I’ve been using the Comodo firewall for some time and I’ve been happy with it. When I had DSL through an ATT modem, I always passed all the GRC tests.
I moved into Qwest territory and I needed to have their modem. I installed their software and got the modem running. I went to GRC to test and I passed most tests but I got a FAIL in one area.
“Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since “Ping” is among the oldest and most common methods used to locate systems prior to further exploitation.”
I always passed this test before but now I do not.
I went into the Comodo settings and experimented with everything.
In the Stealth Ports Wizard, I tried “Block all incoming connections, stealth my ports to everyone” and it didn’t work.
I changed the Global Rules according to the directions in the Network Security Policy and it didn’t help.
I removed 2 network zones and it didn’t help. The loopback zone came back by itself.
I tried paranoid mode and it didn’t help.
I tried different general settings and it didn’t help.
I’m not a computer expert. I’ve experimented and tweaked with all the settings that the Comodo Firewall offers and I still continue to get the FAILED message at GRC.
Can anyone help me out with this? It’s rough feeling vulnerable while surfing when I have felt safe for soooo long.
There are a few possibilities here, your new “modem” responds to the packet, maybe it’s configured as a router ? do you get an ip address of 10.x or 192.168 on your local network adapter ?
Can you set the following in Global rules and see if it matches.
Block & Log
ICMP
IN
Source Any
Dest Any
Type Echo Request
Now make sure this is the very first rule an the global rules list, apply the policy and rerun the GRC test.
Now if there is a device before CIS replying to it, you won’t see a blocked match appear.
If the rule show’s a match then there is something in your firewall rules that passes it.
I do see 192.168 in my Source / Active connections list under the firewall tab… My Windows Local Area Connection status also shows my IP as 192.168.0.2. If the modem is configured as a router, I don’t know what to do about it.
I entered your global rule into the list and applied it. I moved it to first position. I then re-ran the GRC test and I still failed. I looked around on the different lists for the blocked match you mentioned but I didn’t see anything that looked similar. I went back to the global rules and your new rule isn’t there anymore. It vanished.
I’ve noticed that it seems like I click to change the settings for the firewall but the firewall ignores my changes and does whatever it wants. I don’t know why it does this.
It seems that the “Block all incoming connections stealth my ports to everyone” under the Stealth Ports Wizard should fix the problem. I choose that function, it says my system has been properly configured, and when I reopen the Stealth Ports Wizard the selection is back on the “Define a new trusted network selection.” It’s like the firewall just ignored my request to change the option and it did whatever it wanted to.
Any ideas what I can try next? I opened the phone and modem options in the control panel and I didn’t see anything there that looked like a fix.
When you run the ShieldsUp test, it will display the IP address it is testing. If the tested address DOES NOT begin with either 192.168.X.X, 172.16.X.X or 10.X.X.X (these are all private address and are generally non-routable across the internet), then ShieldsUp is receiving a response from another device in between your PC and the ShieldsUp host, most likely your modem.
Given that you have changed ISP’s which has forced a change in modems, and the problem first appeared when you changed modem, logic would dictate that the modem is the root cause of the introduced problem.
What brand and model of modem did they supply you. I’ll see if I can find out how to disable ping replies and post the results back here.
I've noticed that it seems like I click to change the settings for the firewall but the firewall ignores my changes and does whatever it wants. I don't know why it does this.
It seems that the “Block all incoming connections stealth my ports to everyone” under the Stealth Ports Wizard should fix the problem. I choose that function, it says my system has been properly configured, and when I reopen the Stealth Ports Wizard the selection is back on the “Define a new trusted network selection.” It’s like the firewall just ignored my request to change the option and it did whatever it wanted to.
When you run the Stealth wizard, the firewall does create appropriate rules. This can be verified by checking the Global Network Policies. It doesn’t indicate that the wizard has been run if you re-check it, which can be a bit confusing, but it has done what it is supposed to do.
When I switched to Qwest DSL the initial configuration (as set up by following the Qwest instructions and whatever wizards they ran) had the Qwest modem and my router on the same network. I don’t remember what the network address was, precisely, but it was 192.168.xxx.xxx. I had a variety of wierdish problems (including inability to browse to any Microsoft website) but all went away when I changed my router’s IP address to a different network.
When I run the Shields Up test, it does display my current IP. I have a dynamic IP but it always shows the current IP for the test.
The brand and model of the modem is Actiontec M1000. I’ll disable the ping replies if you can tell me how to do it. I’m willing to do whatever it takes to get me back to a clean Shields Up test.
I tried calling Qwest computer technical support and I got a gal in the Philippines that had no clue what I was talking about. I think I’ll call them again and see if the next rep. is more competent.
I don’t use a router so that solution won’t help me here. The problem is probably in the modem and all I can do is hope that Panic or someone else can help me out with a fix. Configuring the firewall in different ways does nothing to fix the problem.
At one time I was able to access the Actiontec modem configuration by just browsing to its IP address, but I don’t remember if I needed any credentials. If you do, try the obvious ones of username “Admin” and no password, and so on. Something is tickling my brain that the default password might be 1000. If you get logged in, then it should be easy find and disable Ping replies.
I called Qwest again and told them about the bad rep that I got the first time. The new gal felt so bad that she made an effort to get me some real help.
After she couldn’t figure out how to fix it, she connected me with someone at Actiontec.
Even the guy at Actiontec had a bit of a struggle figuring out how to fix it.
Here is the solution for anyone else with the same problem.
The Actiontec modem has its own security settings and they are set to “OFF” on default. (This is silly)
You open the browser of your choosing and go to 192.168.0.1. This opens the modem configuration page. You click the advanced settings tab. You look for the firewall settings choice and click on that. You select the “low” protection choice and then you UNCHECK both the IN and OUT box for ICMP. Then you click apply. Then you must go to the utility tab and click on it. This opens a page which gives you a modem reboot button. Click the button and the modem reboots. After doing this, the ping test is clean at GRC.
Now I pass all tests at GRC with no problems.
I appreciate everyone’s help with this problem. You people are top flight for making an effort. The problem was with the modem and not with the firewall.
I am happy and I am out of here! Thanks again. Cya
