I seem to have guessed wrong. I could not read the addresses in your event log shot, so I guessed that it was a router address. If your modem is the address that is at the other end of the ICMP connections that are being blocked, then you don’t have anything to configure. Just try adding the Allow ICMP rule described above to see if that fixes the problem.
[font=tahoma]The rule does not stop the Intrusion blocks. So I guess regardless if I put the rule or not the blocks are still there.
The other possibility is to write a rule for “Windows Operating System”. On the Firewall>Network Security Policy>Application Rules tab, select Add. On the Add dialog, click Select and choose “Running Process”. “Windows Operating System” will be at or near the top.
On the Rule entering dialog, click Add and enter the following selections:
Allow IP In Source [LAN] Destination [LAN] Protocol Any
and
Allow IP Out Source [LAN] Destinatin [LAN] Protocol Any
Here, the [LAN] is the range of your LAN - for you: 192.168.1.0 - 192.168.1.255
This only allows communication within your LAN - not over the internet, so it should not be a security hazard.
Stealth or not…?
After configuring stealth mode, one might wonder if everything is set and if the computer really is in stealth mode.
At Stealth Test | PCFlank you can run a stealth test. (N b this test runs for several minutes before you are presented with test result)
Pcflank offers other usefult test applications on their start page
[font=tahoma]Now it seems that when I enabled Stealth Ports Wizard, there are no more intrusions however, I still fail the Tru-Stealth Test because of the Ping reply. I have a wireless (NetGear) router which was purchased to deliver Wi-Fi in my house so my household members can use the family DSL connection too.
Help?
Are you using a site on the web like GRC? Then you are probing your router and not CIS.
But I’m not sure how to resolve this issue, thus the whole point of starting this thread.
I’ve also tried having Static NAT enabled in my modem but it does not work.
If you want to test CIS you will have to make your computer a socalled exposed. Often this is also called as being placed in a Demilitarised zone (DMZ). You need to set this in your router.
Thanks Eric. Just a question. Are routers/modems usually in DMZ mode by default? And does leaving it on for a long time pose as a security risk?
Routers will never put any computer in DMZ by default as far as I know. That is something the user can set for testing or other purposes.
In DMZ you connect a computer with the internet without the protection a router provides. This protection is that NAT simply blocks all unsolicited requests (this is like firewall protection for incoming traffic) and when provided the protection of a basic firewall.
Putting your computer in DMZ is more of a risk as you get less of the mentioned protection. That’s what you have your firewall for of course. Keep in mind that a connection with just a cable modem is the same as putting a computer in DMZ when the computer is behind a router.
Keep in mind that a connection with just a cable modem is the same as putting a computer in DMZ when the computer is behind a router.I see now, well it confirms that no modem/router is in DMZ by default.
I do not have a cable connection, but does your quote refer to me too?
I guess I can’t resolve the Tru-Stealth (GRC Shieldsup!) test afterall. 
Are you on a DSL connection? Does your DSL modem have a router built in? Almost if not all ethernet DSL modems have a router; only the USB modems are a straightforward modem with no router.
Yes, I’m on a DSL modem (Verizon is my ISP). It is a Westell 6100 with USB and Ethernet port. I use the Ethernet cable as the USB port didn’t work so well.
I’m not sure what you mean by a router built it… can you explain?
The Westell 6100 is the box that receives the DSL connection so it has a telephone line connected to the wall jack.
Yes, that’s a DSL modem/router combo. Enter 192.168.1.254 in your browser window to access the router control panel.
Nothing happens. I don’t think that’s the correct IP address. It’s 192.168.1.1.
Thing is what do I do next?
First we need to know what the IP address of your modem/router is. Go to Start ==> Run → type cmd followed by enter → in the box that comes up type ipconfig /all (notice the space before /all).
Look up the gateway address of your modem and let us know. Type the address in your browser and you should be able to access the web interface of the modem/router.
Sorry about that, I looked up a FAQ on your modem on the net and that’s the address DSLreports had for it.
This is what DSLreports has to say about DMZ in your router settings.
The Gateway IP is: 10.0.0.1. That leads me to my wireless router.
192.168.1.1 leads to my modem (that gets the DSL connection. Netgear cannot get DSL without the modem)
Thanks HeffeeD, but my GUI is different because the firmware is different. It has a red and black version by Verizon.
You should still have the same basic functionality regardless of the GUI. You should still have access to the ‘expert’ settings.
However, it sounds like you’re using it in conjunction with a third party router, so you’ll need to refer to the documentation that came with your wireless router. I’m assuming you had to go through the advanced settings already to set it up to use with your wireless?
So to recap things. Your network set up consists of Westell DSLmodem/router that is hooked to a Netgear wireless router.
So now we are in the field of two routers between computer and the web. I have very little experience in this field. But common sense tells me you would need both routers to be set up for DMZ for your computer.
Even though your interface differs read was is written in red at the top of the page of DSL reports:
The screen shots below are from the older 2100/2200/6100 firmware and may be different that your current modem. There are changes to the basic menu structure, but overall functionality/capabilities/configurations are the same.
I guess with some common sense and willingness to try you should be able set up the Westell modem and your wireless router.