PC fails firewall tests

I did a FW test on my Dad's PC using GRC's Shields Up and also Sygates test and it failed them both quite badly or should I say almost every test.

My Fathers PC is running Win XP Pro SP2 with the XP FW which has been enabled. Now the other thing is he's also using a D-Link DSL-504G ADSL Modem/Router and even with that it still failed.

Both the tests were able to ping his ports, as the ports were left open.

Help would be greatly appreciated.

 

Whats is most likely happening is that your NAT(router's) address and not your actual address is being scanned and you have block WAN ping disabled in your router, thereby getting ping reply. Go to your router's admin and enable block WAN ping, then do a GRC scan and see what happens, if you are all green, then I suggest you turn off XP SP2 firewall, no need for double filtering.

 

Arup is right, GRC and Sygate's test may be scanning your router, not XP FW.

Even if you are all green, please do not turn off XP FW.
A combination of a hardware and software firewall is recommended.

 

Ok so your referring to the hardware Dlink here not the software FW

So for this to happen is that good or bad news and does this mean the PC is not protected good enough.

 

Yes.
Your D-Link router is being scanned, not your computer or software firewall.

 

All green meaning all stealthed ?

Also if I use a hardware FW is there really need for a software one. I always thought that hardware FW's dont block trojans, whereas software ones do.

 

I agree with that view. There have been cases in the past where router bioses were buggy. That's why you should check on a regular basis if a new version is available.

 

All green meaning all stealthed.

Software firewalls have a feature called Program Control. This could prevent trojans from calling home.

This article may let you understand more about the difference between a hardware and software firewall:
http://www.webopedia.com/DidYouKnow/Hardware_Software/2004/firewall_types.asp

 

Just a questions here. Lets say assume the Dlink router is the culprit here, than why didnt XP firewall stop the probing as well which resulted to the failure of the leak tests.

 

The point is that your router's IP was scanned in this case, not your real IP, do this before a scan, type IPCONFIG/ALL and see whats your real IP vis a vis the IP shown at GRC, for outbound protection you can add ZA free and turn the net security down to minimal. What you need to do is go to your router's admin and change the block WAN ping to enable instead of disable which most routers are usually shipped with, also change your router's default admin password from admin:admin to something else as then it would secure your router from getting hacked.

 

Does anybody here know how to enable block WAN ping on a D-Link DSL-504G

 

http://bredband.webtechnord.com/doc/guider/dlink/D-Link - DSL-504G Manual v2 (Eng).pdf

http://www.dlink.com.au/ArticleDocuments/225/DSL-504G Manual v2.00.pdf

 

Ok I'm not sure if this sounds correct, but this is what I did:

1. Went into the DSL-504G config menu
2. Choose Advanced Tab, then Firewall

Now in there I have this:

Protection Policy
Firewall attack can be configured based on you specific need.

The Attack Protection and DOS Protection are both Disabled. Should they be Enabled ?

Below that I've got this:

Service Filtering
The following services can be configured based on your specific need

Here I've got three boxes to tick:

1. Ping from External Network
2. Telnet from External Network
3. FTP from External Network

In these three boxes the only ones ticked are 2 and 3. 1 is not ticked.

Now as a trial I did enable both attack and DOS protection plus ticked Ping from External Network and again the GRC Shields Up FW test failed.