Is Comodo Firewall Secure? [Resolved]

I used Sygate Firewall before Comodo Firewall. I use Essential Nettools (from other pc through internet) check my open ports. It shows more open ports than sygate firewall. ??? ???

[attachment deleted by admin]

Hey devmayh,
I quite recently did the shiels up! test on grc.com and EVERY SINGLE PORT was PERFECTLY STEALTHED. Having read other posts in this forum I think this is what most people here get as results when checking for open ports.
Unfortunately I have to go now but as soon as I’m back I’ll try to help you out (I’m sure by then you’ll be already sorted out thanks ;D These folks are quick to reply and very wise ).
However, thought I’d just share my experience to assure you that - providing CPF is configured correctly and successfully installed (nothing implied here!!!) - it is one of, if not the safest and best fw around.
Keep the faith in Comodo and don’t be discouraged.
(R)
I, for one, will get back to you asap.
Cheers,
grampa.

Thanks for reply
Yes online security web pages say all my ports are stealth. But as i said Essential Nettools shows some open ports and also shows information about my pc like operating system, workgroup , mac address etc.
Somehow it connects my pc and collects this information without my permission…

Hi there,
I’m back home and very inclined to help you (though I’m not sure I can not knowing Essential Nettolls myself).
However, I did some research on google to learn a bit about this prog.
Here are some questions I’d like you to answer just so that I (and others) might get a better picture of what’s been happening.

So here we go:

  1. Did you run “port scan” in “conventional” or in “stealth” scanning mode?
  2. Was CPF’s secutity level set to allow all, custom, or block all?
  3. Did CPF display any alerts when you started “port scan”? Which?
  4. Your open ports are the following?
  • smtp : 25 (standard)
  • pop3 : 110 (standard)
  • epmap : 135
  • netbios-ssn : 139 (Are you running a home-network? If so, is the computer on which you are running EN part of that homenetwork?)
  • imap : 143
  • microsoft ds : 445
  1. Do you run XP Professional? If so, what is your setting for the TELNET service?

I certainly forgot to ask something but these information might already help a bit.
Cheers,
grampa.

Have you set up a trusted network that includes the IP address of the PC you’re running the probe software from?

If so, CFP has allowed it to interrogate the other PC because it’s explicilty allowed to as its in the same zone.

Ewen :slight_smile:

Thanks again for your reply grampa
About your question

  1. I dont know - also don t know diffrence betwen them
  2. Protection Strenght is Excellent and at the upper left there is yellow point (Custom). I just change settings to open port for utorrent
  3. No
    4.Results are in my first message, i dont know more
    5.Yes. About Telnet,I dont know

essential nettools is Network & System Toolkit (says in its web page) but you can hack most of pc with it easily.
you can download it Downloads - Wired and Wireless Network Analysis Software by TamoSoft

Thanks for your reply panic.
Pcs has no lan connecion and i dont set up a trusted network

Hey,
why did I ask these questions?

  1. If you run Essential Nettools in stealth mode the following can happen.
    From the manual:
Also, please note that running firewall software (including the built-in Windows XP firewall) on your computer may affect the scanning results in the stealth mode, therefore it is recommended to temporarily disable such software during the scanning process.
http://www.tamos.com/htmlhelp/nettools/portscan.htm

2+3) It’s a bit strange that CPF didn’t alert you in “custom mode”. This can actually lead us to several conclusions:

  • You disabled alerts or made other changes (in the “advanced” section) which causes this
    behaviour.
  • Comodo didn’t install / is not working correctly. (probably not)
  • Your network control rules are not sufficiently defined (maybe, but if you’re not on a lan and
    didn’t change the defaults, then probably not)
  • probably others I can’t come up with so fast :smiley:
  1. Just wanted to know if you’ve made any changes to the standard ports and find out if the “scanning computer” was part of a homenetwork - port 139 being used for Windows file and printer sharing)

  2. On second thought, I don’t think this is related to the problem :wink:

Please tell us (using my notes on questions 1,2+3) if any of this could be related to your problem.

Cheers,
grampa.

EDIT:

What did you change? (Though this is probably not related to your problem. However, one can never know. ;))

devmayh

I use Essential Nettools (from other pc through internet)

You say your connecting to your PC, from another, over the Internet? How is your PC (the one you are scanning) connected to the Internet. Dial-up, router, cable modem…

Toggie

Welcome to this forum!

These network rules could be put on top of the others.
modify your network range accordingly…

BLOCK and LOG TCP or UDP IN FROM IP NOT IN RANGE 192.168.0.0 -192.168.255.255
TO IP RANGE 192.168.0.0 -192.168.255.255 WHERE SOURCE PORT IS [ANY] AND DESTINATION PORT IS IN [135,137,138,139,445]

BLOCK and LOG TCP or UDP OUT FROM IP RANGE 192.168.0.0 -192.168.255.255 TO IP NOT IN RANGE 192.168.0.0 -192.168.255.255 WHERE SOURCE PORT IS IN [135,137,138,139,445] AND DESTINATION PORT IS [ANY]


[b]NOTE:[/b] If you are using a modem and you do not make use of lan apply these instead:

BLOCK and LOG TCP or UDP IN FROM IP [ANY] TO IP [ANY] WHERE SOURCE PORT IS [ANY] AND DESTINATION PORT IS IN [135,137,138,139,445]

BLOCK and LOG TCP or UDP OUT FROM IP [ANY] TO IP [ANY] WHERE SOURCE PORT IS IN [135,137,138,139,445] AND DESTINATION PORT IS [ANY]


Here you are...

Next step:

0. Did you reinstalled your modem drivers or changed its settings?

1. Do you use file & printer sharing? If not (or if you don’t know) disable it in your modem settings and also disable netbios over tcp/ip in tcp/ip advanced settings

2. Do you run an e-mail server? If not (or if you don’t know) add also port 25, 110 and 143 to the BLOCK and LOG TCP or UDP IN rule.

eg. DESTINATION PORT IS IN [25,110,143,135,137,138,139,445]

3. Do you run a news server? If not (or if you don’t know) add also port 119 to the BLOCK and LOG TCP or UDP IN rule.

eg. DESTINATION PORT IS IN [25,110,119,143,135,137,138,139,445]


[b]PS.[/b] If you care about pc security hang around this forum and look for tutorials. No firewall is secure if the user make wrong choices. Every app need to be finetuned to suit its user needs.

Thanks for replies
Grampa was right
“- Comodo didn’t install / is not working correctly. (probably not)”
I just downloaded comodo firewall but forgot to install it… (:TNG) (:TNG) (:TNG) Joking
It showed “Protection Strenght is Excellent” everything was on etc… but it wasnt. I uninstalled and installed Comodo firewall and know the result for Essentail Nettools port scan changed and The result are same as Sygate Firewall :-\ ???
Gibran maybe you are right (i am not sure it is because of my wrong choices …probably not)
but at least program should warn user about security risk.

[attachment deleted by admin]

In the English language adverbs can relate to more than one verb (:NRD)
:wink: Just joking - very funny remark! I really mean it (:LGH) (:LGH) (:LGH)

However, since you don’t seem to have tried gibran’s rulesetting I have another question for you:

Does Comodo show any alerts when you set CPF to block all and then run the EN test?
Just to make sure your current rule set does not evoke any security risks for you.

Any news on the CONVENTIONAL vs. STHEALTHED port scanning front???

Have a nice day,
grampa.

Glad you solved the issue. :■■■■

Maybe that wasn’t the nicest way of express myself ;D but I wanted to point out that there is much more to learn about firewall security to use CPF properly. You have to finetune it to suits your needs, not doing so will only grant you a false sense of security.

CPF is not a security auditing tool, it has protection and logging features but any of these can be disabled if you want it this way and the firewall won’t complain. If you want it to alert you on or log as many events are possible, it will do so if you cofigure it that way.

The default settings give users a simplified protection to let them get used to the firewall. If they need more protection they have to enable it.

From a security point of view your pc has some email & new server enabled this is a fair uncommon thing than File and Printer sharing enabled. You didnt tell us if you want them on.

Another thing all forum members would benefit to know is if CPF protocol Analyzer can log nettools scanning attempts. There are many scanning techniques so it iwould be useful to know if this tool attempts can be logged.

Thanks grampa for english lesson . (:AGL) (:AGL) My message summary was you are right, comodo firewall wasn t working correctly . Nothing more.
About Alerts i will check them when i go home and it is “CONVENTIONAL " .
Gibran there isnt problem about way of expressing yourself for me. Sorry for my poor english. I am using comodo about a week . i dont know much about it but in my opinion"protection strength EXCELLENT” means you are protecting from threats with valid settings.

Grampa saves the day yet again! (:CLP).

If I am misinterpreting that this issue resolved, just contact me or another mod/admin to open this thread.