I decided to test my PC’s firewall by using GRC’s ShieldsUP test. I was using the Common Ports test, and surprisingly failed. According to the test my PC replied to a Ping request. My FTP port responded to my amazement, but it was described as being “closed to all connections”. Is this an issue on the firewall’s part? Or did I not set something up correctly?
BTW, My firewall is up to date, and I’m quite sure I passed this test with an older version of Comodo.
I always fail the test because it says port 113 is closed but not stealthed. I’m not concerned at all for two reasons. Port 113 is used for identification and I’m sure World of Warcraft uses it to verify my account login. Secondly, if you read enough about stealthed ports vs closed ports, you find that both are secure and stealth is something that was actually invented by Steve Gibson who runs GRC and is regarded by many as being either overly paranoid or trying to promote himself and his site by spreading misinformation.
I use windows 7 64 bit and Comodo Firewall 4.1 (not CIS)
And for me all ports are stealth according to that test.
I guess you must have open some ports yourself…
Unfortunately the human factor plays part when using and configuring the firewall…that is also
why the security is very relative depending on your personal configuration… I think this is a flaw in most Firewalls today…cause it makes room for human error and for wrong configuration…in fact…the average users have very little or no idea how to set it up correctly, when the window pop up a lot of people will click “yes allow” even though they have no idea what it is… I wish Comodo was better of analyzing the processes them selves…
I hope this will be improved in v5, so that the user do not need to configure as much.
There is processes like for instance svchost I think is something that should had been pre-configured for out going traffic only. Thre is many more examples…
A closed port is seen, while a stealthed port is not even seen.
GRC states that the only fact of “seeing you” is a security risk, because the hypothetical hacker then knows that you “exist” and could try to use some other port on your computer:.
There’s no difference whatsoever between “closed” and “stealthed” is one is confident that all his ports are closed.
Moreover, institutionnal sites (call them Microsoft or whatever you want) are by definition “visible”, but supposed to be “closed” to whatever forbidden action.
The cis “furtive port” (is it its english name?) feature is supposed to achieve the “stealth” state, but shall never achieve it if the test hits your router, and not your computer itself.
In this event, you could plug your router off and repeat the test from a direct connexion using a modem if you have one.
Some routers have a option to deny ping (but in this category, some routers then also throw you out of your isp…) while, if your router is not concerned and you worry about ping, you must write firewall rules blocking echo request and echo reply.
Such rules have of course to be amended if you use a LAN, as you could want to allow the echo messages inside this LAN.
CIS 4 default settings definitely make of it a “joke”, as the default behavior is to allow outbound, and that no firewall (since the lousy thing called “windows xp firewall”) ever should allow such a behavior.
This being said, and after stating that my computer is cis 3-grc stealthed, this does not mean much:
i could never achieve this state if my home router firmware had some open ports themselves tested, and again, the “stealth” concept is a notion created by grc; a firewall would stay very good if every port was seen as closed.
So, no, failing grc is not always due to a user configuration defective from the only mistakes of this user.
On another point of view, grc is not “The Holy Bible”: some other security sites use some other tests not included in grc, and even if grc was comprehensive, it wouldn’t be enough to state a computer as safe, as it only tests some vulnerabilities while e.g. various leaktests test several others.
It has shown port 113 as being closed but not stealthed with every version of CIS since 3.8 for me. I am not and will not run a beta of a security app. I’m using the 4.1 firewall at the present time.
Another thing is that I am behind a router that blocks all unsolicited incoming traffic before Comodo even sees it so maybe the test is invalid anyway. I never get a single intrusion attempt blocked by Comodo but when I check the router logs, there are many. The only reason I use the Comodo Firewall is to have control over outgoing traffic. If the Windows firewall had that, I would be using it instead.
Hey guys. Wow, more feedback than expected. I’ve already run the stealth ports wizard and looked over my firewall behavior rules and it wouldn’t make sense that any ports would respond. I’m not sure what exactly is keeping that port from being “stealthed”. Other than program permissions, what other settings could I be missing?
And I’m behind a router as well, so that doesn’t explain how you passed.
I guess my main question is, Does this really matter? Is my security compromised at all by this port being “closed” rather than “stealthed”? And the general impression I’m getting is that it doesn’t make a difference.
Default setting on my (Actiontec) router is (Off). I run mine on (High). On off, ping will alert when GRC is run on my browser. On high, ping will alert again unless I uncheck “ICMP in” box in firewall settings.
Also suggest setting a password to safeguard modem settings from outside intrusion.
See latest post re 192.168.0.99 DHCP. You may see why the default ISP password may not be sufficient, which by the way, is “admin”. I think because I did not have that in place, my modem went down.
