Shields UP firewall leaking/vulnerability test: https://www.grc.com/x/ne.dll?bh0bkyd2

Go to All Ports testing.

Attached is a screenshot of the result on my machine.

I like this firewall for its small size. However, as of now, I am not convinced this firewall is for me.

Regards,

There are rules for this:
Authorise identification for port 113
and the TCP : Authorize most common Internet services
and the UDP : Authorize most common Internet services for port 1024 to 5000.

You may deny for these rules or not validate them and see the result.
The ports are not open, so there is no danger.

My test at GRC was the same.
Which filtering rules do I change so that I don't have any blue squares when I run the firewall leaking/vulnerability test?
If the filtering rule says allow, do I uncheck that and check block?
Thanks in advance.

Are you also using a NAT router? If so then this is probably why port 113 shows up. GRC looks at the router first. If you do have a router you will need to redirect the port in the router settings and then you will get the stealth setting. I ran across this a few years ago. Now my router is stealthed, my adsl modem is stealthed and I use a firewall for leaks.

My test are about the same. Look 'n' Stop has a enhanced rule set that solves that problem. Will PC Tools provide the same rules if not how how to import rules? I do not see a option to import or export rulessets.

Hello,

I am reviving this thread because I have the same problem (ports 1024+ are closed, not stealthed). I tried blocking and/or unchecking the rules described in the quote below, but that only resulted in my not being able to get online ("Firefox cannot connect to server").

Is there a way in v. 2.0.0.9 to stealth ports 1024+? Thank you.

QUOTE:
"There are rules for this:
Authorise identification for port 113
and the TCP : Authorize most common Internet services
and the UDP : Authorize most common Internet services for port 1024 to 5000.

You may deny for these rules or not validate them and see the result.
The ports are not open, so there is no danger."

For closed port 113, just disable the: - TCP: Authorize IDENT Identification.

For the closed ports 1024-5000, edit the: - TCP: Authorize Most Common Internet Services, and place a remote port/range (80-443) into the rule.

Editing these rules in both the Internet Zone and the Trusted Zone in v. 2.0.0.9 and subsequent testing with Shields Up showed all ports stealthed.

My test are about the same. Look 'n' Stop has a enhanced rule set that solves that problem. Will PC Tools provide the same rules if not how how to import rules? I do not see a option to import or export rulessets.

U can import rules in the packet filter settings page. There is a button at the bottom of the GUI for this

i tried making the suggested changes, and the firefox web browser could not get online. as a metter of fact, none of my internet applications could! i had to uninstall and re-install the firewall and not change anything for firefox and other internet apps to get back online.

Quote: "For the closed ports 1024-5000, edit the: - TCP: Authorize Most Common Internet Services, and place a remote port/range (80-443) into the rule."

Hi, mango.

After I check "Where the remote port is" and define the range as 80-443 under Internet Zone > "TCP/UDP: Authorize most common Internet services" and under Trusted Zone > "TCP: Authorize most common Internet services," I can no longer get online. I get a "Cannot connect to server" error in Firefox.

When I define remote port range 80-443 only under Internet Zone > "TCP/UDP: Authorize most common Internet services," I get the same result.

When I define remote port range 80-443 only under Trusted Zone > "TCP: Authorize most common Internet services" and then I take the Shields UP!! test, ports 1024+ are still closed (not stealthed).

Am I missing a step?

Hello, Simus1. I'm sorry my advice wasn't more helpful. :( Here are a few screen caps of the rule I edited.

I only placed the remote port range in "TCP: Authorize most common Internet services". (Both Internet and Trusted Zones).

I think if you place a remote port range in both TCP and UDP you will block your internet connection, because I did just that while I was trying to stealth all of the ports.

Edit this rule in both Internet and Trusted Zones:
http://img.photobucket.com/albums/v126/hlh70cloud99/PCTFWIZ1.jpg

This is how the rule should look for the Internet Zone:
http://img.photobucket.com/albums/v126/hlh70cloud99/PCTFWIZ2.jpg

This is how the rule should look for the Trusted Zone:
http://img.photobucket.com/albums/v126/hlh70cloud99/PCTFWTZ1.jpg

I do hope this is of some help!

sorry...i tried the instructions using the screen shots, and still didn't get true stealth on the GRC tests. the good news is that i didn't lose my internet connection...yet.

mango, thank you for the screenshots.

I just started using PC Tools Firewall Plus and version 2.0.0.9, and some of the settings/rules in this new version seem different from your screenshots.

Everything is pretty much the same in "Trusted Zone" (except for the addition of a rule for Vista), but "Internet Zone" only has the options "TCP/UDP: Authorize most common Internet services" and "TCP/UDP: Authorize most common Internet services (Vista)"; that is, the protocol under these 2 rules is listed as "TCP or UDP"; there are no separate rules for TCP protocol and UDP protocol. When remote port range is defined as instructed for either or both of those rules (Vista and/or non-Vista), internet connection is lost.

When remote port range is defined only under "Trusted Zone" "TCP: Authorize most common Internet services" and/or "TCP: Authorize most common Internet services (Vista)," ports 1024+ are closed, not stealthed.

Ports closed not stealth ,here as well.Hope someone will soon make advanced rules for importing,as in look n stop

We are aware of the fact that the rules
1. TCP : Authorize IDENT Identification
2. TCP : Authorize most common Internet services
3. TCP : Authorize most common Internet services (Vista)

causes us to fail the stealth test.

I would recommend disabling (un-tick) the rule (TCP : Authorize IDENT Identification) and we will do it in our next release (in the Internet Zone rules)

Regarding the other two rules, these ports that we open are used by application that the user had activated so the idea is:
If the user had activated these applications he would probably want them to access the Internet so the rules should be there
If the user will not allow the application to access the Internet the filtering rules won’t matter because the application will be blocked by the application level driver (TDI) in which its rules are in the Applications section.
If those applications are not working the fact that the ports are not blocked by the firewall is redundant because no one can actually penetrate your computer using those ports.

We have decided to address this issue anyway by doing as follows:
1. We will provide enhanced rules just like LnS so users can choose these rules instead of the current ones. I see this more as a workaround solution
2. Our next version (not the next build of this version) will be focused on Security enhancements like Thread and DLL injection etc in which we will also introduce a better and automated stealth system

hdavid and PC TOOLS,

Your continued efforts in developing PTFP are much appreciated! :)

For closed port 113, just disable the: - TCP: Authorize IDENT Identification.

For the closed ports 1024-5000, edit the: - TCP: Authorize Most Common Internet Services, and place a remote port/range (80-443) into the rule.

Editing these rules in both the Internet Zone and the Trusted Zone in v. 2.0.0.9 and subsequent testing with Shields Up showed all ports stealthed.

I think this block internet browsing because the dns port 53. Why if you put range 53-443 or even better, edit a new rule for DNS? I tried this and work.