port 135 open when I tested Comodo firewall with ShieldsUP!

saints_22 · October 29, 2008, 4:49pm

Hi everyone

When I install CIS I used ShieldsUP! to check my firewall Vulnerability and port 135 was open when I tested Comodo firewall with ShieldsUP! at GRC | ShieldsUP! — Internet Vulnerability Profiling here’s how to fix it go to firewall in CIS then go to Stealth Port Wizard and check the box that says block all incoming connections stealth my ports to everyone

rhgtyink · October 29, 2008, 9:57pm

Hello Saints22,

Can you check how your global rules look.
Firewall, Advanced, Network Security Policy, Global Rules ?

saints_22 · October 29, 2008, 10:57pm

Hi Ronny

yes I can see my global rules but dont have clue what they mean (:LGH)

rhgtyink · October 29, 2008, 10:58pm

Can you post a screenshot if them then ?
Or try to type them out here ?

grue155 · October 30, 2008, 3:19pm

As an alternative, you could post a Config Report Script output. Details about the script are here

saints_22 · November 1, 2008, 3:31pm

here are the Global Rules

[attachment deleted by admin]

rhgtyink · November 1, 2008, 3:48pm

Okay, this looks good. My guess is that there is an other device between your pc and Shields up that is causing this.
Probably your internet modem/router or an other pc on the local network.
Can you tell us a little bit more about your setup ?

Rules explained.
Allow IP OUT from IP ANY to IP ANY where protocol is ANY

All outgoing traffic is global allowed, From ANY source ip (your computer) to ANY source ip (not your computer) for all protocol’s IP,TCP,UDP, IGMP etc etc.

Following 2 allow incoming Fragmentation needed and Traceroute response messages.

Last one is blocking and logging all incoming traffic to your computer.

So Shields up should be in your logfiles if the detection is caused by your pc.

saints_22 · November 2, 2008, 2:16pm

The only thing between my pc and the internet is my cable modem

doktornotor · November 2, 2008, 2:39pm

Yeah, most of those have their own firewall.

rhgtyink · November 2, 2008, 5:52pm

Do you have access to the cable modem ? webinterface or so ?
Maybe a manual, or can you check if it’s having an active firewall.

An other thing you can try is to create a global rule that explicitly denies the traffic to port 135.

Create a global rule Block, Tick the log option, Protocol = TCP, Direction = IN, Destination port = single port 135
Apply, now move it to the top of the policy Press Apply and then test again with Shields up.

If it’s your pc responding to shields up it should at least show up in the logging being blocked.

hullboy · November 2, 2008, 6:30pm

Did you try to check the 2nd option in Stealth Ports Wizard “Alert me to incoming connections etc . etc.” and see if that works (it works for me)?

rhgtyink · November 2, 2008, 9:04pm

No based on the Global rules he took option 3 “Block all incoming connections - Stealth my port to everyone”

hullboy · November 3, 2008, 1:49pm

OK, my post was meaning “try to use the 2nd option…” ;D

saints_22 · November 9, 2008, 12:30am

No I dont have access to the webinterface for my cable modem. there is a manual on CD but I dont understand any of it.