Spyware, Viruses, & Security forum

General discussion

I have another Shields Up question..

by Larry38 / July 18, 2008 11:39 AM PDT

WXP Home IE7 SP2. Zone Alarm 7.0.483

I haven't checked my firewall in a long time, but it passed the Leak Test, however it failed Shields Up. All ports are closed but here is the test log.


----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2008-07-19 at 01:12:23

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
26 Ports Closed
0 Ports Stealth
---------------------
26 Ports Tested

ALL PORTS tested were found to be: CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

----------------------------------------------------------------------
Is there a setting out of place? Can I fix this? Or do I need a new Firewall?

Thanks
Larry

Discussion is locked
You are posting a reply to: I have another Shields Up question..
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: I have another Shields Up question..
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Larry, no solution for you...
by glenn30 / July 18, 2008 12:53 PM PDT

But here is a comparison of my tests. First I did a full scan of "All Service Ports", the first 1056 ports with these results:

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2008-07-19 at 02:39:30

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------

Then I did the "Common Ports" like you posted:

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2008-07-19 at 02:43:16

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------

Don't know if this helps but maybe you can see something that jumps out.

Good luck. I will be following your progress. Turning in for the night.

Glenn

Collapse -
Larry, hope you are finding some answers...
by glenn30 / July 19, 2008 12:07 AM PDT

Like others have mentioned my "gut" feeling, like Marianna to me, is ZoneAlarm is not the culprit. Although I am not using XP or ZA now, both worked well in the past and I always received a stealth report from GRC when using ZoneAlarm.

Just my opinion... as you most likely already know my recent problem involved a program that had opened a couple of ports. Once alerted by Marianna I was able to change that in the program settings.

Best of luck... I still want to follow your progress so I too can avoid whatever is that is opening your ports. Hope it is not necessary but if the issue cannot be solved in other ways a reinstall of the operating system and ZoneAlarm may be necessary.

I have always liked ZoneAlarm but for some reason cannot get it to work properly with my Vista... slows down shutdown on this machine.

Have a great weekend! Stay cool Grin

Glenn

Collapse -
Hmm...... I have the same version of ZA and
by Marianna Schmudlach / July 18, 2008 1:17 PM PDT
Collapse -
Larry, have a look in ZA.......
by Marianna Schmudlach / July 19, 2008 1:12 AM PDT

... Firewall > Zones.

Are BOTH settings on HIGH??

Collapse -
(NT) Both settings are on High.
by Larry38 / July 19, 2008 2:57 AM PDT
Collapse -
Hi Marianna
by Larry38 / July 19, 2008 2:05 AM PDT

Sorry for the delay, but went to bed after posting.

Here are the results of PC Flank.

Packet' type Status
TCP "ping" stealthed
TCP NULL stealthed
TCP FIN stealthed
TCP XMAS stealthed
UDP non-stealthed



Recommendation:

Install personal firewall software. PC Flank recommends Outpost Firewall Pro.

Looks like ZA is not working properly.

Collapse -
UDP non-stealthed
by Marianna Schmudlach / July 19, 2008 4:28 AM PDT
In reply to: Hi Marianna
Collapse -
Cable/DSL Routers - NAT, Open Ports, DMZ, SPI.
by Marianna Schmudlach / July 19, 2008 4:52 AM PDT
In reply to: Hi Marianna

Larry,

maybe you also have a look here:

http://www.ezlan.net/routers1.html

In these days many people use the Internet for variety of applications like: Home Web/Mail Server, Remote Control of other computers over the Internet, Online Games, etc.

Many of these applications work through ports that are closed by the Routers, and software Firewall. If you are using such applications you need to set the Router to work correctly with the Ports rules. The general terms used for this is Port Opening or Port Forwarding
.

Collapse -
Larry...
by Donna Buenaventura / July 18, 2008 1:22 PM PDT

>>>Is there a setting out of place? Can I fix this? Or do I need a new Firewall?
If we will ask Steve Gibson, his answer is at: https://www.grc.com/su/portstatusinfo.htm

but we need to ask another: Please try another online port scanner
http://www.pcflank.com/scanner1.htm
http://security.symantec.com/
http://www.derkeiler.com/Service/PortScan/

May I ask...
When Shields Up page is probing your computer, is it showing your "correct" IP? I'm asking because it won't give correct result if it is probing yours or ISP's NAT router (if any).

If you are positive that it is showing your correct IP address, please try the test again without other 'internet' application open except your firewall, antivirus and browser <-- that you will use to online scan using Shields Up.

Before you do that again, you might want to empty the temp files/cache.

I run the shield up using custom and all ports: Stealth is the result.

Collapse -
Hi Donna..
by Larry38 / July 19, 2008 2:55 AM PDT
In reply to: Larry...

I have a DSL router supplied by my ISP, which I must use.

"Shields Up" is using the "correct" IP.

I just ran CCleaner then went to PC Flank and posted the results above.

I'm going to try another Firewall, but have to go out first.

Will post back later.

Thanks
Donna

Collapse -
You can try to use Comodo or Online Armor Free
by Donna Buenaventura / July 19, 2008 3:45 AM PDT
In reply to: Hi Donna..

but you might want to give a try to find out what is causing your port scan result as closed instead of stealth, while ZA is installed.

>>>I just ran CCleaner then went to PC Flank and posted the results above.
I see you have non-stealth result also using PC Flank.

In an old discussion at ZoneAlarm forum, the ZA guru wrote:

"Open the ZA Program list and make all found under the Internet Zone Server column from blue Asks or green Check Allows to Red Xs.
Allowing server rights for the internet zone is actually opening ports to the internet.
"
http://forums.zonelabs.com/zonelabs/board/message?board.id=security&message.id=18762

Larry you might want to check the said section in ZA? Not sure if that still applies with the newer version of ZA Free but worth to try by checking your settings before you will try another firewall.

Also you might want to check your router's setting via 192.168.1.1 (the router's control panel)... to see if those ports are open in the router.

Collapse -
Possible Ping Solution
by ByBoomer46 / July 19, 2008 1:43 PM PDT

Larry38,
Like you I have a DSL modem supplied by my ISP. Does yours come with an hardwired firewall. If so, it is set too low. I also failed my first Shield's Up test because of answering ping requests.Then I read in one of the other forums here at Cnet that modems and routers can answer ping requests. So I went to my modems control page and found that it was in the off or Nat position. It has 4 positions,Off Low, Med. and High. I had to set it to medium before it stopped answering pings,but since then I've never have failed a test and this is with my Comodo Firewall turned off. I just took a couple of the PC Flank tests and passed them.
Now as for as your UDP problem I can't say why because I,m not knowledgeable
enough to answer. so try what Donna suggested and see what happens.
Also you might try 192.168.0.1 or .0.2 if the one Donna gave you doesn't work. Just type HTTP://and one of those numbers into the address bar and it should open the modem control page up.
If you want to get a copy of your modems operating manual,go to
ModemHelp.org and click Manufacturer support site and this will give you links to yours. But in case it's broken, do a web search.

Hope this helps
Almost forgot, I'm totally stealthed by my ISP, not my firewalls, although Comodo can stealth them.

Collapse -
(NT) Thanks for mentioning the panel addresses for the modem
by Donna Buenaventura / July 19, 2008 2:03 PM PDT
In reply to: Possible Ping Solution
Collapse -
Thanks for the reply Boomer...
by Larry38 / July 20, 2008 8:33 AM PDT
In reply to: Possible Ping Solution

Sorry I took so long to reply, but have been gone, actually looking at some new computers, as this one is 5 years old. I do keep it clean as possible.

I just tried all the IP's and none would pull up my modem control page also tried what Marianna and Donna has suggested.

I did some scans and even uninstalled ZA and reinstalled ZA, late last evening, nothing has helped yet.

I have tried Comodo some time ago, and it worked fine, would rather find my problem with ZA.

Since my ISP is my local phone co. I will call tomorrow and talk to a Tech. and find out some info. about my router. They are pretty good about trying to help, plus the fact I did not get any info. with the router they installed.

I have one other PC running off the router, that belongs to my stepson, and an old but good W98 PC just setting around, but not plugged in.

Thanks again, maybe I will know more tomorrow. I'm going to turn off ZA, and try just the windows one way firewall. Just kind of tinker around a little, maybe something will show up.

Larry

Collapse -
Larry...
by glenn30 / July 20, 2008 10:01 AM PDT

Have you run a Shields Up test when using the Windows Firewall. If so, am curious if it turned out the same as the ZA test. That might tell you if the issue is with the firewall or the other things you are following involving the router, etc.

Glenn

Collapse -
Hi Glenn...
by Larry38 / July 20, 2008 10:13 AM PDT
In reply to: Larry...

Got the same thing with the Windows Firewall, going to stop for now and watch some TV.

Will know more tomorrow, and will post then. I just have a feeling the router is the problem. Might get the ISP to bring me another one and try it.

Larry

Collapse -
Larry, it can ONLY be your router........
by Marianna Schmudlach / July 20, 2008 10:19 AM PDT
In reply to: Hi Glenn...
Collapse -
The Latest
by Larry38 / July 22, 2008 12:29 AM PDT

Marianna, I think you are correct that Shields Up is scanning my router.

Finally got a Tech. out here last evening, he checked my router and said it is working correctly, and that it is Firewalled and nothing should be able to penetrate it. The name of the router is "Netopia 2000"

I think these Techs.need some classes on Computer Security, when I started to talk about Leak Tests, Shields UP, Stealthed Ports, Ping Tests etc, he had NO IDEA what I was even talking about! I am going to get on my ISP and suggest that all their Techs, be given a course in Computer Security.

I have also tried a couple other firewalls, Comodo and Kerio, and have got the same results. The router must have a very good firewall. I think I will Google my router and see what info. I can find.

Thanks for Your Help. I assume my PC is protected. I also ran a bunch of scans, and nothing but normal everyday cookies.

Larry

Collapse -
Netopia 2000
by Marianna Schmudlach / July 22, 2008 2:12 AM PDT
In reply to: The Latest
Collapse -
Larry
by Donna Buenaventura / July 23, 2008 3:30 PM PDT
In reply to: The Latest

If you can adjust the router/modem's settings and all those popular firewall software gave you the same result and most important, if what you have (the router) is unsupported now, get a new one.

Linksys, Netgear or D-Link or other brand. Just use any that is supported and have an easy control panel for you to setup. Check also the return policy (in case the router/modem fails within 30 days) and the vendor's site if the model that you will buy is supported.

Collapse -
Another consideration..
by Carol~ Moderator / July 20, 2008 10:28 AM PDT
In reply to: Hi Glenn...

Larry..

I've always found the below to be a wealth of information:

http://www.dslreports.com/forums/all

Your provider's forum will probably be listed there. If so, I wouldn't be surprised to hear the same question has been asked there before. If not.. you've only wasted a few minutes. It couldn't hurt.

Carol

Collapse -
Hi Carol...Appreciate the Info.
by Larry38 / July 21, 2008 11:46 PM PDT

However my ISP is not listed. The reason is most likely because it is a small hometown Co-Op but it is growing.

Thanks "Sherlock"
Larry

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?