Vettetech, yes I have tried rebooting. the global rules don’t seem to change and are below. My modem is a Huawei smartAX mt882. Even after selecting the stealth mode option 3 the global rules remain the same.
I assume my global rules are the same as everyone elses and I haven’t altered them :
IP out, Ip any, protocol is any
allow ICMP, when ICMP is fragmenation
ICMP in, when ICMP is time exceeded
block & log ip, Ip any where protocol is any.
having read various threads about anti virus , I noted that you seemed keen on NOD32 , which I have seen other more knowledgeable friends using , so seems logical that it is a good product. I also see that ESET also have a suite that includes a firewall ?
ok… now I am really confused , I did a “common ports” test and the result was as I had previously stated, only the 6 shown as stealthed. however , I have just completed a Shields up all service ports “GRID SCAN” where it checks the first 1056 tcp ports - they come up as all green 'stealthed and it passed the test ?.
A real quick check, to see if there is something holding those ports open. From a command prompt, run “netstat -an”. The second column is the listening address:port. In this case, you’re looking for :80 or :23 or :21 or :110 or :25. If any of those show up in the netstat list, then those ports are indeed open.
Is this an XP Pro machine? These are the typical server ports for an Windows IIS server. Which is not something to have running around unsupervised.
I think that wouldn’t make sense as that are the only ports being discovered Stealth.
21,25,80 belong to IIS telnet and pop3 don’t but i agree on not needing these on a normal pc.
You’re right, Ronny. My goof, as I read what I was expecting to read, not what was written.
Which gives me an even stranger question. If CFP is configured for full stealth, then why do any ports show “closed”, meaning that GRC got back an ICMP “port unreachable” rather than a stealth timeout.
If this is the same make and model, this is a full blown NAT/router. Meaning that GRC is scanning it, and not the PC.
Unless the modem is configured as a bridge?
As he stated now, he get’s different results doing different tests that’s even more strange.
If i’m correct a TCP probe marked closed is based on receiving a TCP RST, only for UDP a ICMP port unreachable will be send out by default.
The only way he could get the scan on his pc is that there is a virtual server or DMZ Host defined in it, or as you said if he’s running in the modem not router/firewall mode.
or if the router was configured to forward ports 1-1024 to the internal PC. I realise this is the extreme edge of left field, but it would fit the scenario.
i’ll try and answer where I can , I didnt know I had a hardware firewall, I didnt configure it , I just plugged it in when talktalk sent me the broadband package - so sorry if I confused anyone , apart from me !
I think I may be able to get into my router and it looks like I can give you the following : STATUS , system information , service information & stastistics. BASIC - adsl, wan,lan,dchp,dns,nat, ip route & atm traffic. ADVANCED rip, firewall, ip file.Qos, icml,acl & upmp. But i have no idea what any of this means !!!
I have copied some of them across onto microsoft word , but dont know how to print them to this page .
If you have a good hardware firewall then you should pass Shields Up with flying colors even echo ping block. I do not need Comodo to pass this test. Best bet for you is to uninstall Comodo and set up your hardware firewall til you pass the Shields Up with flying colors. Then once your all set install Comodo and use it to control applications and use D+ for the HIPS protection. This is what I did.
If you have the hardware firewall configured and can somehow get it to show you logs, then run the ShieldsUp! Test and then look at the hardware logs. I was totally confused when Comodo stopped detecting my shieldsup test pings and then I thought I might take a look at the hardware firewall’s log and lo and behold, there was that all too familiar IP address along with 1,000 other IP addresses who had tried to send UDP and TCP packets to me.
Even better…one particular IP address within my own city had been ICMP code 8 echoing me once every 8 hours. Very scary…
As good as Comodo is, hardware + Comodo = about as safe as you can get…
Everyone has been very good at trying to solve my problem.
I had no idea that I even had a hardware firewall until someone mentioned it and I certainly have no idea how it works, how it is configured or even how to adjust it.
One thing that Emonroe has mentioned and jogs my memory is that i keep getting the same firewall event blocking an intrusion it’s the same source ip and in the main about 90% the same destination IP.
I suppose that at least I have good firewall cover, with either the smartax and then Comodo to back it up.
Thanks for your help.
Is the IP address being blocked a router address? Do a google search for “reverse DNS” and type in the IP address being blocked. If it is a real IP address look at what your firewall is blocking. If its ICMP look for the type, it should show up like this (8) or (3).
Setting up the hardware firewall shouldn’t be difficult. I think you said you had a menu on it called “firewall”. Just go in there and post a screen shot of all the options. I’ve tinkered with my hardware firewall a lot since I got it, I might be able to help you out.
I’ve tried to locate a copy of the user guide/manual for the MT882 on the web. No luck in finding one.
To post screenshots here, you can have Windows capture a screen to the Windows clipboard by pressing alt-prntscrn, and then open an application like Windows Paint (or Notepad, or Wordpad, but Paint is better for graphics). Then use a normal cntl-V to paste the clipboard contents. Then save the image as a file as a file type of PNG, JPG, or GIF file. BMP files are way way too big, and BMP is the default.
To post the file here, in the lower left of the forum posting page, you’ll see “Additional Options”, one of which is Attach. You can Browse to the file that you saved from Paint, and then post, and your screenshot will show up here.
One thing I would suggest, is that you do change the router password from the factory default. My web search readily found the “admin/admin” default, which could be used to gain access from the Internet. How easy, or not, depends on how your modem/router is configured. Factory defaults are not always the most secure.
shields up says i have no reverse dns - which is a good thing , they say
I wish i had paid more attention when younger to computer issues , I have to say that most of what is being discussed goes way over my head, I dont consider myself to be stupid but as far as computers I am in the great silent majority - I just turn it on and hope it works , relying on the programmes to keep me safe and secure and when they go wrong I am a fish out of water.
Thank heavens for people like you.
I’ve looked at your posted firewall.doc file. The settings look good.
Is there a tab for something that says “filter”? Some modem/routers have a CFP like facility but they don’t call it a firewall, they call it a filter. If your hardware has that also, then it might be possible to tighten things up some from the factory defaults.
Did the modem/router come with a CD-ROM? There may be a user guide on the disk that you could read thru.
The only CD it came with was about getting onto the internet , and plugging the modem in, setting up and e-mail address, but nothing specific to the modem, no instructions to cover this . I have found an IP filter section , that has rule interface , status , direction etc, but it’s 3 pages long and I don’t know whether the information is ‘sensitive’ in that it can be used by a hacker?. I could PM it to you , but wouldn’t presume thats in order.
