Firewall fails GRC Shieldsup ping test

THD · February 14, 2014, 11:38am

GRC ShieldsUp! Shields UP!! — System Error test of All Service Ports [the first 1056] ports on the machine yielded results as follows:

"Solicited TCP Packets: PASSED — No TCP packets were received from your system as a direct result of our attempts to elicit some response from any of the ports listed below — they are all either fully stealthed or blocked by your ISP. However . . .
Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to “counter-probe the prober”, thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since “Ping” is among the oldest and most common methods used to locate systems prior to further exploitation."

Trying to fix this, I first Stealthed ports with middle option, the “alert me to incoming connections and stealth my ports on a case by case basis”, then redid the GRC test. Fail again, so stealth the ports to “block all incoming connections and make my ports stealth for everyone”
AGain, the ping test failed.

Can anyone help me with the steps to take to find out which port/s are responding to the pings and then to properly silence them?

SanyaIV · February 14, 2014, 12:50pm

Are you behind a router?

THD · February 14, 2014, 1:13pm

yes. Thanks for your response. can a router respond to a ping?

SanyaIV · February 14, 2014, 1:19pm

Yes, most likely you’re using NAT which means the GRC test doesn’t test your actual host machine but rather your router.

You can test your computer directly by setting it up in DMZ or connecting it straight to the modem bypassing the router. (If you have a router and modem in one machine you can often turn off the router feature)

THD · February 14, 2014, 1:26pm

I seee. Well I can probably figure out how to set up the DMZ, but of more immediate concern is how to silence the router/modem. Is that a discussion for this forum, or do I have to go and ask the modem manufacturer?

SanyaIV · February 14, 2014, 1:30pm

You might get an answer here: https://forums.comodo.com/general-security-questions-and-comments-b85.0/ But I’d recommend contacting your ISP or the manufacturer, or checking the manual.

Edit: It very much depends on what router you have, not all routers support dropping ping requests.

THD · February 14, 2014, 1:46pm

Right. With the last one I had, every test was passed. This is annoying. I’ll read up, then if no joy repair to General Security.

Thanks for your helpful info Sanya

worldwidewiretap · February 19, 2014, 5:44pm

cfusr, I would first verify if the respond to wan ping request opotion is (unchecked) in your (router), reboot if necessary, then rerun the test.