How can I stealth port 139.

Only a newbie at these forums so go easy on me if I don’t explain this properly.

I recently installed CF as a switcher from Kerio. I belive CF has much stronger defences from leak tests and kill tests - hence my reason for switching.

I un-installed Kerio and performed a clean install of CF using manual mode. I allowed the programmes I use such as AV svchost etc. For the most part I appear fully stealthed having performed tests at both GRC and PCFlank. All tests at GRC can out perfect - PCFlank was almost perfect.

When using the Advanced Port Scanner in normal mode port 139 was closed, however, when running the test in SYN mode I passed with flying colours.

I have tried adding a rule in Comodo to deny port 139 but this didn’t appear to help.

Has anyone else experienced this problem and can port 139 be successfully stealthed. According to GRC port 139 can be difficult to stealth and to be honest I’ve tried other firewalls and they failed on port 139 as well. I guess this could be a software issues, but if I can’t forceibly stealth a port what’s the advantage of Comodo over say Outpost or Kerio.

I’ve also heard that V3 will be available in beta soon so does anyone know if this will be more hardened against these kinds of things.

Hello brettiex. Normally CFP should stealth all ports. If you don’t need File sharing to be enabled you should disable NETBIOS(ports 137,138,139). Firewall Leak Tester has a free tool for this. firewallleaktester.com - This website is for sale! - firewallleaktester Resources and Information. Download the Windows Worms Doors Cleaner v1.4.1 and disable netbios and try the port scan again.
(btw you should have post this under the “Help” section of the forum)

Nikolas

Thank you Nikolas for your response I will try this tonight. I don’t think I have sharing enabled but then again were’re talking Windows and as everyone knows it’s not the most secure out of the box.

Sorry for posting in wrong section. I’ll post in help section in the future. :SMLR

Had a look at this and ran the tool to diable NetBios Port, unfortunately although this may have worked it had the effect of denying me access to the internet.

I use cable and it would appear becuase NetBios was disabled this prevented DHCP providing me with a an IP address.

I’m going to look at this from a new perspective a try and build a new install fully stealthing port 139. If and when this fails I’ll post a new thread in ‘Help’.

Mine stealthed fine and I still have access to Internet, but I did get a message that netbios would be disabled after the next reboot.

I just started using Comodo Wednesday night after a phishing problem. I knew nothing about how to protect my computer (and still don’t)!!

Hello. Sorry i could not reply sooner i was on holidays. brettiex you are connected to the internet with a router or directly?

Sorry for the delay - connected directly. I’m going to install XP from scratch on seperate partion to try and replicate problem.

Not being very up on network ports and protocols do you know if I require Netbios when connecting through cable from VM? I’ve tried disabling on my current setup but broke internet connection so assume disabling netbios prevented me from obtaining an IP via DHCP.

I’ll tell you how I get on with new install once I get to do this, hopefully sometime at weekend, permitting the Mrs lets me. :SMLR

If you have not changed the default configuration of CFP, your ports will not be visible (ie, “stealthed”). Even though you are not behind a router, it is very possible that what is actually being scanned by online utilities such as GRC, is your ISP’s equipment (especially if you’re cable). A better test of security will be to use a resident scanner such as SuperScan 4 by Foundstone. It will show actual open ports.

When looking at these issues, there are a few things to keep in mind…

Stealth indicates that a computer is completely dropping the packet used to ping it. There is no response. Now the only way someone knows to ping you is if they already know (or suspect) that a computer is there (remember, your browser clearly shows that you’re there…). If there’s no response, that confirms it, and they know there’s a firewall. A normal response to a closed port would be a “not accessible” sort of reply. That confirms there’s a computer there, and a firewall. Either way, the result is the same. The key is that you do not want open ports; doesn’t really matter if they’re “stealthed” or closed.

With that in mind, there are some firewalls that actually hold all ports open, in order to monitor activity and drop all packets used to ping (thus resulting in “stealth”). CFP does not do that. Its network monitor simply blocks all packets that are not explicitly or implicitly allowed. So if you are not getting a “stealth” response, there is nothing you can change in CFP to result in it, as it doesn’t work that way - and, it’s probably the result of hardware along the way. It also does not open ports. If an application is allowed to “Listen” for inbound traffic on a port, and there’s a network rule to allow that port to receive inbound traffic, and the application is running, then the inbound traffic will be allowed for that application. If all those conditions are not met, it will be blocked.

Hope that helps,

LM