Rules in CISv4 firewall

Comodo Internet Security - CIS Firewall Help - CIS
#1

Hello. I got this summary at GRC test. What kind of rule should I used at CIS Firewall to fix irregularities. Thank you.

NO PORTS were found to be OPEN.

The port found to be CLOSED was: 113

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

#2

Most probably your router.
Please read the quote in the last message (previous one are in french but say the same thing):
http://www.freebox-forum.net/forum/freebox-et-routeur/firewall-femeture-du-port-113-t7155869.html

In these conditions, you can make a firewall global rule to deny icmp in for echo request and icmp out for echo reply, but your router is also most probably the one to be pinged.

Some routers have an option to disable ping, look at the administration page.

You can also, from the same router, create a dmz to your computer as to test the computer itself.

#3

I have another question: Last few days I was looking at comodo that I have had svchost.exe activated all the time. So I looked at Outbound connections and I saw a lot of activity at svchost.exe rarely more than 2KB bytes in/bytes out. Column “Source Port” has shown that ports 1035-1040 and 1367-1368 are active and destination IP has been my ISP. Destination port was 53.
I made a rule now to Block TCP/UDP In/Out on Source ports and now is svchost.exe quiet. What do you think about this concerns?

#4

Nothing.

If you deny these particular remote ports, some others shall be used.

You need to allow svchost, udp out (and maybe tcp out, but of course deny anything in) for destination port 53 and destination ip those of your isp in order for your isp to make dns lookup.

svchost aggegates several processes and it is normal to have svchost internet activity, altough some malware could masquerade to use svchost, including on port 53, but the rule you made for port 53 is only for svchost, and you should be warned by the firewall and/or defense+ of whatever application trying to hack port 53 or to make itself thought as svchost.