Port 113 is not stealthed!

Recently I have installed Comodo Firewall 5.8 for the first time (with Defense+, without antivirus and without sandbox). I have tested it with Shields Up (www.grc.com). Unfortunately Comodo firewall failed the test, because port 113 appears as closed not stealthed. Port 113 appears as closed also on scan websites other than Shields Up. The issue is described here: GRC | Shields UP! -- Internet Connection Security Analysis  
What can I do to make the port stealthed? Despite the fact that the problem is described on the following pages I found no solution there:

A moderator on Polish forum wrote in thread https://forums.comodo.com/polski-polish/widoczny-port-113-t78319.0.html that he already wrote a letter to Comodo support and they told him to contact via GreekBuddy. I have contacted Comodo staff through GreekBuddy but they won’t help me since I haven’t bought their support.

I have Polish version of up-to-date Windows XP SP3. I am connected to the internet via HSPA+ USB modem named Sierra Wireless USB 307. I don’t use any router nor hardware firewall. I don’t share files or access a printer etc. through Microsoft Networks. I have installed one IRC client: ChatZilla plugin for Firefox, however I do not use it. I have no email server installed on my PC. I use Outlook Express as an email client. I use uTorrent, however I haven’t used it recently. I use Avira Free Antivirus 12. Previously I used Sunbelt Personal Firewall. I installed following security applications: Spybot - Search & Destroy, Lavasoft Ad-Aware, Nessus, Secunia PSI; and following utility applications: Net Balancer, Microsoft Virtual PC.

My configuration of Comodo firewall:

  • during installation (all default):
    • don’t use Comodo Secure DNS Servers
    • enable ‘Cloud Based Behavior Analysis’ of unrecognized programs
    • install Defense+
  • in Stealth Ports Wizard I tried the following two settings with the same result:
    “Block all incoming connections and make my ports stealth for everyone”
    “Alert me to incoming connections and make my ports stealth on a per-case basis”
  • in “Alert Settings” tab I unchecked “This computer is an internet connection gateway”
  • my global firewall rules (default when “Alert me to incoming connections and make my ports stealth on a per-case basis” is used):
    block ICMP Out Where ICMP Message Is Protocol Unreachable
    block ICMP In Where ICMP Message Is: 17, 15, 13, Echo Request
    I also tried to create a global rule that blocks incoming requests on port 113 but it changed nothing.

In Comodo “Active Connections” window there is no process using port 113.

I know that I am quite secure but stealthed is a bit more secure than closed.

Just out of interest, what happens if you disable the CIS firewall, enable the XP firewall and then run the GRC scan?

I disabled Comodo firewall by setting: Firewall Behavior Settings > Firewall Security Level to “Disabled”. Then I enabled Windows XP firewall and checked “Don’t allow exceptions” (firewall will block all incoming connections). The result was the same: all ports 1-1024 were stealthed, except of port 113 which was closed! Then I disabled Windows firewall, so no firewall was running on my computer (and in my house). Again the result was the same! ShieldsUP for sure was scanning my computer (the IP displayed on www.grc.com was the same as this displayed on “Support” tab of my Internet connection). At a Polish forum I have read that my mobile ISP use firewall to block all incoming connections and that situation is common for mobile ISPs selling Internet connections with limits on amount of downloaded and uploaded data.

It’s not that uncommon to find ISPs using some sort of firewall/NAT that interferes with scans like those of GRC and IDENT (port 113) can be used by a number of different services, IRC, IMAP, POP, FTP etc. I think you should try to confirm this with your ISP…

I scanned ports on another computer with old Sunbelt Personal Firewall using the same mobile ISP as previously. The result was the same: port 113 closed. Then I used a different mobile ISP on both computers - the scan result changed - now on both computers all ports including port 113 were stealthed except of, as far as I remember, port number 1 which was closed not stealthed.
Many people on Polish forum www.bez-kabli.pl *) wrote that all providers of Internet through cellular networks (2G, UMTS, HSPA+) in Poland block incoming connections by default using firewall or NAT. Mine (www.play.pl) uses only firewall.
So in this case it is not the problem of Comodo firewall but the use of firewall by my ISP. Thanks for help!