Stealth port option not working well

Hi! I believe that if the button "Stealth port "exist in the product, it should work .For some reason by clicking on it - it doesn’t provide the stealthy. For ex. port 135,139, 446 are closed , but not stealth. How to make them stealth?Thanks.

Hi user404,

Can you please verify the following:

  • Go to Firewall Tasks, Open Advanced Settings, Global Rules, verify the rules against the attached image.

Next can you please describe the way your testing this? and describe your local setup.
If your using an online scanner/test site it’s very likely that your scanning the public IP on your Internet router, and not your pc stealth settings.

[attachment deleted by admin]

Stealthed ports are good for reducing traffic to your router but stealthed ports is actually a giveaway to an outsider that you do in fact exist. To fix this you can use a trace tool to find the closest link to your ISP, then send out packets in response to people who are scanning your ports and send an icmp destination unreachable.

The problem is sort of like, imagine a fabric with a hundred doors. The default behavior or all doors is to give away a sound if someone knocks on the door. What happens if one door suddenly doesn’t give away any sound anymore, the result is that the intruder knows you are there. Stealth ports have the opposite effect of what it is intended to do, it gives away information that you’re actually there, instead of hiding you.

If an IP doesn’t exist, the last router in the path to the destination will send back an icmp destination unreachable. But if you do exist, your firewall will drop the packet and not send back that information, so he knows you are there and he also knows you have stealthed the ports, but not taken care of anything beyond that, which tells him you are a good target too.

It sort of defeats the purpose, here is what happens if you stealth your ports.

  1. I am right here, I exist
  2. I am a good target too

If you don’t stealth your ports, here is what happens

  1. I am right here, I exist
  2. I am not necessarily a good target

If you stealth your ports and send out icmp responses to tell that you’re not reachable, here is what happens:

  1. I am not here, I do not exist
  2. And I do mean that (intruder moves to next target)

I’m just wondering how you set that up?

If you use a router you might notice that comodo fw has nothing to do. No incoming blocks.

If thats the case for you too, your router was tested.

One of the benefits of stealth port wizard is, it creates a rule set that avoids you to get alarms for incoming traffic that wasnt requested.

It’s not practical, you would have to bridge your router and forward all traffic to your computer so you could control each packet individually usig raw sockets. And even if you did generate some kind of response you are set up for a ddos attack. It’s just for knowing what stealth mode actually do for you and what would be necessary to fend it off. Stealth mode can help fend of some traffic to you generated by port scanning, but only the most silly port scanners out there, those who don’t know any better and move to the next target. A non stealthed computer that is visible all the time attract a lot of attention from port scanners, and this has an annoying effect of generating unnecessary traffic to your router, not only eating up bandwidth but also heating up the equipment and filling up the logs. Just keep stealth mode on even if they still can find you, but don’t rely in that as some sort of security, make your computer secure and assume people will always find you if they want to.

Is there any particular reason that v7.0.315459.4132 does not stealth ports 0 and 1 ?

Early v5 used to do this and at some point stopped, I did ask about this on-site and was told to switch
to Proactive mode, this corrected the problem but does not in v7.
(I’ve only just switched to v7 from 5.12 after I kept getting “Anti Virus engine not started” error messages
with Diagnostics showing nothing wrong. After copying Bases.cav to both Scanners and Repair folders.
EDIT: standard AV DB update kept failing and blaming the internet connection, even after reinstall
still kept failing. I had a similar problem about a month ago and download of complete db solved the problem,
but not this time so I bit my tongue and installed 7)

Here, results of port scan at Gibson Research (grc.com)


GRC Port Authority Report created on UTC: 2014-04-04 at 13:27:33

Results from scan of ports: 0-1055

    0 Ports Open
    2 Ports Closed
 1054 Ports Stealth
---------------------
 1056 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be CLOSED were: 0, 1

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - NO Ping reply (ICMP Echo) was received.

After manually adding rules that Ronny did suggest- all ok.Even port 0 and 1 are stealth upon ShieldsUP scanning . But why this button " stealth port" doesn’t function as it should be right after an user just click on it? This is a question :slight_smile:

That to offered from Ronny is everything by default for the Stealth.
In the new version ( 6 -7 ) for a choice only two options.
Stealth - the first option for a choice.

....doesn't function as it should be right after an user just click on it? This is a question
??? It is a question for you. I checked, everything works.

Look there is an old file with bases from 5 versions.
After updating - two bases. New and old. ( New base with numbers. bases18… cav)
Remove from 5 versions. ( bases.cav )
Files are:
The folder with a name - scanners

Update to previous post in this thread.

After having v7 installed for a short while, I tried to update MeGUI (video transcoder)
on-line, but found no solution other than disabling AV, Sandbox (always disable it anyway),
HIPS, and Firewall, still MeGUI crashing everytime I tried to run the program. So, I killed off
the Comodo app, and Commodo services in TaskManager, I could then finally run the program without
it being interfered with (had previously given an ALLOW and trusted app status).
Could not tolerate this, having to disabled CIS to access the internet, and so removed v7, and
reinstalled the previously troublsome v5.12. Same problem as before, AntiVirus Engine Not Started,
and DB update failure.
So, reinstalled my system from a Ghost image from Jan/Feb, with CIS v5.10 already installed.
Checked DB updating on internet, OK. Removed v5.10, and did a mass update of XP servicepacks and
updates (with WSUS Offline Updater) so is now current for Microsoft withdrawl of support, today.
Did a CCleaner sweep of the system and installed v5.12. 1st Original problem came back again, no message
about Antivirus Engine not started, this time it did the download, and spent much longer than usual
in the ‘Finalizing’ stage, and then suggested a problem with internet connection (had long since finished
download). As I did not have a copy of v5.10 installer to restore the version that was OK after Ghosting,
I tried once more with a DB previously downloaded for v7, (the v6 DB version as there was none for v7),
got it here:

In a 7zip archive.
Inside, the archive was a file named BASE_END_USER_v18061.cav, which I renamed to bases.cav and copied
to both repair and scanners directories. (Before doing so, disabling AV, sandbox, HIPS and FireWall,
and exiting the comodo app, I killed cmdagent.exe in task manager, There are other ways of doing it but that
is the easiest way, no need to boot to Safe Mode, and after copying bases.cav, can restart commodo service
by right click on My Computer, ‘Manage’, find ‘Services’ and start the ‘COMODO Internet Security helper service’,
then click on the comodo app to start it and re-enable av, hips and firewall, no reboot necessary)

I usually copy to both scanners and repair directories, as I have found that v5 after a new install, quite
often chooses to use the bases.cav in the repair directory, and downloads the entire 200MB db, despite it having
a current DB in scanners dir, copying bases.cav to Repair dir too, prevents this, where it may download only a
few most recent updates.

Above linked DB now works OK for my system, I’ll be making a ghost image in case of future problems.

Lastly, the bases.cav that failed to work for v5.12 was the one for v5.8 pointed to in the sticky
in “News - Announcemnts - Feedback -CIS” : “Comodo AV Datbase Update Page”

click link in 1st post here:

I’m now a happy chappy :slight_smile: