Failed ShieldsUP Common Ports Test

I decided to test my PC’s firewall by using GRC’s ShieldsUP test. I was using the Common Ports test, and surprisingly failed. According to the test my PC replied to a Ping request. My FTP port responded to my amazement, but it was described as being “closed to all connections”. Is this an issue on the firewall’s part? Or did I not set something up correctly?

BTW, My firewall is up to date, and I’m quite sure I passed this test with an older version of Comodo.

Here is a link to the test:

Turns out, mine failed as well:

GRC Port Authority Report created on UTC: 2010-07-31 at 06:01:53

Results from scan of ports: 0-1055

0 Ports Open
2 Ports Closed

1054 Ports Stealth

1056 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be CLOSED were: 0, 1

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,

I always fail the test because it says port 113 is closed but not stealthed. I’m not concerned at all for two reasons. Port 113 is used for identification and I’m sure World of Warcraft uses it to verify my account login. Secondly, if you read enough about stealthed ports vs closed ports, you find that both are secure and stealth is something that was actually invented by Steve Gibson who runs GRC and is regarded by many as being either overly paranoid or trying to promote himself and his site by spreading misinformation.

are you 2 running the beta of v5-----i always pass

I run the regular 4.1 version, not 5 beta…

I use windows 7 64 bit and Comodo Firewall 4.1 (not CIS)
And for me all ports are stealth according to that test.

I guess you must have open some ports yourself…

Unfortunately the human factor plays part when using and configuring the firewall…that is also
why the security is very relative depending on your personal configuration… I think this is a flaw in most Firewalls today…cause it makes room for human error and for wrong configuration…in fact…the average users have very little or no idea how to set it up correctly, when the window pop up a lot of people will click “yes allow” even though they have no idea what it is… I wish Comodo was better of analyzing the processes them selves…

I hope this will be improved in v5, so that the user do not need to configure as much.

There is processes like for instance svchost I think is something that should had been pre-configured for out going traffic only. Thre is many more examples…

A closed port is seen, while a stealthed port is not even seen.

GRC states that the only fact of “seeing you” is a security risk, because the hypothetical hacker then knows that you “exist” and could try to use some other port on your computer:.
There’s no difference whatsoever between “closed” and “stealthed” is one is confident that all his ports are closed.
Moreover, institutionnal sites (call them Microsoft or whatever you want) are by definition “visible”, but supposed to be “closed” to whatever forbidden action.

The cis “furtive port” (is it its english name?) feature is supposed to achieve the “stealth” state, but shall never achieve it if the test hits your router, and not your computer itself.

In this event, you could plug your router off and repeat the test from a direct connexion using a modem if you have one.

Some routers have a option to deny ping (but in this category, some routers then also throw you out of your isp…) while, if your router is not concerned and you worry about ping, you must write firewall rules blocking echo request and echo reply.

Such rules have of course to be amended if you use a LAN, as you could want to allow the echo messages inside this LAN.

Well, I am very sure if he gets not stealth with default setting… it must be due his own configuraiton.

All Firewalls that is not stealth with default setting is a joke…and I strongly doubt Comodo firewall…would show ports with the default settings.

Try this:

Firewall → Stealth Ports Wizard and check Block all incoming connection

Now all your ports will be closed for Shields Up

CIS 4 default settings definitely make of it a “joke”, as the default behavior is to allow outbound, and that no firewall (since the lousy thing called “windows xp firewall”) ever should allow such a behavior.

This being said, and after stating that my computer is cis 3-grc stealthed, this does not mean much:
i could never achieve this state if my home router firmware had some open ports themselves tested, and again, the “stealth” concept is a notion created by grc; a firewall would stay very good if every port was seen as closed.

So, no, failing grc is not always due to a user configuration defective from the only mistakes of this user.

On another point of view, grc is not “The Holy Bible”: some other security sites use some other tests not included in grc, and even if grc was comprehensive, it wouldn’t be enough to state a computer as safe, as it only tests some vulnerabilities while e.g. various leaktests test several others.

It has shown port 113 as being closed but not stealthed with every version of CIS since 3.8 for me. I am not and will not run a beta of a security app. I’m using the 4.1 firewall at the present time.

Another thing is that I am behind a router that blocks all unsolicited incoming traffic before Comodo even sees it so maybe the test is invalid anyway. I never get a single intrusion attempt blocked by Comodo but when I check the router logs, there are many. The only reason I use the Comodo Firewall is to have control over outgoing traffic. If the Windows firewall had that, I would be using it instead.

i am also behind a router firewall so that may make a difference

Hey guys. Wow, more feedback than expected. I’ve already run the stealth ports wizard and looked over my firewall behavior rules and it wouldn’t make sense that any ports would respond. I’m not sure what exactly is keeping that port from being “stealthed”. Other than program permissions, what other settings could I be missing?

And I’m behind a router as well, so that doesn’t explain how you passed.

I guess my main question is, Does this really matter? Is my security compromised at all by this port being “closed” rather than “stealthed”? And the general impression I’m getting is that it doesn’t make a difference.

Looks like information overload,

If you are behind a router. The router is being scanned by GRC or whoever. Not your PC.

So there is nothing you can change on the PC that will change the results.

If you feel you must pass full stealth, find where in your router to make it not respond to external
ping requests.

On a theoretical level stealthed is better than closed, can’t attack what you don’t know exists.
But on a practical level, closed is closed.

You should be alright either way, so like with much in life decide which is more “comfortable” for you.


Bad Frogger is right.

Default setting on my (Actiontec) router is (Off). I run mine on (High). On off, ping will alert when GRC is run on my browser. On high, ping will alert again unless I uncheck “ICMP in” box in firewall settings.

Also suggest setting a password to safeguard modem settings from outside intrusion.

See latest post re DHCP. You may see why the default ISP password may not be sufficient, which by the way, is “admin”. I think because I did not have that in place, my modem went down.

Don’t worry, all those passwords are beyond safe. Default is gross…

Totally agree with that. :smiley: