PCflank tested with Comodo CIS

Hi,
i'm a new user of CIS 5 and tested it against pcflank's firewall leaktest. I'm aware that these tests are not ultimate or the definite answer if a firewall is good or bad. My pc is behind a DSL-NAT-router. CIS firewall security level is on "custom". Anyway i got some questions:

1) The port scan says ports : 21, 23, 80, 135, 137, 138, 139, 1080, 3128
are open ? Except port "System / TCP : listening 138", i don't know why these ports appear as open ?

2) The trojan check show ports : 27374, 12345, 1243, 31337, 12348 as visible ?

Thanks for any comments or answers.

 

If you're behind a router then your router is probed not you PC.

 

Just tested CIS and passes all the tests,FW in Safe Mode.

 

Are you behind a router ?

 

That's a lot of open, and visible ports! How old is your router? Is it Wired or Wireless? What make, and model is it?

 

After investigating the ports that you have showing open i found that many of them are used by your net bios, and are among the most dangerous ports to be open. It is possible you have an infection. If you don't you at least have something very strange going on on your machine. I'm not sure if a badly configured router could cause this so i hope some of the firewall experts jump in on this. You may try plugging your PC directly into the modem, and then check to see if the ports are still open. You need to fix this as soon as possible because you have an open invitation for infection! That is if your not infected already.
http://www.grc.com/port_135.htm
http://www.iss.net/security_center/advice/Exploits/Ports/137/default.htm
http://www.iss.net/security_center/advice/Exploits/Ports/138/default.htm
http://www.iss.net/security_center/advice/Exploits/Ports/139/default.htm

http://www.iss.net/security_center/advice/Exploits/Ports/default.htm

 

Are you sure the test report ports 'open'. With a NAT protocol you should have ports 'closed' but not 'stealth' unless the ports are actually actively in use. Probably you need log into the router and check its configuration.

Try https://www.grc.com/x/ne.dll?bh0bkyd2 to get confirmation about PCflank that is not always giving consistent results.

Fax

 

My router is an up to date model Telecom W503V, firmware is up to date too. I've disabled netbios in Windows and closed the ports in the router config, so the results are strange.
But overall , the router doesn't show much to configure. I've now rerun the different tests on PCflank.

ports: 21,23,80,135,136,137,138,139,1080,3128 :

> Quicktest shows these ports as "open".
> Advance portscanner shows them as "closed" ?

GRC ShieldsUp tests shows all filesharing ports, common ports and service ports as "stealthed". "appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet".

So one result seems totally wrong ?

 

is the ip address scanned the ip address displayed as the internet facing one on the router (check under its settings somewhere)? What is listed as running in Comodo list (outbound + inbound)?

 

Yes, the ip is correct. CIS showing firefox, alg.exe, cmd.exe. That moment there is a "svchost" (network service) shown , will have look at it.

edit : The svchost is ok, it's a connection of our IPTV receiver to the router. I'll have a look into the IPTV connection stuff regarding ports etc.

Thank you all for your help !

 

Then PCFLANK is wrong...
Try here for double checking and input your PCFLANK open ports.

Cheers,
Fax

 

I guess you're right. Thanks.

 

You're welcome