Testing my firewall

Hi all,

I’m not convinced that my comodo configuration would pass leak tests or that it is secure. I’m behind a hardware firewall at home, but when I’m out roaming the coffee shop wireless connections I have no idea if I’m protected.

Is there an effective way to test my Comodo firewall given my configuration?

There are plenty of tests : for example here - http://eu3.download.comodo.com/securitytests/CLT.zip

:slight_smile:

Depends on what you think is “protected” ?

I assume you’re refering to incoming traffic from other systems to your laptop ?
You should set the stealth ports wizard to “Block all incoming connections, stealth my ports to everyone”.
This way no traffic is allowed to setup a connection from the external networks towards your system.

And i’ve tested this setup with nmap/hping2 to see if the system would respond to incoming requests.
It does not, it is stealth as it can be.

Running in “Alert me to incomming connections - stealth on a per case basis” will not totaly stealth you system !
I allows some crafted icmp packets to reply.

I ran CLT and failed all of the tests (‘vulnerable’) - what do I do, please?

I only installed Comodo a few days ago and don’t know much about how to configure a firewall. I feel rather uncertain about my configuration: for instance, I only found out about stealthing all of my ports through reading one of the postd in this forum.

I was sort of hoping that Comodo’s default settings would be enough - is there anything else I should be doing?

Any help or advice would be very welcome :slight_smile:

John Latter / Jorolat

Images of Dover

Hey jorolat, what mode is your firewall in?

Hiya Kyle,

It’s in “Safety Mode”.

John Latter / Jorolat

Images of Dover

Comodo firewall fall in the firewall tests on www.pcflank.com example fall in quick test, because some port is open >:(
Please correct this in newer version of Comodo firewall.I wish Comodo be bettert, much better! (L)

Hi Bodar,

Can you tell us a little bit more about your network setup ?
In this case it is possible that your internet router is answering the “test” from pcflank instead of you’r pc with CFP on it. Can you see the probes in your firewall log ? (Firewall, View Firewall events).

Does your setup look like this ?
Internet → ISP → Modem?/Router? → PC ?

hi bodar, defense+ is able to block this test for long now.
when u type some words then clic next, a D+ alert tells u the test is trying to access a protected com interface internetexplorer.application.1 on last comodo FW 3.0.25.378
u have to accept each D+ alert till the test appears on your screen then after typing some words and clic next u’ll get another D+ alert telling u about the test trying to do what i wrote at the beginning of my post.
then u’ll see if u block this alert, the test fails, unable to send data u wrote on some webpage if u allow it in D+.
this test.
if u allow this alert then u’ll have another D+ alert telling the test is trying to access IE in memory,
so if u allow it, u’ll see : your firewall has failed the test. and if u clic on open browser, u’ll have another D+ alert the test is trying to modify the user interface of IE, if u allow it will open the browser and u’ll see what u typed.
if u block, the page will not open but the data is allready stolen anyway.
so when the test says your firewall failed, u can go back where u enter the characters, u delete the rules added in D+ and when u clic next u’ll have this alert about pcflank trying to access a protected com interface internetexplorer.application.1, this alert is the critical point to bypass the firewall. allow it and comodo will fail , block it and the test will fail.
we tested this exploit longtime ago and comodo was allready able to block it.
my D+ is set to safe mode, image execution is set to agressive and i put “all apps” in files to check.

what i don’t know if to check “all applications” in image execution control means anything is analysed, does someone know if by adding “all applications”, D+ checks absolutly everything ? or what this setting is able to control? as there’s * as character, i imagine it means all is checked? can u help me on this point?

Hi all,

I’m not convinced that my comodo configuration would pass leak tests or that it is secure. I’m behind a hardware firewall at home, but when I’m out roaming the coffee shop wireless connections I have no idea if I’m protected.

Is there an effective way to test my Comodo firewall given my configuration?

Hi caveatrob

these 2 site are pretty thorough

http://www.grc.com/x/ne.dll?rh1dkyd2

You can download a whole heap of tests from Matousec.

Cheers,
Josh