN packet. It is strange that you are still getting non-stealth status, but I’m willing to bet its something that is out of your control causing this issue. Do you happen to have another computer that you can run a scan from?

yes I do and I did a the same test on my family pc with win 8.1 64bit and WINDOWS FIREWALL ONLY and got the same only TCP FIN packet is non-stealth???

here is what i do. I am going to connect my pc with comodo firewall directly to modem bypassing router and retest and post here.

Found the problem. It was the router. When I connected directly to modem and ran the test all incl. TCP FIN was stealth. So I changed my router with a backup tht I had and ran the test again and now still all are stealth incl. TCP FIN.

Thanks for all your help.