need clarification for CFP 3 install

During the installation of CFP 3 for step 2 do i choose Do not automatically detect the new networks?
or do i just choose nothing and click “Next”

Step 2: If you wish your computer to accept connections from other PC's in this network or for printer sharing, then also select this option (e.g. a work or home network). This will then become a trusted network. Users that only have a single home computer connecting to the internet should avoid this setting. (I am behind a router with a single computer connected to the internet)

You know, I have a pretty similar setup - you would think I could remember what I did… Anyway, if you have a router, it has a network address too (you usually configure them by opening your browser and typing in the address of the default gateway). If that sounds familiar, and it should, let CFP detect the network, small as it is.

Hi Anotherone, thanks for the response

my router I have configured and its not causing any problems with the firewall.
I first had the option in CFP 3 set as Step 1 my ethernet adapter card name was selected and for Step 2 i had selected "I would like to be fully accessible to the other PCs in this network.

but I noticed in the help file in the firewall that it states →

Step 2: If you wish your computer to accept connections from other PC’s in this network or for printer sharing, then also select this option (e.g. a work or home network). This will then become a trusted network. Users that only have a single home computer connecting to the internet should avoid this setting

So I thought its best I do that, so I had to uninstall CFP 3 and install it again from scratch :-[

This time i have Step 1 my ethernet adapter selected and for Step 2 I ticked neither of the boxes and just clicked “Next”

so umm was why I need some clarification if I did the right thing or maybe should I have ticked “Do not automatically detect the new networks” before clicking “Next”

its a bit confusing lol… I wish we could go through the wizard again for that anytime after the firewall is installed and setup, instead of it only appearing during the initial install and setup of the firewall :frowning:

I think you can remove network zones using the section shown in the attached screenshot.

The second screenshot shows where you can remove any rules set for a network zone.

If you remove the network zones and rules and ensure miscellaneous/settings “automatically detect new private networks” is ticked you should then get the chance to go through things again. (I think - still learning myself!)


[attachment deleted by admin]


I find it kind of daunting if I was to try and create my own rules and policies, because its something I don’t understand and get ??? so i won’t be trying that

CFP 3 seems to be working better on this install though with just Step 1 with my ethernet card selected and Step 2 both of them options I left blank and just clicked “Next” fewer freezes during loading of the desktop now :slight_smile:

A couple of things I hope the new user guide that is being written will cover and thats when there is a firewall or defense+ alert asking if i want to trust an application or file which I want to and it gives various options as to do i want to “allow this request” as a web browser, (I get the web browser one cos the help section explains what to use that one for) , or application or trusted application, or system application or windows application, and so on :-\

well hmm the help guide only covers web browser, I think it would be very crucial to give us examples in a guide as to All the other options, otherwise we will be getting it wrong since it will be guessing work for some of them :-[ (we kind of need to know that stuff now though, is there anyone who can make a post describing examples for those like how the help section describes this one, which is the only one it does :frowning: in the Quote below →

For example, you may choose to apply the policy ‘Web Browser’ to the known and trusted applications ‘Internet Explorer’, ‘FireFox’ and ‘Opera’ .

Another thing, I tested CFP 3 without my router and it shows two ports closed instead of stealth.
port 1030 & 139 is there anyway i can stealth either of them with CFP 3?

Well, you can define a home zone and then run the Stealth Ports Wizard to make that a trusted zone with all other connections stealthed, but you don’t sound like you want to try that. If you allow the install to detect your network, I think that it does the LAN defining and port stealthing for you.

Hi, I had to give up on CFP 3.0 because it started to cause some serious system problems even to the extent of continouly corrupting critical files and causing hard reboots which eventually lead to corruption of my HD itself :frowning: fortunately though I put an end to all that before it corrupted my disk too much and after a 6 hour scandisk/error checking scan its all fixed now.

I think I know why port 139 for me shows as just closed, its because I probably unbinded that port and shutted it down, was something I used to always do to secure my PC and because its a port my system and connection doesn’t rely on or need. (something i read & learnt about on GRC site years ago lol 88))

port 1030 i have stealthed, not sure why CFP couldn’t automatically stealth it. but am back just using Winxp firewall and its got it stealthed which is what i wanted. just sport 139 is not stealthed.

I’m not quite sure if my router relies on port 139 netbios service being enabled or netbios allow with TCP/IP in the network settings, it is something I will check and see if I can completely remove Netbios port 139 or do i need to keep it to allow my internet connection to work. :-\

I’m fairly new to routers not had mine for long, but before i had one disabling or crippling port 139 had no effect on any connection i’ve had or used, and the port would show as close was no way i could mask it as stealth which I wish i could so that my system is fully stealthed from any probes

There is usually a hardware firewall in routers. This should have all ports stealthed by default. If a port scan shows an open port, you would have to check your router’s port configuration or port forwarding.

Hi AnotherOne,

I checked the router’s advanced webpage interface

I have the routers firewall enabled I checked that to make sure :slight_smile:
below in the quote is the desciption for my router’s firewall, I couldn’t find any mention of port forwarding in my router’s configuration any where.

Configuring the Firewall Your Router is equipped with a firewall that will protect your network from a wide array of common hacker attacks including: • IP Spoofing • SYN flood • Land Attack • UDP flooding • Ping of Death (PoD) • Tear Drop Attack • Denial of Service (DoS) • ICMP defect • IP with zero length • RIP defect • Smurf Attack • Fragment flooding • TCP Null Scan The firewall also masks common ports that are frequently used to attack networks. These ports appear to be “Stealth”, meaning that for all intents and purposes, they do not exist to a would-be hacker. You can turn the firewall function off if needed; however, it is recommended that you leave the firewall enabled. Disabling the firewall protection will not leave your network completely vulnerable to hacker attacks, but it is recommended that you leave the firewall enabled.

I googled and found this site →
so it gave me an understanding on what Port forwarding is. my IP is not static, its Dynamic so I won’t try setting it up to be Static.

I have determined from trying it that my connection via the router does need Netbios enabled as a service for me to have connection to the internet, but I have unbinded/disabled the TCP/IP protocol over the internet and LMHosts lookup in the network configuration for my connection and it works fine without them and I have TCP/IP NetBios helper disabled.

I was wondering something else though, in System Properties/Hardware/Device manager (+Non-Plug and play drivers/NetBios over Tcpip in the Driver tab in current status Startup Type mine is set to Automatic, what do the other types do?? ie; Demand and System? cos Demand sounds like a Manual service and that is invoked only when a dependecy requires it. I’ve tried googling any information about it but I can’t find anything about it :-\

I would like to try that startup Type set to demand only if I can find out a bit about it so I have an understanding on the differences.

I hope you can clue me in on that if you know :slight_smile:

Thanks and I appreciate the input you’ve already given me :slight_smile:

P.S btw its only test site that shows port 139 as closed instead of stealth for me, GRC shieldsup and any other test site shows port 139 as closed, but PCflank is one of the sites I used to use years back to test my PC’s stealth and long back it would show port 139 as stealth since i had every Netbios port and dependecy diabled via that GRC Netbios utility that GRC used to have that locked turned it off. unfortunately now I cannot turn netbios off since my connection and router requires it enabled to connect to the internet. but as you suggest, there must be a way to make it stealth and thats what I want :smiley: so any help or info you can provide is great :slight_smile:

Since you have a router, the port scans will be testing the router stealthing. Your CFP firewall should not accept any queries from the router due to the Block; ICMP; in; Msg = Ping, rule in the Global rules tab of your Firewall>Advanced>Network Security Policy page. Your elimination of the TCP/IP Netbios helper service is a good plan, and I am a bit surprised that your router uses that protocol to communicate with your LAN. I was going to suggest that you try closing that port in your router since the router port should not need to be open to the internet for LAN traffic to work, but if I am wrong, I don’t know how you could fix that - a total reset for the router, I guess. Anyway, the description of your router must come from some general description of the device. You can find out more by opening the router’s interface. To get the router’s address, click: Start>Run>and type cmd and press Enter. At the DOS prompt, type ipconfig and press Enter. The “Default Gateway” is the address of your router - usually something like open your browser (IE 7 or Firefox)and type the address in the address bar and press Enter. This should open the configuration window for your router. Don’t change anything there unless you are sure that you understand what will happen as a result. You might find some informationabout the way it is set up there. You may also want to try a search for Help documentation for your router (make sure to use the exact model number).

Hi AnotherOne,

I’ve been to my router’s webbrowser interface and I have ping blocking enabled as well as SPI firewall and mac as hidden and selected as the only Mac address my PC should respond to is my own. I’ve read through my router’s pdf manual and i cannot find any further confuguration option relevant that i have not configured already.

everything else in the config is for if i want to set up a DZN zone or VPN or if i have more than one computer connected to my router (which i haven’t) and to set them up in a secure way.

port 139 yeah its a weird one, before i had my router on my old PC same broadband modem I could connect to the internet even if I had netbios services ports 137 - 139 completely disabled, now I defintely can’t disable netbios service from being an active process cos then i lose connection to the internet. my guess is my router relies on that service for renewing my ip and updating any changes.

I am curious as to what does netbios over tcpip in device manager non plug and play devices does. it is set to startup type = automatic, but it has a few other startup type options like system and demand, and i’m wondering what is demand for. if you know and could allaborate on that one i would be greatful.

thanks :slight_smile:

I suspect that the Netbios overTCP/IP:non-plug and play devices may be necessary for your modem. You could try switching it to manual and then see if your modem is still working. Usually the Plug and Play services are not necessary unless you are adding or repairing some peripheral’s setup. It may be unnecessary once the device is configured. Just be sure that you remember that it is set to manual if you ever need to fix the router’s installation.

If the port is CLOSED you have nothing to worry about.
Nobody can get in. It is like a closed door.

If the port is “stealth” (sic) it does not respond to probes, so for the scanner the port does not exist.

There is a lot of debate going on about the question what is safer.
I won’t go into that.

Fact is if the port is closed you are safe.

If you really want to stealth the port there is one trick :

Goto your router page:

Forward the port to a nonexistant ip in your subnet. So an IP were NO pc is connected.
Then when a request hits that port it is forwarded to nothing…

The server gets NO response and thinks the port is nonexistent.

The port is “stealth”

Hi all,

I’ve tired setting netbios over tcpip in device manager/non plug n play devices/netbiois over tcpip startup type to “demand” my connection still works but it makes no difference, PCflank still sees port 139 as closed instead of stealth and giving it an orange warning smiley.

I tried disabling the port just to see what happens, but as i suspected my connection then doesn’t work my modem or router loses connection to the internet and can’t establish a connection with netbios over tcpip set to “disabled”

I read about port forwarding by doing a google for “Port forwarding” and it states to use port forwarding one has to have a static IP and set their router up in the web advanced interface to Static IP then only one can do port forwarding.

as I’ve stated though my IP is not static, its Dynamic so port forwarding is not a viable option for me to do.

Main reason I’m a bit paranoid, is because last month about 3 weeks or a bit ago, a hacker got into my computer i think it was intentional not random. probs with an ex and her being malicious and trying to get strangers to mess with me including already getting a black hacker to mess with me already in end of septemer to mid october.

Anyway it happened when i rebooted my computer, during winxp startup and loading of the startup processes, taskbar icons. I had CFP 2.4 installed but i think before it had loaded in the system tray, my mouse just began moving and going through my start menu and selective programs started opening up and looked like someone was looking through my doecuments. this wasn’t some random thing it looked deliberate and was damn fast. Anyway I turned off my modem after a few minutes and as soon as I did it stopped.

I think the person whoever did knew my IP address from my ex, so since then I’ve been trying to protect my PC as best as I can.

anyway there’s a little bit about why I’ve been trying to lock my PC down securely over the internet

Btw, I only bought my router around mid october after my ex got a hacker and i mean real hacker >:( to initially mess with me, but that was all sorted out with that person, but after thatof course i got a bit paranoid, mainly that someone who can get in anyones PC knew my IP,

So a week after that incident in October i bought a router after talking to a mate whose been in the IT engineer for 20 odd years and he helped me determine what router would be best for me.

but as I said in november even after I installed such things as CFP 2.4 and BOclean as additional security measures, someone still managed to get in my PC by just knowing my IP address when I rebooted my PC and during WinXP loading its statup stuff and taskbar icons.

anyway this might have happened to a few already, so I’m sure you can understand my dilemma and paranoia some as in trying to get my PC securely locked down on the internet, so such stuff can never happen again

Reguarding this incident are you sure there is nothing malicious left on your computer?

I have a router at home and when my stepdaugher is home (No Firewall Apple Mac) she gets the same result as I do all ports stealth which means the router is always checked not your computer.
I only used the firewall as a means of control for process and in/out bound connections not to stealth my ports.

Hi Dennis2,

Yeah I’m pretty sure there is nothing malicious left on my computer, in october only thing i found was a generic trojan thats part of gamespy its spyware. i have gamespy arcade but rarely go on it anymore, only that piece of sypware is on my computer because its part of gamespy and if I remove it, it would make gamepsy not work since its a vital dll compent file of gamespy.

From when i first started to get messed with cos of my ex >:( i since started to do regular scans to make sure my PC has nothing malicious on it. I run cureit, avg rootkit, kapersky online scanner, secunia software inspector, trend housecall, panda online scanner and probably a few others once a week, and i have AVG AV installed, Boclean and Sandboxie, I use sanboxie sometimes when browsing the net if I’m gonna go to a site thats a bit insecure. and I am also behind a router, I did use CFP for a while but I think the problem for me is it doesn’t protect my PC quick enough when I do a reboot and WinXP is loading up, so I’ve gone back to Winxp mainly cos CFP 3 causes too many system issues for me right now for me to currently use it. I mainly watch streaming movies or tv stuff online or I download them.

anyway my PC reports a clean bill of health via all the different scannings I’ve used, only gamespy which has a generic trojan I don’t mind since its just a spyware, apart from that oh and sharezza every scanning reult shows my PC is clean from infections or malicious software, only sharezza and gamespy are reported as being malicious but I can live with that.

I guess my paranoia comes from worrying about whomever gaining access to my PC via my IP address since its happened once already which I am 99% certain of :-[ its why I would prefer if all my ports showed up as stealth instead of port 139 showing as closed and thus revealing my PC’s presence.

i am still learning about net secuirty, I hope as I mature in learning some I am able to lock down my PC secureness from any kind of unauthorised access to it via my IP address over the net, since thats my main concern and the one thing that had me worried more than anything else after my bad experience :frowning:

P.S with my router connected or without Port 139 always shows up as closed on PCflanks basic test. even when I tried CFP it was the same result, so its a bit annoying for me that all my ports are stealthed but that one always comes up as closed on PCflanks >:(