Comodo Free Firewall, GRC Shields Up Scan and HTTPS Port 443

Iwanaknow · September 11, 2010, 4:13am

:THNK I am currently running Comodo Free firewall. When I run a scan at GRC - Shield’s Up, the results are that … 1) file sharing (and such) PASS/Stealthed and 2) common ports all STEALTHED with the exception of port 443 (HTTS). I am not certain but I think that this port “stealthing” is supposed to be done at the service provider and not at my computer. I am using “direct connection” via CABLE and do not have an external firewall (router). I have been “half-heartedly” thinking about one but have never gone beyond online browsing for information and such. So … my question is … can I step-up Comodo FW to stealth (protect) port 443? If so, can someone give the appropriate steps to do so? Otherwise, I will have to rely on my service provider to do so. As I said, GRC Shield’s Up indicates that everything is ok with the exception of this on port (443). Many thanks. :-TU

dureal99d · September 11, 2010, 5:29am

Hello!!
I beleave this will help you. first go to select firewall - then run the stealth ports wizard

now when you run that wizard, select - block all incoming connections and make my ports stealth for everyone

that should fix the issue. oh and if you are using windows 7 go to control panel = network & sharing center = change adapter settings. once there now select the network card you connect to the internet with and right click on it & select properties from the context menu. you should see a some network protocols but dont wrry about them the only one you want to disable is( internet protocol version 6 ) by simply un checking it. once this has been done restart your machine and re-run your stealth test. if it still does not work afther this attach a screen shot of your global rules to your next post.

Iwanaknow · September 11, 2010, 10:23am

:-TD Well "dureal99d … Nothing is working! When I open Comodo - Firewall - Stealth Ports Wizard - and then change the setting(s) from “Define new trusted network and make my ports stealth to everyone else” to “Block all incoming connections and make my ports stealth for everyone else” and, when I click on FINISH, I get a notification that Comodo is reconfiguring itself. However, when I open Stealth Ports Wizard again, no changes have been made as the first option is still selected. And also, when I go to Firewall - Advanced and open Network Security Policy - Global Rules, the following is listed: “Block IP in from IP any to IP any where protocol is any”. And yet, when I scan my computer (or actually the IP address for my computer) the resulting scan shows port 443 (HTTPS) is open. So either Comodo is not working properly or it is the Internet service provider/gateway’s responsibility to block (stealth) this port. So at this point I’m stuck! Any more ideas – ANYONE ? :-TD Thanks.

Citizen_K · September 11, 2010, 3:40pm

Is your IP address in a LAN range, 10.x.y.x or 192.168.x.y, by any instance?

dureal99d · September 11, 2010, 5:54pm

Iwanaknow post:3:

:-TD Well "dureal99d … Nothing is working! When I open Comodo - Firewall - Stealth Ports Wizard - and then change the setting(s) from “Define new trusted network and make my ports stealth to everyone else” to “Block all incoming connections and make my ports stealth for everyone else” and, when I click on FINISH, I get a notification that Comodo is reconfiguring itself. However, when I open Stealth Ports Wizard again, no changes have been made as the first option is still selected. And also, when I go to Firewall - Advanced and open Network Security Policy - Global Rules, the following is listed: “Block IP in from IP any to IP any where protocol is any”. And yet, when I scan my computer (or actually the IP address for my computer) the resulting scan shows port 443 (HTTPS) is open. So either Comodo is not working properly or it is the Internet service provider/gateway’s responsibility to block (stealth) this port. So at this point I’m stuck! Any more ideas – ANYONE ? :-TD Thanks.

Post a screen shot of your global rules so we can see why your system may be doing this.

please note my global rules if your looks different than this there in may lye the issue?

[attachment deleted by admin]

Iwanaknow · September 12, 2010, 2:07am

Ok … so here goes. First for EricJH … my IP address according to IP Chicken and GRC Shield’s Up is 121.97.2.2. I am using cable for my Internet access. The IP address to where my modem connects is 10.20.160.xxx but then becomes (I guess) to the world since it is the gateway provider (if that makes sense). Anyway, as I said, everything is “stealth” except for port 443 according to Shield’s Up. /// Now, as requested, the screenshot of my global rules is an attachment herein. I haven’t done any “real” modifications to CIS Free (FW). I’m using the default settings. I don’t know if there is a “configuration settings tool” that will generate a report of what is currently configured in CIS FW. I did notice that there are two identical entries in the global rules. Anyway … that’s it. Thanks.

[attachment deleted by admin]

tormod · September 12, 2010, 4:48am

Iwanaknow post:3:

:-TD Well "dureal99d … Nothing is working! When I open Comodo - Firewall - Stealth Ports Wizard - and then change the setting(s) from “Define new trusted network and make my ports stealth to everyone else” to “Block all incoming connections and make my ports stealth for everyone else” and, when I click on FINISH, I get a notification that Comodo is reconfiguring itself. However, when I open Stealth Ports Wizard again, no changes have been made as the first option is still selected. And also, when I go to Firewall - Advanced and open Network Security Policy - Global Rules, the following is listed: “Block IP in from IP any to IP any where protocol is any”. And yet, when I scan my computer (or actually the IP address for my computer) the resulting scan shows port 443 (HTTPS) is open. So either Comodo is not working properly or it is the Internet service provider/gateway’s responsibility to block (stealth) this port. So at this point I’m stuck! Any more ideas – ANYONE ? :-TD Thanks.

You can’t go back to the Stealth Ports Wizard to view your setting. It doesn’t show the current state; it only allows you pick an option use. That’s why it’s a wizard A lot of people have been confused over that in the past.

tormod · September 12, 2010, 5:01am

A duplicate rule shouldn’t harm anything, but I would delete one of them just in case.

Citizen_K · September 12, 2010, 4:02pm

Iwanaknow post:6:

Ok … so here goes. First for EricJH … my IP address according to IP Chicken and GRC Shield’s Up is 121.97.2.2. I am using cable for my Internet access. The IP address to where my modem connects is 10.20.160.xxx but then becomes 121.97.2.2 (I guess) to the world since it is the gateway provider (if that makes sense). Anyway, as I said, everything is “stealth” except for port 443 according to Shield’s Up. /// Now, as requested, the screenshot of my global rules is an attachment herein. I haven’t done any “real” modifications to CIS Free (FW). I’m using the default settings. I don’t know if there is a “configuration settings tool” that will generate a report of what is currently configured in CIS FW. I did notice that there are two identical entries in the global rules. Anyway … that’s it. Thanks.

You are getting a local IP address from your ISP. You are behind a big ISP router that shares one public IP address. Therefor GRC is probing the router of your ISP and not Comodo firewall.

Iwanaknow · September 15, 2010, 2:42am

:-TU Thanks to all that responded! :-TU So then, based on what has been posted, I am then assuming that my computer is “safe” (relatively speaking) from incoming “exploit” on port 443. Also, the ISP then should be the one to stealth this port and not me. I will pass on the info to my provider(s) and see what happens. Again, many thanks. 8)

t541hoo · September 23, 2010, 2:13pm

Ok. I ran into the same problem. And Guess what: you were half way to the correct answer probably.

You are most certain connected to the internet via a modem router that supports remote login (to the router) via port 443. It is not possible to prevent this connection via the firewall on your computer. Since this makes your router vulnerable as the primary attack surface, it is best to switch this feature to off. Or designate this feature to an other (high) port, if this is possible.

My router for instance is a FritzBox. At this modem a configurable Linux-variant is running. Once the router becomes hijacked you will not be aware of any ill-use of your internet connection.

Iwanaknow · September 24, 2010, 12:31pm

t541hoo <<< I do not have an external router. I do have a modem that connects my computer with the provider via CABLE connection. I only use a “software” firewall (Comodo FW Free). When I intially connect I have an IP assigned and can be seen using “ipconfig /all”. However, when I start my web-browser, either IE8 or Firefox, a different IP is assigned by the gateway. And, this gateway IP is what is seen on the Internet. At last Shield’s Up scan everything was okay - STEALTH - except for port 443. I have a CFW global rule set to “BLOCK IP In from MAC and to MAC any where protocol is any”. This rule was established when I selected “Block all incoming connections and make my ports stealth for everyone.” I will do another Shield’s Up check after I release this reply. I believe it is the responsibility for the gateway to be “stealthing” ports based on my current configuration. So any way, thanks for the response.

t541hoo · September 24, 2010, 2:27pm

Could you post the output from the “Ipconfig /all”

Iwanaknow · September 25, 2010, 3:45am

Here are the “ipconfig /all” and “IP Chicken” results. (see enclosed/attached) My logon IP with my intial service provider is “10.20.160.85” when I initially connect my computer via the modem. Then, when I open a browser, either IE or Firefox to browse the Internel, another IP is assigned from the “gateway” of removed; which I assume is the “public (viewable)” IP. So when I do a scan at Shield’s Up, GRC is seeing the second IP address for the resulting scan. And, I am assuming that Shield’s Up is not scanning any further (or deeper) than to the “gateway” instead of all the way to my computer. I could be wrong which would not … by any means … be the first time! But anyway, here’s the screenshots.

IP removed by Moderator

Please do not post your IP on the open forum anybody can see it including guests.

[attachment deleted by admin]

t541hoo · September 25, 2010, 6:16am

Ok this is how things look
is your external IP address (in fact the address that your cable modem is logically talked at from the internet)

The modem is not only a modem it is also a gateway. The gateway takes care of your internal TCP/IP affairs an does a protocol conversion of TCP/IP to whatever is talked over the cable.

Your internal IP-address is obtained via a DHCP server at 172.16.1.1. This address is also local and is situated in your modem-gateway. The IP-address it handed out to your computer is 10.20.160.85. This is also a local address and is not visible on the internet.

The address of the modem-gateway at the local side is 10.20.160.1.

So if your computer talks to the internet it is handled by the gateway at 10.20.160.1 (inside your modem-gateway). Since this modem-gateway also has a DHCP-server on board it is most probably configurable from your computer via the gateway address 10.20.160.1.

Try this address in your internet browser. What does it come up with?

Iwanaknow · September 25, 2010, 11:11am

Sorry but this is getting too much! ??? ??? All I have is a little box that the cable connects to and the data cable from the modem to the computer; other than the power for the modem. To my knowledge I cannot change anything regarding IP assignments. So I am going just say thanks anyway to all and just let the gods protect me! Sheeeeesh !! :-TU So everyone take care.

Citizen_K · September 25, 2010, 4:15pm

Can you tell us what modem you are using? Brand and name of the modem.

Usually the support pages of your ISP may also have information about your modem. Can you provide the url of that page?

Iwanaknow · September 26, 2010, 5:24am

Ok … for whatever it’s worth … I am using from Scientific Atlanta, WebStar modem model DPC2100.

t541hoo · September 26, 2010, 12:46pm

Ok Iwanaknow,

no sweat. You are not up to it. Nothing to be ashamed about. For what it’s worth:

The little box you talk about can be looked at as a little computer sitting between you and the hard world.
To help people like you with basic internet connection problems your ISP has access to this little modem-computer (not to the computer you are working with) via the cable. And they do that on port 443 (HTTPS). You can do nothing in your Comodo firewall to prevent this. Nor with any other firewall you install on your computer.

ShieldsUp always reports to you that their is something listening on port 443 at your location. As long as no hackers are able to take advantage of this there is no point in this.

So, you might best stay with Comodo, because in my opinion it is the best FREE product that lurks around on the internet. And to say more: it is superior to many other commercial products too.

With regards,
Eric-Jan,
The Netherlands

Iwanaknow · September 27, 2010, 2:53am

This is what I have been attempting to convey all along. I do not have any recourse in the way IP addresses are assigned, configured, set-up, whatever. That is why early on, during this post session, that I have been saying that I believed either the immediate provider … the one my computer connects to when I start the modem and log-on my computer … or the second provider (gateway) that shows to the world the assigned IP I am using … that is there responsibility to protect their subscribers from the world. All I can do is just let somebody know what I find out. And, any way, I have a CFW global rule set to block all incoming from anyone/anywhere. So, for all practical purposes, this is my last on the matter for now. I say thanks to all that responded … good or bad which I am not accusing anyone wrongly (I hope) :-TU :-TD. All take care. And … I"mmmmmm outta here !!! ;D :■■■■