Response to ping with Gibson Research Shields Up test

Respond to pings disabled on router level but Comodo firewall latest beta 3 still fails on the GRC Tests. This is a serious vulnerability and bug in the firewall module that needs to be fixed urgently on the final stable release of the product.

Router Firewall

2 Likes

Did you check with your PC set in Demilitarized Zone (DMZ) or Exposed Host as it is called on other routers. Only then you know for sure you are probing your PC.

1 Like

Yep checked everything including setting firewall settings at highest level but nothing worked, this is a critical firewall vulnerability that needs to be positively addressed in the final stable release of CIS 2024.

I cannot confirm. I put my PC in DMZ of the router and all 1056 service ports were found to be stealth according to GRC.

You are using 360 Total Security alongside CIS which may be of influence. To know whether it has influence 360 will have to be uninstalled.

Once it is uninstalled and your system is rebooted you need to check whether all drivers, services and executables of 360 are indeed removed. It sometimes happens that something gets left behind after an uninstall.

I’m, not confirming that either.

Check the same over VPN Connection and you will get the same results as I shared. This is an issue and bug with the firewall itself that needs to be fixed.

Yes, the inability to filter with WireGuard and other protocols is indeed a bug and has been reported.

1 Like

When using a VPN Shields Up will test the VPN router like it will test your home router when not using a VPN. It does not test the firewall on your computer.

Edit. I did run the Shields Up test with my VPN and also got the ping reply error.

3 Likes

Exactly thanks, also kindly please get this issues reported so that it can be implemented in the final stable release. Protection against latest RDP Attacks, DOS/DDOS Attacks, Buffer Overflow Attacks, Direct Exploit based attacks on network level, Pentesting attacks of all types, OS Masquerading attacks and various other kinds of new and old forms of network attacks and intrusion detection/prevention measures needs to be implemented on the firewall/network protection part.

1 Like

Nope it doesn’t tested with other firewalls and Comodo as well, only Comodo failing, it’s a major security bug on the firewall that needs to be addressed positively on the final stable version release.

1 Like

@tachion @nanto01

Because the problem happens when using a VPN service Shields Up is testing the VPN server and not Comodo Firewall. This has nothing to do with which VPN protocols are filtered by CIS.

It does not reproduce with both Tachion and my computer in DMZ.

Your screenshot of the router does not show your computer to be in DMZ/Exposed Host; Stateful Packet Inspection is active. That means that when there is no VPN connection active Shields UP is testing the router.

To test any firewall on a computer that is behind a router the computer needs to be in Demilitarized Zone (DMZ) or set as Exposed Host in the router (language differs depending on your router).

In short:

  • When a VPN connection is active Shiels Up will probe the VPN server
  • When there is not a VPN connection active and the PC is behind a router Shields Up will probe the router
  • Only when there is not a VPN connection active and the PC behind the router with the PC in DMZ/Exposed Host Shields Up will probe the firewall on the PC

Until further notice this is not a bug because it was not tested with the pc exposed to the internet with no VPN connection active.

1 Like

I have repeatedly told I checked everything but nothing works, its a major security bug that must be fixed along with various other security bugs on Comodo firewall like it is not resistant to direct exploit based attacks on the internet , it needs to be made more efficient against real world pentesting attacks, complex buffer overflow, DOS/DDOS Attacks, new tricky RDP based attacks and many others that’s that.

1 Like

The router settings you posted your computer do not show your computer is in DMZ/Exposed Host.

First we need to be 100% certain you are testing with your computer exposed to the web (DMZ/Exposed Host).

If you provide me with a link to the manual of your router I am willing to figure out how to put your computer in DMZ/Exposed Host. That way we will properly test the firewall.

1 Like

Tested everything as you are telling by changing settings to DMZ , Firewalls from other security products like Kaspersky/Bitdefender/Norton/Eset/Avast passed the tests but Comodo fails, it’s a big big bug in Comodo firewall that should be fixed positively ASAP on the final stable release. Moreover all other very very critical & crucial issues like Protection against latest RDP Attacks, DOS/DDOS Attacks, Buffer Overflow Attacks, Direct Exploit based attacks on network level, Pentesting attacks of all types, OS Masquerading attacks and various other kinds of new and old forms of network attacks and intrusion detection/prevention measures needs to be implemented on the firewall/network protection part that’s all. Firewall is the most important and 1st layer of defense of all user’s protection in the internet so special care needs to be given and implemented to fix and address any security bugs and issues in the firewall that’s that.

2 Likes

Did you in the past file a format verified bug report on this?

The problem does not reproduce on both Tachion’s and my systems. Something is different on your system which requires further investigation.

For that we need your cooperation to properly understand what is happening and get steps of reproduction. Are you willing to work with us on this?

2 Likes

What Windows version are you using? I am on Windows 11 and using CIS beta 8104.

For now I see two things to consider.

First we need to establish whether there is a problem with the profile. Start with importing and activating a factory default profile, then run Shields Up again with your computer in DMZ/Exposed Host.

Second we need to establish whether 360 Security, which you run alongside, plays a role.

Uninstall 360 and reboot your computer. Then check with Autoruns and Driver Store Explorer if there are accidentally drivers, services or executables of 360 left behind. If present remove them and reboot. Then run Shields Up again with your computer in DMZ/Exposed Host.

3 Likes

Checked them all, nothing works man.

1 Like

What version of Windows are you on?

Out of curiosity I installed 360 Free AV and temporarily disabled CIS AV and ran Shields UP Common Ports test with my PC in DMZ. It did not interfere and passed.

It sometimes happens that when a program is uninstalled a driver, service or executable gets left behind. Can you check with Autorun if there are left overs of security programs or programs that interfere with networking (Netlimiter etc)? You have had various security programs installed in the past. Look for drivers, services and executables.

If that is too complex run cleanup tools from those vendors. A list of cleanup tools can be found here with Eset: https://support.eset.com/en/kb146-uninstallers-removal-tools-for-common-windows-antivirus-software

I learned the lesson of left overs over 15 years ago when I started exploring Autoruns. I found a left over service from Norton AV. Once removed my system did no longer have vague performance issues.

Checked everything my friend as you told.

Can you provide a copy of your configuration and a screenshot of your global rules? We’ve been unable to reproduce the issue and require detailed information to investigate it further. Did you re-run Stealth Ports wizard after enabling the Firewall options?

ICMP echo requests are require for IPv6 to work with Stealth Ports - Block Incoming as are ICMP Packet too Big, and Types 134,135,136 (solicitation rules) but not required if set to Alert Incoming.

Do you have respond to echo requests enabled on your router?

If running Proactive Configuration and IPv6 filtering enabled, you should have the below Global Firewall Rules

1 Like