How Can I Block Pings And Leaks?

Comodo Internet Security - CIS Firewall Help - CIS
#1

Hi,

I’m a relative newbie to security issues. I have a Sony vaio laptop with Windows Vista 32 bit and Service Pack 2. Previously, I had a wireless Verizon FIOS connection with Verizon’s Actiontec router. I recently changed the connection to wired. I have Norton 360, so I just installed the firewall part of Comodo. I found a place in my router to not respond to pings, and therefore was able to pass grc.com’s shields up ping test.

(I didn’t change any other router settings like WEP or WPA or anything when going from wireless to wired because Verizon was very unhelpful and just told me that it was “plug and play” when I would insert the cable. In fact they told me it was impossible to turn off the response to ping. But that’s another story I suppose.)

The leak test failed until I installed Comodo and told it not to allow the leak test to go through.

When I go to speedtest.net, they are still able to ping me. Why should they be able to ping me if I had the router block pings, and if I passed the shields up ping test? Am I mixing apples and oranges here? Are they different types of pings?

How can I configure Comodo to block pings?

When I told Comodo to block the leak test, I passed the test. Am I truly now blocking leaks, or is it just that one leak test program that I am blocking?

If I’m not really blocking leaks, how do I configure Comodo to block leaks?

!ot! I’ll try to post this in the appropriate board as well, but if anyone here knows the answer I would appreciate some help on this as well. Every so often, maybe 2 or 3 times a month while I’m online I hear Alicia Keys singing just the words “keep on falling” from her song.

I can’t find where it originates. There is no music video or audio on whatever website I am on at the time.There is no pattern regarding the websites visited when it happens. I have done multiple scans since in addition to Norton 360, I also have Webroot Spysweeper with Antivirus. I even restored the entire C drive and reinstalled Vista, (because my computer was so slow it was almost going backwards) and the song continues to come just like before. I have deleted cookies, deleted history, cleared caches, name it.

Is it a virus? What am I dealing with here? If no one knows here, should I post in the antivirus topic? It isn’t really on topic there either, since I don’t have the antivirus part of Comodo.

Thanks in advance for any help you can give a newbie who is a little uncomfortable with technical stuff like tampering with registries and settings and such.

#2

Hi Mindy,

Welcome to the forums.
If you look at the global firewall rules (Firewall, Advanced, Network Policy, Global tab).
There should be a default line stating Block ICMP in any any Echo Request.

Is it still in place ?
Did you use “Stealth ports wizard” ?

If it’s still there then it’s not your PC replying to those request then it must be a device between you and the site that is scanning you, as you wrote most probably your router.

Regarding the played audio that sounds very strange :wink:

#3

To get stealth use the Stealth Ports Wizard under Defense + → Common Tasks. When in the Stealth Ports Wizard choose “Block all incoming connections stealth my ports to everyone”–> Finish.

As to the unsollicited music. It only happens when you are online using a browser? When it happens close all websites you have open one by one and see if it persists (I assume you have a browser with tabs). When it is still there when all pages are closed see to what site the browser is connected to. To see go to Firewall → Common Tasks → View Active connections.

#4

Hi Ronny,

Thanks for your reply. There was nothing in the area you mentioned. The global firewall rules area was completely blank. So I edited it. Is this what it should look like?

Block ICMP IN/Out From IP Any To IP Any Where ICMP Message Is Any.

I didn’t put a check in the box saying “Log as firewall event if this rule is fired.”

No, I didn’t use the “Stealth ports wizard.” My system had already passed the portscan test at grc.com’s shields up test. All ports were stealth.

Should having the global firewall rules set as above stop both leaks and pings?

Thanks in advance.

#5

Hi Eric,

I think the music happens with any browser, but I’m most commonly on AOL. I’ll check next time it happens.

The problem is it’s not the full song, only those 3 words, then it’s gone not to be heard again for another month or so.

I was already stealth by the shields up test. If I use the stealth ports wizard, will that stop both leaks and pings?

Thanks in advance.

#6

Hi Mindy,

Strange, default global rules should look like this:

You can find more “defaults” here:
https://forums.comodo.com/install_setup_configuration_help/what_are_the_defaults_for_comodo_internet_security_cis_311108364552-t44478.0.html

So based on the Rule you created i’d say make it look like the above image or rerun the stealth ports wizard and select the 2nd option, which should have the same result, but make sure to close the policy windows first and then use the stealth port wizard, otherwise you might overwrite the rules…

#7

Do you happen to have a shared toolbar on all of them or something else that could be similar to all browsers ?
Like do you always have the same startup page, a igoogle page etc ?

#8

When using the Stealth Ports Wizard to stealth Comodo you will have different Global Rules than the rules as shown by Ronny; he is showing the default rules.

#9

Eric isn’t SPW option 2 creating the “Defaults” ? That should be marked as a BUG then.

#10

I don’t know, actually…

I always use option 3 as one of the first things after a clean install to stealth my system. I have done this since the beginning of times it seems…:wink:

#11

Where are you seeing the pings?

If you are seeing the word ping in the results of the speedtest, that would be an outgoing ping from your machine. In other words, you pinged the server hosting the speedtest, not the other way around.

The ping is a way to tell how far away you are from the server you are running the test on.

[attachment deleted by admin]

#12

Hi HeffeD,

Oh, I see! I didn’t realize the difference. There is so much I have yet to learn.

Thanks!

#13

They are the same. I don’t think it’s a bug; it just happens that it’s configured to build that “stealth” as default.

SPW with the third option is what you’d want to do, Mindy26, for a home computer. This is the “BLock all incoming connections; stealth my ports to everyone” entry.

LM

#14

My PC has failed the GRC SheildsUP! Common Ports ‘ping reply’ portion of the test.

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since “Ping” is among the oldest and most common methods used to locate systems prior to further exploitation.

Can I make my system invisible using CFP?

P.S. I’ve previously selected ‘Block all incoming connections stealth my ports to everyone’ in SPW - it still failed the ping reply test.
I had to uninstall CFP v3.10 and install CFP v3.11 to regain Network Security Policy, Global Rules defaults (as in Reply #5, above).

#15

Are you behind a router? If so then the NAT/firewall of your router is probed.

#16

Yes, I am behind a firewall router.

sigh Sometimes, ignorance is bliss. Every time I explore a possible security vulnerability, I worry myself silly :cry:

#17

Best thing is to keep asking until all your questions are answered. You may learn a lot in the process… :wink: