I just recently did a port scan off a CastleCops site and discovered a port that is open. I tried to set up a rule to block it in Comodo, but I just ran a GRC scan and discovered it’s still open.
All my lower 1024 ports are all stealth. This is an upper port, but one that should be blocked. Not sure if I should mention the port number here.
I tried to block it using my Negtear firewall, but it’s still open. Each of it’s neighboring ports shows as blocked.
Can I get a walkthrough on how to block a specific port?
(:NRD)
How do you connect to the internet? Do you have a router?
It is possible that those scans did not scan your coumputer at all. You can check your logs to see if there is any indication of a scan.
You can also do a test: set CFP to Allow all, run the test again, and set CFP back to Custom. If all of the ports during the scan are opened or closed (not stealth), you are actualy scaning your computer. If not, you’re scaning some router between you and the rest of the internet.
I have an SDSL connection running through my NetGear FM114P. The Netgear is a 4-port router/print server/WAP/firewall.
I do a GRC scan, my first 1024 ports are all stealth. port 31337 is stealth. but this port that found open should also be stealth, but it’s not. I usually only run the one computer at a time. At the most I can run 4 computers at once, I usually run, at the most, 3 computers. My laptop that I always run is the fastest machine I have; it is a 2.2Ghz Celeon. All my other machines are slower than that, so I seldom use them.
I checked in Coomodo; I do have a rule setup to block that port, but it is at the bottom of the list. SHould I move it up in the list higher?
I checked in Comodo,c did see an instance of a port scan, but Comodo reports no alerts. I guess I have something configured wrong…
When the rule says “Destination port”, it’s talking about incoming into my machine, “destination port” is port is a destrination on MY machine, incoming, right?
I have two individual rules set up for this port, one for it being destination, and one for it being source port, so that could cover it both ways, in/out. Right?
CFP usually doesn’t alert you about a port scan (or utp/tcp/icmp flood), it just blocks and logs it.
Since the CFP reads network rules from top to bottom, you should put a block rule above any other allow rules.
I must admit I find it very strange that this scan passed through you router, and even more strange that it found an open port. I still think that it was scaning your router. But I hope that someone more experienced than I am will provide more info ;D
The online scan test are actually scanning your router. There should be not an open port since your not running something that is communicating or listening to a port, like a p2p program for example. What you need to do after you find exactly the opened port that your system has is to search WHY that port looks open. Open comodo firewall/activity/connections menu, you can start from there. If you are not sure what kind of program is running try an other tcp viewer utility.