Hi everybody.
I'd like to be able to understand this.
I use XP Pro w/SP2.
D-Link router hooked to cable broadband.
I know when I test for leaks and stealthed ports I'm really testing either the cable company or the router.
So I go to PC Flank and pass all of their tests. I'm locked down tight.
Except that when I use their Quick Test it finds four ports open.
Why do I pass all the other test at PC Flank and fail their Quick Test and how do I fix this?
I have tried this with a bunch of software firewall including Comodo.
Thanks for my continuing education.

Hi Doc Serenity :)

{QUOTE->
D-Link router hooked to cable broadband.
<-QUOTE}

At first glance this looks like a router setup problem...

First question (may be a stupid one but somebody have to aks it ;) )

Did the Linksys router was provided by your ISP OR it is connected to a modem provided by the ISP ?
If so, is it possible that the ISP modem is actually a modem-router ???

If it's the case you have two router: may be the problem comes from this weird setup...

Check the documentation of this modem provided by the ISP or contact them to know more about this...

{QUOTE->
I know when I test for leaks and stealthed ports I'm really testing either the cable company or the router.
<-QUOTE}

Some ISP may filter some ports for you.
When this happen these protected ports are stealthed not closed or open.

An easy way to check this is at grc.com (Gibson research Shields up).

www.grc.com
go to the Shields up test
choose "all services ports"
check the information "Detecting Ports Blocked by Your ISP" ...

{QUOTE->
So I go to PC Flank and pass all of their tests. I'm locked down tight.
Except that when I use their Quick Test it finds four ports open.
Why do I pass all the other test at PC Flank and fail their Quick Test and how do I fix this?
I have tried this with a bunch of software firewall including Comodo.
Thanks for my continuing education. <-QUOTE}

Hum... PCFlank tests. IMHO that's was a good site for testing...

Check again but this time at gibson research
Shields up test
all service ports

And give us the results (Which port are closed of open...)

Hope this help. Let us know.

:)

Climenole,
I turned off the firewall in the D-Link router and turned off the Online Armor firewall.
GRC stealth tests remain the same. I'm stealthed.
PC Flank tests remain the same. I'm stealthed.
My cable broadband isp is blocking the tests.
However, I still have ports 135, 137, 138 and 139 visible when I use the PC Flank Quicktest.
I've tried this with a bunch of different firewalls and get the same results.
So how do I stealth these ports?
And why do I pass the other tests and fail the Quicktest?
Thanks.
Doc

I would tend to think that the PC Flank Quicktest was giving you bogus results.. I do remember running the PC Flank tests and getting silly results in the past when other test sites showed that I was 100% stealth. If you test out ok on other sites, then I would simply disregard your Quicktest results and call it a day. You're probably fine...

I wouldnt take to much notice of PC Flanktest as you will find at the end of test, they are advertising Firewalls to buy. You can pretty much rely on GRC sheildsup. IMO...:)

i used grc firewall test

my port are stealthed, but ICMP echo (ping) failed. I used recommended setting of CPF ???

If you have a router or modem/router combo, the router could be responding to the pings. If so, you need to set the router to not do ping replies...

I am not defending PC Flank Test but my system passed all the set tests. However, the system is under the tightest packet-filtering rules provided by the ISP and the router with very tight rules.
{QUOTE->
Except that when I use their Quick Test it finds four ports open.
Why do I pass all the other test at PC Flank and fail their Quick Test and how do I fix this? <-QUOTE}
{QUOTE->
However, I still have ports 135, 137, 138 and 139 visible when I use the PC Flank Quicktest. <-QUOTE}
I may be wrong but are your "NetBIOS over TCP/IP disabled"? You can check it trough command prompt "ipconfig /all", assuming you are on Windows.

{QUOTE-> If you have a router or modem/router combo, the router could be responding to the pings. If so, you need to set the router to not do ping replies... <-QUOTE}

i dont have router.

any idea how to configure that in Comodo so it will not do ping replies?

Nope, sorry, I'm not familiar with Comodo, but I'm sure one of the other folks here knows Comodo and can help you... or perhaps the Comodo forum also..

{QUOTE-> I am not defending PC Flank Test but my system passed all the set tests. However, the system is under the tightest packet-filtering rules provided by the ISP and the router with very tight rules.


I may be wrong but are your "NetBIOS over TCP/IP disabled"? You can check it trough command prompt "ipconfig /all", assuming you are on Windows. <-QUOTE}

Thanks everybody for helping. I'm thinking the test might be unimportant.
ZZZ, I went to ipconfig but saw nothing about Net Bios over TCP/Ip.
IP Routing is disabled and so is Wins Proxy, if thats what you were referring to.
Regards.
Doc

{QUOTE-> Thanks everybody for helping. I'm thinking the test might be unimportant. <-QUOTE}
I see. Then, I'll leave it your own judgment.
{QUOTE-> ZZZ, I went to ipconfig but saw nothing about Net Bios over TCP/Ip.
IP Routing is disabled and so is Wins Proxy, if thats what you were referring to. <-QUOTE}
No. I wonder if it doesn't show NBT over TCP/IP if it is not disabled. ???

I think you have already made up your mind but just in case someone might be interested, I'll leave info on how to close these ports you mentioned.

The easiest way is probably to use utility such as WWDC (http://www.firewallleaktester.com/wwdc.htm) but if you would like to do it manually for some reason, please read on:
Closing Port 135
From Microsoft Knowledge Base (http://support.microsoft.com/kb/825750/)
{QUOTE-> 1. Run Dcomcnfg.exe.
2. If you are running Windows XP or Windows Server 2003, perform these additional steps:
a. Click the Component Services node under Console Root.
b. Open the Computers folder.
c. For the local computer, right-click My Computer, and then click Properties.
d. For a remote computer, right-click Computers folder, point to New, and then click Computer.
e. Type the computer name.
f. Right-click the computer name, and then click Properties.

3. Click the Default Properties tab.
4. Click to select (or click to clear) the Enable Distributed COM on this Computer check box.
5. If you want to set more properties for the computer, click Apply to enable (or disable) DCOM. Otherwise, click OK to apply the changes and quit Dcomcnfg.exe.
6. Restart the operating system for the changes to take effect. <-QUOTE}

Closing Port 137-139
Petri IP Knowledge Base (http://www.petri.co.il/disable_netbios_in_w2k_xp_2003.htm)

ZZZ,
I tried the WWDC. It closed everything except the Net Bios ports.
The WWDC box shows a yellow exclamation point and states that Net Bios will be closed after reboot.
6 times later it still says that.
When I click on the WWDC desktop link I get a pop up saying I'm protected and all ports are closed.
Nope.
And I still fail the Quick Test at PC Flank.
However, I did go down to failing for only port 135 once.
But now I'm back to failing the same 4 ports. 135, 137, 138 and 139.
Removed all 3d party firewalls and HIPS.
Checked the settings for Network Magic.
Nothing is making a difference.
And what still drives me nuts is that I had the same isp, the same modem, the same router months ago and passed all these tests with no problems.
What I meant about thinking that the test was flawed was simply that others were expressing that thought.
Hope somebody can help.
Oh-I did check again in ipconfig/all.
There is nothing there for NBT over TCP/IP.
Thanks.
Doc

Doc, just out of curiosity, what results do you get when you go and test at Grc.com for example?

According to an earlier post, Doc's system seems to have passed GRC tests all right.
{QUOTE->
GRC stealth tests remain the same. I'm stealthed.
<-QUOTE}
@Doc
What struck me as odd is that these ports should be covered by any decent personal firewall in the first place. Also, I cannot see the reason why my system passes all the set PC Flank tests while some people's systems don't. Furthermore, I cannot figure out why your system passed PC Flank Quick Test once with the ports except 135. If PC Flank is intentionally doing this for marketing purpose, then, why do they do it in this idiosyncratic way? I am sorry, Doc but I am totally puzzled here. :(

{QUOTE-> ZZZ,
I tried the WWDC. It closed everything except the Net Bios ports.
The WWDC box shows a yellow exclamation point and states that Net Bios will be closed after reboot.
6 times later it still says that.
When I click on the WWDC desktop link I get a pop up saying I'm protected and all ports are closed.
Nope.
And I still fail the Quick Test at PC Flank.
However, I did go down to failing for only port 135 once.
But now I'm back to failing the same 4 ports. 135, 137, 138 and 139.
Removed all 3d party firewalls and HIPS.
Checked the settings for Network Magic.
Nothing is making a difference.
And what still drives me nuts is that I had the same isp, the same modem, the same router months ago and passed all these tests with no problems.
What I meant about thinking that the test was flawed was simply that others were expressing that thought.
Hope somebody can help.
Oh-I did check again in ipconfig/all.
There is nothing there for NBT over TCP/IP.
Thanks.
Doc <-QUOTE}

The Net bios ports can be closed with an utility called seconfigxp.

{QUOTE-> According to an earlier post, Doc's system seems to have passed GRC tests all right.

@Doc
What struck me as odd is that these ports should be covered by any decent personal firewall in the first place. Also, I cannot see the reason why my system passes all the set PC Flank tests while some people's systems don't. Furthermore, I cannot figure out why your system passed PC Flank Quick Test once with the ports except 135. If PC Flank is intentionally doing this for marketing purpose, then, why do they do it in this idiosyncratic way? I am sorry, Doc but I am totally puzzled here. :( <-QUOTE}
Thanks, just remembered he said Grc was ok and stealthed..

In my opinion, PC Flank is just flakey and not to be relied upon or taken seriously..

Thanks everybody for all the help.
WWDS doesn't do the trick. I had the same problem as ZZZ with the Net Bios in yellow and never did get closed.
Seconfig XP did not work either according to PC Flank.
I've removed my D-Link router and the reults are the same as with it.
My ip address is for my pc, not my ISP. It's the ip that I see in ipconfig.
So nows a good time to hookup the router again and find an effective way for a novice to properly secure my pc.
Regards.
Doc

With referance to the PCFlank quicktest. I have just been to check, this informs me I have port 139 open,... lol, this is NOT possible on my setup. So the test is flawed/faulty, and requires attention by the site admin. (I was also amused at the fact that port 139 was not scanned by this "test")

Thanks for confirming my sentiments/suspicions Stem.. I think PC Flank is definitealy flakey and not to be trusted at the moment... Actually, it has been this way as long as I can remember too, for years in fact.. always odd results that aren't consistent with other test sites...

{QUOTE-> I think PC Flank is definitealy flakey and not to be trusted at the moment... <-QUOTE}I would certainly agree that this needs serious attention by PCFlank. I have been going through my logs made from this test, and it just doesn`t add up correctly.

Regards,

Thanks everybody for your help.
Stem, I was thinking the test was flawed, but then so is what's left of my brain.
You've helped a lot.
Regards.
Doc

{QUOTE-> any idea how to configure that in Comodo so it will not do ping replies? <-QUOTE}

Someone correct me if I'm wrong, but check Comodo's "Network Rules" and make sure ICMP, echo reply, is set to in only, not out.

Either that, or look for a "global rule" where you have the option of disabling "reply to pings".

{QUOTE-> Someone correct me if I'm wrong, but check Comodo's "Network Rules" and make sure ICMP, echo reply, is set to in only, not out.

Either that, or look for a "global rule" where you have the option of disabling "reply to pings". <-QUOTE}


A Default configuration on a clean comodo's installation already fully stealths your computer (successfully passes grc & pcflank tests, which include ping replies)

Cheers ;)