Rising Firewall: Always fails in Shields Up!

sg09 · #1 January 30th, 2012, 01:20 PM

I have heard good words about Rising Firewall. But whenever I try it against Shields Up! test it fails. I got the pop-up "port Scanning intercepted" multiple times and after all port scan I find a few opened, some stealth and most closed.

http://i.imgur.com/QCzn4.jpg

Open ports
https://www.grc.com/port_135.htm
https://www.grc.com/port_445.htm
https://www.grc.com/port_902.htm
https://www.grc.com/port_912.htm

I have installed Rising just today and before installing I checked that Windows Firewall Stealth all ports in Shields Up!

#2 January 30th, 2012, 03:05 PM

A few minutes of testing in a Win7x64 vm reveals similar results to yours with several open ports. To fix it, try:

Defence -> Network Data Protection -> Enable

that should do it

whitedragon551 · #3 January 31st, 2012, 08:05 AM

Whats your point? If your on a secure network in your own house who cares what Shields Up says. This is another one of those things that makes everyone think they need this and that just to stay safe.

#4 January 31st, 2012, 10:30 AM

The firewall in its default state leaves several ports open. At the very least the firewall should close all ports.

King Grub · #5 January 31st, 2012, 10:59 AM

If you have unexpected open ports, maybe you should try configuring the service or application using them first. Ports aren't open by themselves.

clubhouse · #6 January 31st, 2012, 11:35 AM

Quote:

Originally Posted by King Grub

If you have unexpected open ports, maybe you should try configuring the service or application using them first. Ports aren't open by themselves.

I agree with what you are saying but, I had the same problem with this firewall (port 1025 open)...I changed to Privatefirewall and its closed, no configuration needed....It should ideally work out of the box...no?

sg09 · #7 January 31st, 2012, 01:10 PM

Quote:

Originally Posted by wat0114

To fix it, try:

Defence -> Network Data Protection -> Enable

that should do it

I have that enabled...

http://i.imgur.com/XIstL.jpg

Quote:

Originally Posted by King Grub

If you have unexpected open ports, maybe you should try configuring the service or application using them first. Ports aren't open by themselves.

As I said in the post

Quote:

Originally Posted by sg09

I have installed Rising just today and before installing I checked that Windows Firewall Stealth all ports in Shields Up!

This means that no applications were using those ports. Only after installing RFW this happened. I had experienced that before too and also confirmed by wat0114.

Btw...

Did the test once again..,
New result

http://i.imgur.com/I0pTA.jpg

Some ports which were opened yesterday are closed today (902 and 912). Does that mean RFW has kind of adaptive behavior?

Quote:

Strange Results?
Personal firewalls are beginning to exhibit "adaptive behavior". The grid shown to the left starts off showing ports mostly closed with a few open (mostly blue with a few red cells). Then at some point it suddenly switches into "stealth mode". This can occur when a firewall "adapts" to the scanning IP and raises its defenses against just the attacker. This complicates the job of accurately checking a system's security.

Two things you can do: If you are not certain whether your firewall is adaptive, you can re-run any test here to compare the results. Differing behavior often indicates that your firewall has "learned" that it is being probed from our IP and is treating it differently. For the most accurate scan results, disable any adaptive behavior during the testing.

http://i.imgur.com/4RkGa.jpg

https://www.grc.com/x/ne.dll?rh1dkyd2

How check if RFW has some adaptive nature? And how to disable that?

sg09 · #8 January 31st, 2012, 01:19 PM

Results of PC Flank are also not encouraging...

http://i.imgur.com/YWrX1.jpg

http://i.imgur.com/41F4b.jpg

#9 January 31st, 2012, 03:30 PM

I took another look in case I missed something. Of the two separate scans I tried using Zenmap, it seems to block or stealth all ports with the possible exception of TCP 6059 or TCP 49154, 49157 & 49158 depending on which scan you believe

The second scan result was after I denied ports 135 & 445. I don't believe this to be a Zenmap issue, but rather a Rising fw issue. You might also try:

Settings->Net Defence->IP Rule setting->Deny 135 and 445. It didn't seem to make a difference for me.

Some of my observations of this fw and my final thoughts, fwiw:

1. It does not alert on port scans

2. It does not alert to applications (Firefox for example) attempting network access.

3. Unless I missed it, there is no logging built in whatsoever!

4. even though it's not necessarily important, it does not seem to stealth all ports. It appears to close some, leave one or more open, and stealth all the others.

All of this I find, imo, unacceptable. I would never recommend this firewall/security suite to anyone.

sg09 · #10 January 31st, 2012, 09:49 PM

Quote:

Originally Posted by wat0114

Some of my observations of this fw and my final thoughts, fwiw:

1. It does not alert on port scans

2. It does not alert to applications (Firefox for example) attempting network access.

3. Unless I missed it, there is no logging built in whatsoever!

1. It alerts on Port Scans

http://i.imgur.com/pCcHb.jpg

2. It actually automatically allows some applications

http://i.imgur.com/QqEb7.jpg

3. There is a logging built

http://i.imgur.com/mZy9i.jpg

What I am really concerned is that it lefts ports open but there could be an adaptive behavior and it fails against PC Flank test.

#11 January 31st, 2012, 10:15 PM

No wonder I couldn't find the logs; they are under the Antivirus tab

The alert now works after I put the "Outbound attack interception" levels to "High".

Thanks for the clarifications

Strange, however, that scan results are all over the map. Sometimes certain ports are open and sometimes they're not. I ran two more and the first showed 139 & 445 open, but a second time they were closed??

sg09 · #12 February 1st, 2012, 01:41 AM

Quote:

Originally Posted by wat0114

No wonder I couldn't find the logs; they are under the Antivirus tab

The alert now works after I put the "Outbound attack interception" levels to "High".

Thanks for the clarifications

Strange, however, that scan results are all over the map. Sometimes certain ports are open and sometimes they're not. I ran two more and the first showed 139 & 445 open, but a second time they were closed??

That's what I found too. Adaptive nature..?

Quote:

Originally Posted by sg09

Btw...

Did the test once again..,
New result

http://i.imgur.com/I0pTA.jpg

Some ports which were opened yesterday are closed today (902 and 912). Does that mean RFW has kind of adaptive behavior?

http://i.imgur.com/4RkGa.jpg

https://www.grc.com/x/ne.dll?rh1dkyd2

How check if RFW has some adaptive nature? And how to disable that?

taleblou · #13 February 1st, 2012, 03:23 AM

Hi:

Did you test the 2012 beta version to see if any port anomaly is present? the 2012 beta might be better then 2011. Try it and let us know.

sg09 · #14 February 1st, 2012, 03:57 AM

Quote:

Originally Posted by taleblou

Hi:

Did you test the 2012 beta version to see if any port anomaly is present? the 2012 beta might be better then 2011. Try it and let us know.

I usually refrain myself from trying out beta products in my real machine. I might give it a try in virtual machine.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search