PCflank tested with Comodo CIS

Discussion in 'other firewalls' started by gambla, Nov 5, 2010.

Thread Status:
Not open for further replies.
  1. gambla

    gambla Registered Member

    Joined:
    Sep 4, 2007
    Posts:
    161
    Location:
    Frankfurt, Germany
    Hi,
    i'm a new user of CIS 5 and tested it against pcflank's firewall leaktest. I'm aware that these tests are not ultimate or the definite answer if a firewall is good or bad. My pc is behind a DSL-NAT-router. CIS firewall security level is on "custom". Anyway i got some questions:

    1) The port scan says ports : 21, 23, 80, 135, 137, 138, 139, 1080, 3128
    are open ? Except port "System / TCP : listening 138", i don't know why these ports appear as open ?

    2) The trojan check show ports : 27374, 12345, 1243, 31337, 12348 as visible ?

    Thanks for any comments or answers.
     
  2. burebista

    burebista Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    208
    Location:
    Romania
    If you're behind a router then your router is probed not you PC. :)
     
  3. JoeBlack40

    JoeBlack40 Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    1,572
    Location:
    Romania
    Just tested CIS and passes all the tests,FW in Safe Mode.
     
  4. gambla

    gambla Registered Member

    Joined:
    Sep 4, 2007
    Posts:
    161
    Location:
    Frankfurt, Germany
    Are you behind a router ?
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    That's a lot of open, and visible ports! How old is your router? Is it Wired or Wireless? What make, and model is it?
     
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    After investigating the ports that you have showing open i found that many of them are used by your net bios, and are among the most dangerous ports to be open. It is possible you have an infection. If you don't you at least have something very strange going on on your machine. I'm not sure if a badly configured router could cause this so i hope some of the firewall experts jump in on this. You may try plugging your PC directly into the modem, and then check to see if the ports are still open. You need to fix this as soon as possible because you have an open invitation for infection! That is if your not infected already.
    http://www.grc.com/port_135.htm
    http://www.iss.net/security_center/advice/Exploits/Ports/137/default.htm
    http://www.iss.net/security_center/advice/Exploits/Ports/138/default.htm
    http://www.iss.net/security_center/advice/Exploits/Ports/139/default.htm

    http://www.iss.net/security_center/advice/Exploits/Ports/default.htm
     
    Last edited: Nov 6, 2010
  7. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Are you sure the test report ports 'open'. With a NAT protocol you should have ports 'closed' but not 'stealth' unless the ports are actually actively in use. Probably you need log into the router and check its configuration.

    Try https://www.grc.com/x/ne.dll?bh0bkyd2 to get confirmation about PCflank that is not always giving consistent results.

    Fax
     
  8. gambla

    gambla Registered Member

    Joined:
    Sep 4, 2007
    Posts:
    161
    Location:
    Frankfurt, Germany
    My router is an up to date model Telecom W503V, firmware is up to date too. I've disabled netbios in Windows and closed the ports in the router config, so the results are strange.
    But overall , the router doesn't show much to configure. I've now rerun the different tests on PCflank.

    ports: 21,23,80,135,136,137,138,139,1080,3128 :

    > Quicktest shows these ports as "open".
    > Advance portscanner shows them as "closed" ?

    GRC ShieldsUp tests shows all filesharing ports, common ports and service ports as "stealthed". "appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet".

    So one result seems totally wrong ?
     
    Last edited: Nov 7, 2010
  9. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    is the ip address scanned the ip address displayed as the internet facing one on the router (check under its settings somewhere)? What is listed as running in Comodo list (outbound + inbound)?
     
  10. gambla

    gambla Registered Member

    Joined:
    Sep 4, 2007
    Posts:
    161
    Location:
    Frankfurt, Germany
    Yes, the ip is correct. CIS showing firefox, alg.exe, cmd.exe. That moment there is a "svchost" (network service) shown , will have look at it.

    edit : The svchost is ok, it's a connection of our IPTV receiver to the router. I'll have a look into the IPTV connection stuff regarding ports etc.

    Thank you all for your help !
     
  11. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Then PCFLANK is wrong... :)
    Try here for double checking and input your PCFLANK open ports.

    Cheers,
    Fax
     
    Last edited: Nov 7, 2010
  12. gambla

    gambla Registered Member

    Joined:
    Sep 4, 2007
    Posts:
    161
    Location:
    Frankfurt, Germany
    I guess you're right. Thanks. :)
     
  13. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    :thumb: You're welcome
     
Loading...
Thread Status:
Not open for further replies.