I have run a couple of tests on shields up and it always indicated that i had all my ports stealth. Few hours ago i decided to experiment with my firewall and selected “alert me incoming connections…”. If im not mistaken shields up uses inbound traffic to see if your ports are stealth. I firedup shields up, Yet it showed that i had all my ports stealth, i received no alerts either.
I disabled the firewall, shields up still said that my ports were stealth.
I exited comodo, shields up still said that my ports were stealth.
Im not behind a router either, i use a 3g dongle.
I dont understand, does this mean that my comodo isnt function properly, i mean my ports could be open for all we know as shields up giving me inaccurate results. Can someone explain. Thank you.
You’re probably seeing these results because the 3G dongle is sitting behind a transparent proxy [wikipedia.org]. This is service provider dependent, but it is fairly typical for 3G dongles because of the types of devices that they can be used with (ie. those that have little or no network protection). In short, GRC’s Shields-Up will just bounce off the transparent proxy as unsolicited traffic. It’s a bit like having an additional inbound-only firewall that you cannot control… or even see.
So do i still need to stealth ports,or do transparent proxies do that job for you?
As far as inbound connections are concerned, then the 3G’s proxy should handle most of it. However (and again depending on your service provider) you might still need to be concerned about other users who are sitting on the same side of the proxy as yourself. You may receive scans/access requests originating from internal IP addresses (ie. non-Internet IP or internal LAN addresses) and you should block these. But, you can easily do this by adding the internal IP range (assuming that it doesn’t conflict with an internal LAN you might have) that your provider is using to CIS’s Blocked Zone. eg. 10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.31.255.255, etc…
Do i still need to implement those rules if i have chosen to stealth all my ports?
If you’ve already implemented stealth ports and not defined any internal Safe Zones, then no. You should be OK as you have it.