Strange ports scaning results [RESOLVED]

I’ve made some tests with Comodo and I came to some strange results in my oppinion. Here they are:
In picture 1 you will find my Network Security Policy for ApexDC++, Yahoo and Firefox which is the same.

In firewall Active connections window all 3 programs were shown listening to some ports. (see picture 3)
I went to GRC shields up and made a Custom ports test choosing the ports shown to be listened by yahoo, firefox and ApexDC++.

The result are in picture 2: all ports listened by Apexdc++ were Open and ports listened by the other programs were stealthed even if all programs had the same settings.

Which is the explanation? Is it a bug or a normal behaviour ?

[attachment deleted by admin]

If your behind a hardware firewall you need to configure that first. Did you run the stealth port wizard? What are your global rules?

I’m not behind a hardware firewall.
Regarding the Stealth ports wizard I choose option number 2: Alert me to incoming connections - stealth ports on a peer-case basis

Global rules are shown in the picture attached.

[attachment deleted by admin]

Listening ports means that an app is prepared to receive inbound connections.
When this happens those ports cannot be stealthed.

Stealthing means to protect those ports when no application need them or I guess when no external application is supposed to be able to connect to them (eg firewall rules that prevent extranet connections)

AFAIK Firefox doesn’t rely on listening ports. FF usually works by means of outbound connections.

What kind of modem/router do you have? Are you sure it doesn’t have a hardware firewall? Some people on here don’t realize they have one.

I’m using a PPoE connection type, I have no modem just a network card where the cable enters. :smiley:
That’s all.

gibran, here’s Yahoo messenger listening ports… but if I make a grc scan they appear stealthed.

[attachment deleted by admin]

I guess some wireshark expert should be able to solve this riddle and let us know which is the exception and which is the rule.

OK…I’m waiting…

My guess is that if you open a command box and type;

netstat -an

and lookup the ports that correspond with firefox (or others) that they are listening on ip 127.0.0.1 being your loopback address, and that cannot be reached over your internet connection.

Apexdc++ is probably listening on 0.0.0.0 as in “all interfaces in this machine”.

Example My RPC is listening to all interfaces, the tcp port 5679 only on loopback, udp 123 on all.

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5679 0.0.0.0:0 LISTENING
UDP 0.0.0.0:123 :

If you wanna find out what program uses what port than use netstat -anb or fport from Foundstone

Ronny, here’s the result: see picture attached.

1321 and 1322 are the ports listened by ApexDC.
In these conditions my result is ok?

[attachment deleted by admin]

Yes,

It look’s like the ApexDC is using uPNP to tell the router what ports to open because
your first test show’s other numbers used for ApexDC.
And ApexDC uses those ports to “share you files” therefore shields up will show them as “open”.

How’s your global rules setup if i may ask ?

You can see my global rules setup in post no 3 in this thread.

Thank you for your confirmation. Now I’m satisfied with Comodo’s protection. :slight_smile:

Maybe you could take a look in the settings to see if you can set ApexDC to use ports you assign instead.
That way you could tighten security a little bit more on the “incoming” traffic for ApexDC only need’s 1 or 2 ports instead of what it likes to use from ANY in this case.

Well, yes, you’re right.
Thank for your answers. :slight_smile:

This Thread is now closed.

If you need this thread reopened, Please PM any online Moderator.

Cheers,
Josh