ping ICMP echo

bossa · April 24, 2006, 12:08pm

Hi all
New to Comodo and firewalls in general .Been trying to set the network rule to block ICMP echo,after it failed on the ping test in Shields up,but everything reverts back to default settings.
Could someone please tell me where I am going wrong.Is this failure something I should worry about.I was using the free version of Zone Alarm but it did not give this option,and also failed the same “ping” test
Any advice much apreciated
Steve

mike6688 · April 24, 2006, 12:51pm

Hi,

Comodo should pass the ping test with its default settings.

If you scanned with Shields up once then scanned again you will find that Comodo passes first time then fails the second time, as it goes to emergency mode.

Mike

egemen · April 24, 2006, 1:06pm

Hi Mike,

Can you better explain how the second test fails? You mean after the first test, grc.om site can ping your host?

mike6688 · April 24, 2006, 1:19pm

Hi egeman,

On the second test before I got a message saying that the ping test failed because the firewall had tried to counter probe the probe and therefore revealing itself. The first time Comodo passed with tru stealth. I tested gain to check and got the same result on the third attempt.

I just tested again on grc.com using all service ports test but it appears that Comodo is passing on all attempts this time so I don’t know what happened before to get this.

bossa · April 24, 2006, 2:43pm

Hi Mike
Thanks for your reply.I set Komodo to default and it does as you say, but seems to carry on failing.AlsoI don’t understand why after setting preferences in the network rule ,when you reopen they have reverted back.
Could you please put my mind at rest .Am I worrying over nothing?
Sorry for being so dim :-[.
Looking forward to your advice.
Thanks Steve

PS Used the GRC leak test tool and “my” Komodo failed this test :-[.How does one set up Komodo to pass this test?

system · April 24, 2006, 3:02pm

Hi bossa and welcome to the forum.
Something is surely wrong if you can’t pass grc leak test. You do have security level set to custom?
Also when you made new network rule for icmp echo , click ok? Hope this helps, tim

bossa · April 24, 2006, 3:38pm

Hi Tim
Thanks for the welcome,good to be here.Yes set to custom
Well Tim good news I set everything back to default and Komodo passed the leak test.Unfortunately still keeps failing the ICMP ping echo test,even with source and remote set to any.
Any ideas
Steve

Maybe I should re-install Komodo

mike6688 · April 24, 2006, 4:43pm

Hi bossa,

Good to see you have it passing the leak test, but, it should be passing the grc test. I don’t think a re-install would do any harm.

If you look in the logs for Comodo are there any high alerts? You should have two from these tests. 1. DDOS attack (SYN Flood) 2. TCP Port Scan.

At the bottom in the details box it should say the firewall switched to emergency mode for DDOS attack and has blocked the attacker for the port scan.

system · April 24, 2006, 4:44pm

Hi Steve, just for the heck of it I made an icmp network rule to block all and hasn’t reverted back to default.
What firewall did you use before comodo?Does windows security center show comodo as firewall monitoring or is windows firewall shown?
If nothing else helps a reinstall can’t hurt. tim

bossa · April 25, 2006, 2:09am

HI Tim
thanks for taking the time to help.
The logs are not shown.Maybe half or all the problem is that I don’t have service pack 2 on this PC.Running XP Pro .Never seemed to be problem before,probably my ignorance :-[, and rumours that its more trouble than its worth.
Maybe just reinstall and see.what do you think?
Thanks Steve

system · April 25, 2006, 2:37am

Windows 2000 / Windows XP SP2 Internet Explorer Version 5.1 or above 64 MB available RAM 32 MB of available free hard disk space

Hi Steve,this quote is from CPF web site. I believe that I would start with installing SP2,IMO. tim

bossa · April 25, 2006, 3:11am

Thanks Tim
I’ll do that
All the best Steve

bossa · April 25, 2006, 5:33am

Tim
Just a note that might be useful to other users.
While trawling the web on answers about firewalls etc ,I found an answer to my problem (I think)
This was from a Zonelabs forum thread and was very simillar to my problem.Turns out that if you are connecting to the internet via a router (as I am) (sorry failed to tell you that) it seems Shields up test fails (ping)as it is testing your router.So in theory one should be safe .You can configure your router to block ping echos but going by the thread it seems its OK not to.What do you reckon?
Steve

mike6688 · April 25, 2006, 9:27am

You can configure your router to block ping echos but going by the thread it seems its OK not to.What do you reckon?

Steve,

This probably is the case. I don’t know if this is possible, but, if you can find some way to bypass this on your router you should be able to test your computer.

Mike

bossa · April 25, 2006, 10:22am

Thanks Mike
I’ll check it out.The Zonelabs thread I got this info seemed to think all would be safe here’s part of the explanation in the thread

http://forum.zonelabs.org/zonelabs/board/message?board.id=AllAboutPorts&message.id=7245
I have a Speedtouch modem I could use to test ,much easier for someone like me …he he ;D.
Thanks Steve

PS after looking at the nightmare scenarios with upgrading to service pack 2 , I think I will give it a miss.

bossa · April 25, 2006, 10:42am

Good news
I hooked up my Speedtouch modem and ran the tests again.This time passed with flying colours.So it looks like I was failing the test as the ping echo was going to my router and not my PC.
Cheers Steve

mike6688 · April 25, 2006, 11:32am

Hi Steve,

It’s good to see Comodo is passing after all. From what I read at the zonelabs thread I think you can be sure you are pretty safe - as even if your router was bypassed you know Comodo will still be protecting you.

I think SP2 has many benefits and it is recommended you upgrade to fix certain security holes. You can always uninstall or perform a restore - or if you make a backup you can restore from here if you have any problems. This, of course, is up to you.

Mike

bossa · April 25, 2006, 2:02pm

Hi Mike
This is a new master HD on this machine and there is’nt that much on here right now,so I may upgrade to SP 2. I can always format and start again.
Thanks all for your advice.
Cheers Steve

system · April 25, 2006, 2:31pm

Hi Steve, glad things are better now. I use a netgear router and have it configured to not respond to pings.I added that rule earlier to comodo because you said yours reverted back and wanted to see if I had the same problem. Check back and help others when you can. tim

AJohn · April 25, 2006, 8:21pm

I guess it depends on the router you are using, also some routers require you to turn on the Statefull Packet Inspection/Firewall which are built in. I use a LinkSys WRT54G (few years old) with all security settings enabled and pass any port scan as 100% stealth, unless I manually open ports for gaming.