Time out during port scan

hey guys, both when using this site http://canyouseeme.org/ and this site Port Scanners / WhatsMyIP.org I get time-out when checking my ports.

Is this good, bad or means the same as “stealth”?

Or does it just mean that the test wasn’t performed properly, but it’s nothing bad…

I think it’s good, however run another test GRC’s Shields Up This way, more ports will be checked and it will be more clear to read and understand.

But beware, if you’re behind a router/hardware firewall this one will be checked. Not the software firewall. You can read more about it here

I hope I could help you a bit

Xan

thank you for the reply.

I did the GRC test and the ports came up as “stealth”. But I just wanted to try some other test and I did and was curious why the “time out” message.

Do you get it too? Or do you get also “stealth” messages, or whatever they call it there.

and no, don’t have a hardware firewall, just a cable modem Sagem (im not native English speaker so not sure if thats the proper word, but I think its called cable internet connection, through a phone line, but the modem has no firewall).

OH btw, I have my XP firewall still on. Someone here said I shuld disable it but I read somewhere else that I can stay on. I think I will disable it after all, should I do it?

Running 2 firewalls at the same time is never a good option, so yes you need to disable it :).

Do you get it too? Or do you get also "stealth" messages, or whatever they call it there.
Yes I get the error to, so I think that it's normal and that it means that you're stealthed.
and no, don't have a hardware firewall, just a cable modem Sagem (im not native English speaker so not sure if thats the proper word, but I think its called cable internet connection, through a phone line, but the modem has no firewall).
No problems then, it's just that if you're running a hardware firewall that it will check that one, not the software's.

Xan

  • I doubt there’s no firewall built in this modem, but you didn’t post any info about the HW. If there is and you get timeouts, that either means your cable modem recognized the check as a port scan and blocked traffic from that site temporarily, or that it basically crashed. My experience with Sagem stuff strongly suggests the second option…

  • If there’s really no firewall built in the modem, you should start by disabling the Windows Firewall and going on from there. Running two firewalls on the same box is definitely a no-no.

  • Stealth means the ports are invisible, Closed means they are reported as closed (no service running on them). There are usually explanations of the results on similar websites.

P.S. There’s no such thing as “hardware firewall”, the DSL/cable modems/routers usually run an embedded version of Linux with iptables etc.

Ok, this is strange (for me at least).

I disabled the Comodo and stayed with the XP firewall for a few minutes and I did the GRC test and passed it… but I guess that’s to be expected. :slight_smile:

But THEN… I disabled the XP for good and also disabled Comodo for a while and did the GRC test again… and it also passed both file sharing and “all service ports” tests! Basically my PC passed these tests with no firewall.

Now, I guess this can mean that either I have a hardware firewall (router built into the modem) or my ISP is protecting all my ports.

However, this is my modem , a few years old Sagem Fast 800 http://www.bob-de-neve.com/Modem%20SAGEM%20FAST%20800%20USB.jpg

I’m pretty sure it has no router, it’s just a basic modem, offering no protection.
Also, if it had a router, then from my understanding (I think Vettetech said this) all the attempted connections would be blocked already BY the router/modem and they wouldn’t be showing in my Comodo logs.

As I have a dynamic IP, it often happens that I get lots of blocked “intrusions” in my Comodo log, as you can see here http://i329.photobucket.com/albums/l386/thomasonline99/firewall.jpg which from my understanding are either “internet noise” or attemps to connect to someone who had the same IP a while ago and was doing file sharing (personally I never engage in p2p).
So if my Sagem had a built in router (and I’m still pretty sure that it doesn’t) then all that attempts would be blocked at that level and wouldn’t be showing in my logs…, right?

and my ISP, well it’s offering some filtering option, but only since a few weeks ago and from what I read, it’s blocking only a few ports, namely 135UDP/TCP, 137UDP, 138UDP, 139TCP oraz 445UDP/TCP.

This has some basic firewall, no routing, not even stateful inspection AFAICT. Otherwise this modem is plain garbage, I wouldn’t buy any USB DSL modem personally.

You cannot just simply disable Comodo. Are you sure the cmdagent and cfp.exe were not running.

I got that modem from an ISP few years ago, didn’t have a reason to change it, since it’s working fine (well, it gives me internet connection, that’s all I needed it for).
so basically I was right, this modem didn’t stealth my ports, right?

I right clicked the Comodo tray and then clicked on “exit” and confirmed that I want to shut down the Comodo firewall… I think this disables it…

Thats shuts down cfp.exe but doesnt shut down cmdagent. Be sure both processes are shut down. Either way your hardware modem is whats important. I have a 2Wire Gateway DSL modem and I can pass Shields Up without Comodo. I use Comodo for the program control and HIPS.

Yes, you can. That’s why there is Disabled mode in both Firewall and Defense+ Security Level settings.

This way you disabled CFP GUI, the true firewall runs as service cmdagent.exe. By default it’s protected against process termination. Just use the CFP GUI to disable the firewall by setting Firewall Security Level to Disabled. You can set this by using tray icon or a shortcut in main window in Summary tab. Then rerun ShieldsUP test once again.

But you need to reboot afterwords and still be sure both processes are not running.

Thanks!

So I Disabled the firewall as you instructed (without rebooting though, I just switched from “Safe mode” to “disabled”) and had re-run the “all service ports” test.

All ports appeared as closed (blue color) and only 3 ports were stealth - 135, 139, 447.

Properly you should uninstall Comodo and shut off your WIndows Firewall. Then once everything is all set and you have no firewall running then configure your hardware firewall to pass Shields Up. This is what I did. If you have a good hardware firewall you need to use that first.

Did you read this sticky note I had Josh put up. Its right above your post.

https://forums.comodo.com/leak_testingattacksvulnerability_research/hardware_firewalls_regarding_shields_up_test-t25462.0.html

Well but as I said, I have no hardware firewall so I’m fine with the Comodo protection.

In this thread, I just - first - wondered about the “time out” on some other “port scan” tools and then I was wondering why I have all ports stealth according to GRC even though I disabled the firewall, but as discovered above, that wasn’t true, as the Comodo was still on.

I have no hardware firewall and have no real plans of getting any (although I understand that it can have advantages).

But I think/hope that the Comodo firewall alone is already a great protection and I shouldn’t be too worried…

Thanks for the replies btw, I appreciate it really :slight_smile:

Did you check your manufacturers web site for info on your modem? Are you 100% sure your modem doesnt have a hardware firewall? If it doesn’t then simply run the stealth port wizard in Comodo and select the option to “block all incoming connections”.

Nope, you don’t. I don’t know from where you’ve got these informations, but you just misinform other CFP users.

You have to reboot only if you want to permanently disable the Defense+.

This is an expected behaviour. These few ports might be stealthed by your ISP or maybe you had ran a program called Windows Worms Doors Cleaner in the past ?

This is a very good advice.