ShieldsUP - Test Firewall failed

Pieteke · February 17, 2011, 7:13pm

Hi,

Today I tested my Internet connection using the tests available on the site www.grc.com (ShieldsUp).
I was surprised that the test “common port” failed for the following reason :“Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet.”

On the other side, I noticed also that my Firewall Event logs is empty …

CIS is configure with “Proactive security”

Can somebody give me an explanation about that … Do I have to change my configuration ?

Thanks

Pieteke

Valentinchen · February 17, 2011, 7:21pm

Hey Pieteke

Have you made sure that your ports are stealth otherwise go to CIS → Firewall → Stealth Wizard

Make also sure that your router isn’t the cause of the fail.

Regards,
Valentin N

Pieteke · February 17, 2011, 7:29pm

Hey Valentin,

All my ports are stealth.
How can I known that my router is (not) the cause of the fail ?
I’m using a wireless modem Eurodocsis 3.0.

Regards,
Pieteke

Valentinchen · February 17, 2011, 7:32pm

do you know the ip address of your router? if you do type it in your browser

if you can’t find your way then I will give you a hand.

Regards,
Valentin N

Pieteke · February 17, 2011, 7:46pm

The LAN IP address is 192.168.0.1 (is it the router address ?)

If I type it in my browser, I receive a message saying “Internet explorer can not display this webpage” (free translation because my browser is not in english).
The ping is working.
I can configure my modem using an internet url of my provider.

Regards,
Pieteke

elliotcroft · February 17, 2011, 7:57pm

Find the router address on the vendor’s website or bing (I hate google) it.
Routers usually produce similar results to the results you described. I really wish they would make dropping ping requests a default, as far as I know, you would never have the need to have someone ping your IP.

Valentinchen · February 17, 2011, 8:48pm

192.168.0.1 should be it but if that doesn’t work you will need to use the url provided by the product.

I am sorry for the late response; I was eating.

Regards,
Valentin N

Pieteke · February 18, 2011, 7:25pm

I used the url provide by the provider but everything seems ok …

Valentinchen · February 18, 2011, 7:41pm

have you redone the test?

Regards,
Valentin N

Pieteke · February 18, 2011, 7:42pm

Oups, today I did the test again and the results are worst :'(:

Solicited TCP Packets: RECEIVED (FAILED)
Unsolicited Packets: PASSED
Ping Reply: RECEIVED (FAILED)

I checked again that my ports are stealth via CIS → Firewall → Stealth Wizard → Blocking all incoming connections and make my ports stealth for everyone.

I did again the test. The result was the same …

I don’t understand anymore. yesterday all my ports were stealth in the tests, only the ping test failed.
Today, some of my ports are not stealth. ???

Pieteke

Valentinchen · February 18, 2011, 7:44pm

I think I will need to see your firewall rules and I would also like to know if your router’s ports are stealth.

Regards,
Valentin N

Pieteke · February 18, 2011, 7:56pm

Hi Valentin,
What do you want to have as info ?
Thanks
Pieteke

HeffeD · February 18, 2011, 8:03pm

Unless you have a DMZ set up on your router, the GRC test is always going to be probing your router, not your software firewall.

To set up a DMZ you’ll need to refer to your routers documentation. Although I don’t really see the point of setting up a DMZ just for a ports probing test…

Valentinchen · February 18, 2011, 8:24pm

!ot! what is DMZ?

HeffeD · February 18, 2011, 8:39pm

DMZ (computing) - Wikipedia, the free encyclopedia

You are basically exposing your computer directly to the internet instead of having your router (And possibly NAT) acting as a buffer.

Sammo · February 19, 2011, 6:01am

I had the same thing happen here. I verified that my router had all ports stealthed but still had several ports listed as visible but closed. I tried setting the router to the DMZ mode and 4 less ports showed up as closed even though Comodo was already set in stealth mode. I changed my router back to NAT mode and reset it and the all ports then showed up as stealthed.

mantra · March 1, 2011, 4:56pm

outside the router , i can pass the test only with the rules block all incoming connection (global rules wizard)

weird the other 2 options , doesn’t let my to pass the shieldsup tests

Valentinchen · March 1, 2011, 5:00pm

go to stealth wizard guide and choose the last option with block all incoming connect …

tell me if this helps?

Regards,
Valentin N

mantra · March 2, 2011, 10:31am

yes
but i want to use utorrent i should open a door

Valentinchen · March 2, 2011, 10:49am

then you need to add the wanted port to global rules.

I will show how to add port in firewall with example so don’t add that port!

Example!

To open the port TCP 1723 for example

First step is to determine the MAC or Physical address of you network connector. Go to Start → Run → cmd → enter → a black box will show up and enter the following → ipconfig /all (notice the space before /all) → enter → now look up the Physical address and write it down.

Notice that Physical address = MAC address

Firewall → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port

Source address: Any
Destination Address: Choose MAC address and fill in the found MAC/Physical address
Source Port: Any
Destination Port: 1723

Then push Apply → Now make sure that the new rule is somewhere above the basic block rule(s) as the bottom (the block rules have red icons); you can drag and drop the rules → Ok