I just wanted to continue from there… I was thinking about the same problem other users had, their systems responding to the Ping in ShieldsUp! test.
I also have a question about the Stealth Port function in CIS 3.5.
There are three options in the wizard and I do not know which one to choose. It seems like choice 3 is the best one but I’m not sure. Unclear.
To rephrase, would it mean that ALL my ports are stealthed and will not accept incoming connections or does it just mean… just the ports that are stealthed already…
I understand that once you install a firewall, it will automatically stealth the ports for you correct?
I want to know how each option works and which one is best for my PC.
err,and about the stealth port wizard question?
do you use torrent application?
IMO, if you don’t, then the third choice (block all incoming connection) is the best.
stealth port wizard help you create your firewall global rules Firewall/advanced/network security policy/global rules
i don’t know how they work either,lets wait for someone else to explain ;D i don’t need to know how the rules work, as long as it protects me (:TNG)
Your best to select the 3rd option (Stealth ports from everyone) which should be good for most users.
If it causes troubles then you can delete the rules it creates by;
Firewall → advanced → network security policy → global rules| | delete the rules and click apply.
If you are a user of P2p software do a forum search for the torrent client you use.
If you are looking at GRC shields up then if you have a router it will test that and not your software firewall, If you do have a router then it’s best to go to your manufactures site and set your router up correctly.
Hope this helps…
EDIT:: I just basicaly repeated what Ganda said… Just in english. (:SAD)
[font=tahoma]Thanks half-ganda (I thought it was “The Ganda”) : D.
I assume that you use the third option too?
No, I do not use P2P. Er, does AIM count?
And thanks Kyle for the explanation. I’ll try the ShieldsUp test now and see if it passes.
Are there any advantages of using and not using the Stealth Port wizards?
Thanks…
Edit: Still seems to be a problem because my machine still failed the test (Ping) and I’m not sure how the modem response to the Ping works.
Edit2: Something seems to very wrong here because Comodo now blocked already 330+ intrusion attempts.
The Application is coming from ‘Windows Operating System’:
Action: Blocked
Protocol: ICMP
Source IP: 192.168.1.1
Source: Type(8 )
Destination IP: 192.168.x.xx (it seems to be from me)
Destination: Type(0)
Time: Every 2-5 seconds.
Edit3: The Stealth Port Wizard Option does not stick. Meaning it confirms that it has be configured by the second I go back to it, it is still at the first option.
P2p = Peer to peer. So things such as Limewire,frostwire,Utorrent,Bit torrent etc.
I think your using a router, So GRC is testing your router and not comodo.
Destination IP: 192.168.1.254? That’s your routers address I believe (Don’t worry, This isn’t personal Info) Your router has an IP address for you to connect with, and anotherone for the outside world.
The main thing is if your ports are Closed. Pings don’t really matter… Use this as an example.
A friend rings you up, “Oh hey Drrag, Can I come over?” Drrag says; “No.” That’s it, can call as much as he likes but the door is still closed.
this is a rant thread about GRC sheilds up tests
The Stealth Port Wizard Option does not stick. Meaning it confirms that it has be configured by the second I go back to it, it is still at the first option.
The selection screen resets it’s self. You can check your global rules if you want to be sure (It should be ok though)
There should be no disdvantages using stealth ports wizard (unless you host a server) Basicaly what it does it makes your computer ignore all the requests sent to it and only allows your computer to send out requests.
There seems to be a problem now. I do not know how to undo what I did (Stealth Port Wizard) and now I am getting around 100+ Intrusion blocks. How do I undo what I did? This seems to have started after I have used the wizard…
Edit: Kyle I’ve read post number 3, but I do not know which rules to delete, because I’m afraid I might delete the ones that were there before I started the Stealth Wizard.
I have the same identical screenshot with the one you’ve posted.
i don’t know what the blocked items exactly are, but i think i’ve read it somewhere that they’re redundant, nothing to worry about. all your application & internet connection works fine right? ;D
here’s my global rules.
the first rule is my additional rule so i can connect to other comp in my office LAN
the last 4 rules are the rules created when you use stealth port wizard/block all incoming connection
Thanks a lot Ganda, but it kinda feels weird because there are so many blocks. It’s unusual. I plan to delete them now, because my computer still failed the Tru-Stealth ShieldsUp! test.
So I guess it’s normal do have these prompts (like 2000+ intrusion blocks) ^_^?
don’t worry about the “true stealth rating.” I also “fail” it. The important thing is that your computer does not open it’s doors to the intruders (Comodo won’t open the doors to incomming requests unless you specify)
Hm, I really have no idea what that thread in Wilders is talking about, but I could make out that some guy is ranting on how the ShieldsUp! test by GRC is just some test to freak out novice, paranoid users. So in reality our computers are all fine with a firewall, and the responded Ping echo is used to scare us?
I’ve deleted the 4th rule and the logged intrusions stopped.
Kyle do you have some couple of thousand intrusion blocks logged in your CIS?
Hey Bad Frogger, No problems mate I think the main thing is that the ports are closed.
I mainly just posted the link that pinging is generally ok and isn’t really a threat. Can ping alll you like but if they don’t open the front doors they aren’t going to get in.
Is that correct?
Hey Drragostea, You should be fine with Comodo don’t worry.
I do usually get a few thousand intrusion attempts if i use P2p software a day or two ago.
You can do a search on the IP’s if you like here;
Hm, I don’t use P2P. Er, well I’ve got around 700+ Intrusion Attempts which looks very very weird and is scaring me. I don’t understand why there is so much. And why it is coming from my system. Can you answer those two questions?
don’t worry. i think i read it somewhere in this forum about those blocked things. they’re basically redundant. but i didn’t read the detail (:TNG)
maybe you should browse a little to CFP board & CIS firewall board to find the answers.
Redundant? Hm, any explanation on there are so much? Yes, I tend to repeat myself, but I was getting vague answers. The Destination and Source are from “me”. -_-.
I’m not worrying, just somehwhat paranoid. Haha. (:TNG)
I can’t quite tell if you have run the “Stealth Ports” wizard yet? You should do that and set the trusted zone to 192.168.1.0 to 192.168.255.255. This will allow your local network to communicate and it should prevent the ping test from working. If you have a router, that should also prevent responses to pings if it is properly configured. The stealth ports rule that prevents pings from being answered should be on your “Network Security Policy” page on the “Global Rules” tab and it should read:
“Block ICMP In from IP Any to IP Any Where ICMP Message is ECHO REQUEST”
You can add that rule yourself if you don’t like the Stealth Ports method.
I forgot a couple of things… The blocked connection between 192.168.1.x and 192.168.1.254 is a communication between your computer and your router. It is a request to slow information traffic being sent. You can safely allow it by the following rule on the Global Rules tab:
Allow ICMP In/Out from In 192.168.1.0 - 192.168.1.255 to In 192.168.1.0 - 192.168.1.255 where the ICMP message is SOURCE QUENCH
This allows only addresses in your LAN to send/receive this particular ICMP message, so there is no security hazard.
As for your router, I am guessing that you have not configured it? To do so, open your browser (IE or Firefox or…) and type into the address bar 192.168.1.254 and click Go (or press enter). This will open up the router’s configuration page. You may need information from the manufacturer to properly select the configuration you want.
[font=tahoma]Hello, I’m a bit slow when it comes to these ‘requests’ and ‘pings’, so can you keep it simple? :■■■■
Odd thing is that if I should remove the fourth rule, the blocks stop.
Yes, I have ran the Stealth Port Wizard already (Third option), thus causing these 100+ Intrusion blocks.
For my modem (is that the same as ‘router’), I’ll have to type 192.168.1.1 to change it’s settings.
How can I set my “Trusted Zones”?
Your many blocked ICMP events or “Intrusion attempts” have the direction Out and the source port type ( 8 ) - which does not apply to ICMP, and I assume that it means that it is a type 8 ICMP message which is “ECHO REQUEST” and a Destination Port type ( 0 ) which is presumably a type 0 ICMP message which is “ECHO REPLY”. Since none of your Global Rules allow an incoming ICMP ECHO REPLY, it is blocked by your last rule. You might try adding the following rule:
Allow ICMP In From IP Any To IP Any Where the ICMP Message is ECHO REPLY.
Since an ECHO REPLY is a response to a request sent from your computer, it cannot be a probe especially since it does not cause your computer to send a response. This may or may not fix your problem - I have this rule and I still get 2 blocked messages of exactly this type almost every time I boot up. I was seriously wrong when I said that the ICMP message was SOURCE QUENCH in my last message, but I was guessing that it was the 8th message on the ICMP message list from CIS. A bit of homework showed me the error of my ways. There is another possible way to fix this and I will try it and let you know if it works any better.
I think the main thing is that the ports are closed.