[/color]I’ve just done afew tests on GRC’s site and everything well till I done tested Most Common ports, all the ports they scanned resulted in stealth but Unsolicited Packets failed.
[b]Solicited TCP Packets: PASSED — No TCP packets were received from your system as a direct result of our attempts to elicit some response from any of the ports listed below — they are all either fully stealthed or blocked by your ISP. However . . .
Unsolicited Packets: RECEIVED (FAILED) — Your system’s personal security countermeasures unwisely attempted to probe us in response to our probes. While some users believe that “tracking down” the source of Internet probes is useful, experience indicates that there is little to gain and potentially much to lose. The wisest course of action is to simulate nonexistence — which your system has failed to do. Your counter-probes immediately reveal your system’s presence and location on the Internet.
Ping Echo: PASSED — Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests) from our server.[/b]
Unsolicited Packets failed, and it might not be a big deal but I got abit curious as it says, “Your system’s personal security countermeasures unwisely attempted to probe us in response to our probes. While some users believe that “tracking down” the source of Internet probes is useful, experience indicates that there is little to gain and potentially much to lose. The wisest course of action is to simulate nonexistence — which your system has failed to do. Your counter-probes immediately reveal your system’s presence and location on the Internet.” Have I got anything to loose by Comodo reacting in this way? other than what it states, that the probes reveal my systems presence ?
Strange situation, CIS does not respond to these probes, can you tell us a bit more about your network setup ? Type of connection, modem/router type etc…
Did you perhaps ping or traceroute the ip address of shields up ?
Do you have other security software installed ?
Does it repeatedly report this if you scan it a few times ?
Can you tell me me make and type of modem used ?
thats weird, i just done a scan it and the result was, Your system has achieved a perfect “TruStealth” rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to “counter-probe the prober”, thus revealing themselves. But your system wisely remained silent in every way. Very nice. any ideas as to why it showed different?
Did you perhaps ping or traceroute the ip address of shields up ? Don’t think so ???
Do you have other security software installed ? Only one firewall running and thats comodo
Does it repeatedly report this if you scan it a few times ? I just done one as i signed on, and it showed trustealth
Can you tell me me make and type of modem used ? Motorola SB5100
Strange i would run it a few times this coming week and see if it stay’s stable.
Maybe it’s a problem at shields up, or maybe your provider has intrusion detection/prevention implemented in their network that could have caused this…
No Antivirus like Avast with webshield etc active, that could cause some response traffic maybe…
Will do, thank you. I have nod32 installed, real time protection is active, it also has web protection. Its not something I want to turn off as it helps alot when I browser the net.
OP never told if he uses ADSL modem in “Router” or “Bridge” mode. Maybe its modem which is tested by GRC and not CFW.
To find out whether NAT is present on system or not one of the easiest ways is to launch IP2 app by Robin Keir.
If WAN and LAN addresses match then its CFW which is tested, if they don’t match then modem is tested, not CFW.
Unsolicited Packets: RECEIVED (FAILED) — Your system’s personal security countermeasures unwisely attempted to probe us in response to our probes. While some users believe that “tracking down” the source of Internet probes is useful, experience indicates that there is little to gain and potentially much to lose. The wisest course of action is to simulate nonexistence — which your system has failed to do. Your counter-probes immediately reveal your system’s presence and location on the Internet.
removed the first, ALLOW IP FROM IP ANY TO IP ANY WHERE PROTOCOL IS ANY
and add,
BLOCK - ICMP - OUT - ANY - ANY - ICMP ECHO REPLY
BLOCK - ICMP - OUT - ANY - ANY - ICMP PROTOCOL UNREACHABLE
???
& should i move the two above to the bottom of the list?
these wont effect my broadband will it? sorry i’m still learning about all these things. i’m wired to cable - virgin media modem.
by the way that rule you told me to remove appears everytime i stealth my ports via the stealth ports option in common tasks > stealth ports wizard ???
I have a mix wireless/ethernet router and these are default rules for cis3 in proactive-maximal alert mode:
Block-ICMP Out-Any-Any-Protocol unreachable
Block-ICMP In-Any-Any-Message 17.0
Block-ICMP In-Any-Message 15.0
Block-ICMP In Any-Message 13.0
Block-ICMP In Any-Any-Echo Request
I added the Echo Reply rule “at your request”: if you don’t reply to ping, the “tester” (or malware) does not know that “you exist”.
As you can see, i have no global allowing rule, the consequence is that the order has no importance whatsoever.
The default allow-ip-any-any-any rule at the top opposes whatever follows and, as severely discussed elsewhere in this forum, allows by definition whatever outbound communication: as such, nothing keeps under these conditions your system to leech everything to the outside, and particularly to “answer” to some leaktests.
ok, thank you for your help mate, could you offer anymore advice, heres the 5 rules i currently have in screen shot below
I’m wired up to a modem no router or wireless, do you think i should add anymore rules in global rules? i do not wish to share my connection with anyone…
Also this upgrade to v4, is it needed? i’m currently using v3.14.130099.587
theres also a screenshot of my port set & network zones. when i connected my modem when i first installed it asked me to add a network in my network connections but as i do not share my connection i didn’t add it and cancled it.
Seems correct altough i don’t see the utility to use http other then 80 and 443 and mail other then 25 and 110 if your are not using a proxy, LDAP, or webmail.
The localhost rule by itself is of no use if you don’t write corresponding rules (Firefox, allow TCP Out, destination localhost, while Firefox must allow TCP Out only to http ports and ask or block whatever else).
But keep in mind that everyone has a different configuration and uses different software, and proceed by trial and error and leaktest after each modification.
I forgot: i definitely shall stay with v3 as long as i can (i only use firewall and defense+, antivirus from avira), and making from some time to another offline leaktests and malware search (mbam…).
v4 won’t bring me, at the day speaking, anything else then trouble with sandbox and auto-trusted behaviors i don’t want to hear of.
proxy ldap??? no i don’t use neither i don’t think and i use windows messenger for mail.
localhost? should i remove it? and have nothing in network zones? would the localhost be used when logging on - connecting to the internet?
i haven’t installed v4 just seen it on here. i don’t think i will be upgrading as v3 isn’t telling me to and plus i’ve jsut about got to grips with this one, i don’t need hassle with another version.
Localhost is essentially used for local connexion by Firefox (and some other software); localhost is by definition your own computer, is not to be deleted if you use Firefox (you can’t) and is safe as long as it connects to itself.
I only said that a network zone rule is useless if not to be used by the rules themselves (i.e., for creating a Firefox rule where the allowed ip are the localhost zone).
Whenever Comodo shall have decided so (it already did for me), you shall be prompted by an update request from which you should read the details.
If it speaks about CIs v4, deny it, or V4 shall be installed as an update without you ever wanting that; as a consequence, i unchecked Comodo updates in order to keep v3, and without any consequence to the v3 firewall/defense+, as it is notorious it won’t ever be itself updated.