Question about stealthing.

Discussion in 'other firewalls' started by Doc Serenity, Aug 1, 2007.

Thread Status:
Not open for further replies.
  1. Doc Serenity

    Doc Serenity Registered Member

    Joined:
    Apr 4, 2007
    Posts:
    105
    Hi everybody.
    I'd like to be able to understand this.
    I use XP Pro w/SP2.
    D-Link router hooked to cable broadband.
    I know when I test for leaks and stealthed ports I'm really testing either the cable company or the router.
    So I go to PC Flank and pass all of their tests. I'm locked down tight.
    Except that when I use their Quick Test it finds four ports open.
    Why do I pass all the other test at PC Flank and fail their Quick Test and how do I fix this?
    I have tried this with a bunch of software firewall including Comodo.
    Thanks for my continuing education.
     
  2. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,637
    Hi Doc Serenity :)

    At first glance this looks like a router setup problem...

    First question (may be a stupid one but somebody have to aks it ;) )

    Did the Linksys router was provided by your ISP OR it is connected to a modem provided by the ISP ?
    If so, is it possible that the ISP modem is actually a modem-router o_O

    If it's the case you have two router: may be the problem comes from this weird setup...

    Check the documentation of this modem provided by the ISP or contact them to know more about this...

    Some ISP may filter some ports for you.
    When this happen these protected ports are stealthed not closed or open.

    An easy way to check this is at grc.com (Gibson research Shields up).

    www.grc.com
    go to the Shields up test
    choose "all services ports"
    check the information "Detecting Ports Blocked by Your ISP" ...

    Hum... PCFlank tests. IMHO that's was a good site for testing...

    Check again but this time at gibson research
    Shields up test
    all service ports

    And give us the results (Which port are closed of open...)

    Hope this help. Let us know.

    :)
     
  3. Doc Serenity

    Doc Serenity Registered Member

    Joined:
    Apr 4, 2007
    Posts:
    105
    Climenole,
    I turned off the firewall in the D-Link router and turned off the Online Armor firewall.
    GRC stealth tests remain the same. I'm stealthed.
    PC Flank tests remain the same. I'm stealthed.
    My cable broadband isp is blocking the tests.
    However, I still have ports 135, 137, 138 and 139 visible when I use the PC Flank Quicktest.
    I've tried this with a bunch of different firewalls and get the same results.
    So how do I stealth these ports?
    And why do I pass the other tests and fail the Quicktest?
    Thanks.
    Doc
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I would tend to think that the PC Flank Quicktest was giving you bogus results.. I do remember running the PC Flank tests and getting silly results in the past when other test sites showed that I was 100% stealth. If you test out ok on other sites, then I would simply disregard your Quicktest results and call it a day. You're probably fine...
     
  5. TraCKs

    TraCKs Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    36
    Location:
    Australia
    I wouldnt take to much notice of PC Flanktest as you will find at the end of test, they are advertising Firewalls to buy. You can pretty much rely on GRC sheildsup. IMO...:)
     
  6. fce

    fce Registered Member

    Joined:
    May 20, 2007
    Posts:
    758
    i used grc firewall test

    my port are stealthed, but ICMP echo (ping) failed. I used recommended setting of CPF o_O
     
  7. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    If you have a router or modem/router combo, the router could be responding to the pings. If so, you need to set the router to not do ping replies...
     
  8. ZZZ

    ZZZ Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    13
    I am not defending PC Flank Test but my system passed all the set tests. However, the system is under the tightest packet-filtering rules provided by the ISP and the router with very tight rules.
    I may be wrong but are your "NetBIOS over TCP/IP disabled"? You can check it trough command prompt "ipconfig /all", assuming you are on Windows.
     
  9. fce

    fce Registered Member

    Joined:
    May 20, 2007
    Posts:
    758
    i dont have router.

    any idea how to configure that in Comodo so it will not do ping replies?
     
  10. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Nope, sorry, I'm not familiar with Comodo, but I'm sure one of the other folks here knows Comodo and can help you... or perhaps the Comodo forum also..
     
  11. Doc Serenity

    Doc Serenity Registered Member

    Joined:
    Apr 4, 2007
    Posts:
    105
    Thanks everybody for helping. I'm thinking the test might be unimportant.
    ZZZ, I went to ipconfig but saw nothing about Net Bios over TCP/Ip.
    IP Routing is disabled and so is Wins Proxy, if thats what you were referring to.
    Regards.
    Doc
     
  12. ZZZ

    ZZZ Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    13
    I see. Then, I'll leave it your own judgment.
    No. I wonder if it doesn't show NBT over TCP/IP if it is not disabled. o_O

    I think you have already made up your mind but just in case someone might be interested, I'll leave info on how to close these ports you mentioned.

    The easiest way is probably to use utility such as WWDC but if you would like to do it manually for some reason, please read on:
    Closing Port 135
    From Microsoft Knowledge Base
    Closing Port 137-139
    Petri IP Knowledge Base
     
  13. Doc Serenity

    Doc Serenity Registered Member

    Joined:
    Apr 4, 2007
    Posts:
    105
    ZZZ,
    I tried the WWDC. It closed everything except the Net Bios ports.
    The WWDC box shows a yellow exclamation point and states that Net Bios will be closed after reboot.
    6 times later it still says that.
    When I click on the WWDC desktop link I get a pop up saying I'm protected and all ports are closed.
    Nope.
    And I still fail the Quick Test at PC Flank.
    However, I did go down to failing for only port 135 once.
    But now I'm back to failing the same 4 ports. 135, 137, 138 and 139.
    Removed all 3d party firewalls and HIPS.
    Checked the settings for Network Magic.
    Nothing is making a difference.
    And what still drives me nuts is that I had the same isp, the same modem, the same router months ago and passed all these tests with no problems.
    What I meant about thinking that the test was flawed was simply that others were expressing that thought.
    Hope somebody can help.
    Oh-I did check again in ipconfig/all.
    There is nothing there for NBT over TCP/IP.
    Thanks.
    Doc
     
  14. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Doc, just out of curiosity, what results do you get when you go and test at Grc.com for example?
     
  15. ZZZ

    ZZZ Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    13
    According to an earlier post, Doc's system seems to have passed GRC tests all right.
    @Doc
    What struck me as odd is that these ports should be covered by any decent personal firewall in the first place. Also, I cannot see the reason why my system passes all the set PC Flank tests while some people's systems don't. Furthermore, I cannot figure out why your system passed PC Flank Quick Test once with the ports except 135. If PC Flank is intentionally doing this for marketing purpose, then, why do they do it in this idiosyncratic way? I am sorry, Doc but I am totally puzzled here. :(
     
  16. eniqmah

    eniqmah Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    391
    The Net bios ports can be closed with an utility called seconfigxp.
     
  17. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Thanks, just remembered he said Grc was ok and stealthed..

    In my opinion, PC Flank is just flakey and not to be relied upon or taken seriously..
     
  18. Doc Serenity

    Doc Serenity Registered Member

    Joined:
    Apr 4, 2007
    Posts:
    105
    Thanks everybody for all the help.
    WWDS doesn't do the trick. I had the same problem as ZZZ with the Net Bios in yellow and never did get closed.
    Seconfig XP did not work either according to PC Flank.
    I've removed my D-Link router and the reults are the same as with it.
    My ip address is for my pc, not my ISP. It's the ip that I see in ipconfig.
    So nows a good time to hookup the router again and find an effective way for a novice to properly secure my pc.
    Regards.
    Doc
     
  19. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    With referance to the PCFlank quicktest. I have just been to check, this informs me I have port 139 open,... lol, this is NOT possible on my setup. So the test is flawed/faulty, and requires attention by the site admin. (I was also amused at the fact that port 139 was not scanned by this "test")
     
  20. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    Thanks for confirming my sentiments/suspicions Stem.. I think PC Flank is definitealy flakey and not to be trusted at the moment... Actually, it has been this way as long as I can remember too, for years in fact.. always odd results that aren't consistent with other test sites...
     
  21. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I would certainly agree that this needs serious attention by PCFlank. I have been going through my logs made from this test, and it just doesn`t add up correctly.

    Regards,
     
  22. Doc Serenity

    Doc Serenity Registered Member

    Joined:
    Apr 4, 2007
    Posts:
    105
    Thanks everybody for your help.
    Stem, I was thinking the test was flawed, but then so is what's left of my brain.
    You've helped a lot.
    Regards.
    Doc
     
  23. wat0114

    wat0114 Guest

    Someone correct me if I'm wrong, but check Comodo's "Network Rules" and make sure ICMP, echo reply, is set to in only, not out.

    Either that, or look for a "global rule" where you have the option of disabling "reply to pings".
     
  24. Bls440

    Bls440 Registered Member

    Joined:
    Jun 22, 2007
    Posts:
    82

    A Default configuration on a clean comodo's installation already fully stealths your computer (successfully passes grc & pcflank tests, which include ping replies)

    Cheers ;)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.