CFP3/Help Guide/Firewall Task Center/Stealth Ports Wizard

From ComodoWiki

Contents 1 Firewall Tasks > Common Tasks - Stealth Ports Wizard 1.1 Define a new trusted network - stealth my ports to EVERYONE else 1.2 Alert me to incoming connections - stealth my ports on a per-case basis 1.3 Block all incoming connections - stealth my ports to everyone

Firewall Tasks > Common Tasks - Stealth Ports Wizard

'Port Stealthing'  is a security feature whereby ports on an internet connected PC are hidden from sight- eliciting no response to opportunistic port scans. 

Note for beginners: Your computer sends and receives data to other computers and to the internet through an interface called a 'port'. There are over 65,000 numbered ports on every computer - with certain ports being traditionally reserved for certain services. For example, your machine will almost definitely connect to the internet using port 80 and port 443. Your e-mail application will connect to your mailserver through port 25.  A 'port scanning' attack consists of sending a message to each of your computer ports, one at a time. This information gathering technique is used by hackers to find out which ports are open and which ports are being used by services on your machine. With this knowledge, a hacker can determine which attacks are likely to work if used against your machine.

Stealthing a port effectively makes it invisible to a port scan. This differs from simply ‘closing’ a port as NO response is given to any connection attempts (‘closed’ ports respond with a ‘closed’ reply- revealing to the hacker that there is actually a PC in existence.) This provides an extremely high level of security to your PC. If a hacker or automated scanner cannot 'see' your computers ports then they will presume it is offline and move on to other targets. You will still be able to connect to internet and transfer information as usual but remain invisible to outside threats. Comodo Firewall Pro provides the user with  flexible stealthing options:

1. Click on Stealth Ports Wizard in Firewall Tasks > Common Tasks.
2. You have three options to choose from:
   
   

   

   Click the option you would like more details on:
   Define a new trusted network - stealth my ports to EVERYONE else
   Alert me to incoming connections - stealth my ports on a per-case basis
   Block all incoming connections - stealth my ports to everyone
   
   

   Define a new trusted network - stealth my ports to EVERYONE else

   Selecting this option means your machine's ports will be stealthed (invisible) to everyone EXCEPT those networks that you specify as trusted. To begin the wizard, click the 'Next' button'
   
   A dialogue box will appear asking you to choose the new trusted zone:
   
   
   

3. • If you have already configured a network zone then leave the upper option selected and choose your desired network from the 'Zone Name' drop down box and click 'Finish'. If you have not yet defined a zone you wish to trust, you can do so in the 'My Network Zones' area of the firewall.
     OR
     
   
   
   • To manually define and trust a new zone from this dialog box , check the box 'I would like to define a new network'

   
   
   
   Enter the IP range for the zone for which you want your computer to be visible - starting from the Start IP to the End IP (or specify a Subnet Mask) 
   
   Click 'Finish' to create the new Zone rule.
   
   
   
   If you wish to add more than one zone, simply repeat this wizard.
   
   Using the 'Define a new trusted network - stealth my ports to EVERYONE else' option will create a new trusted zone by adding the following rules in the 'Global Rules' interface:
   
   
   
   The specific parameters of the descriptive rule name above are:
   

   
   Allow | IP | Out | From Any IP Address | To <ZONE> | Where Protocol is ANY
   

   Allow  |  IP |  In | From <ZONE> | To Any IP Address | Where Protocol is ANY 
   If you would like more information on the meaning and construction of rules, please  click here
   

   Alert me to incoming connections - stealth my ports on a per-case basis

   You will see a firewall alert every time there is a request for an incoming connection. The alert will ask your permission on whether or not you wish the connection to proceed. This can be useful for applications such as Peer to Peer networking and Remote desktop applications that require port visibility in order to connect  to your machine.

   Specifically, this option will add the following rule in the 'Global Rules' interface:
   

   Block  |  ICMP | In | From Any IP Address | To Any IP Address | Where Message is ECHO REQUEST
   If you would like more information on the meaning and construction of rules, please  click here
   

   Block all incoming connections - stealth my ports to everyone

   Selecting this option means your computer's ports are invisible to all networks, irrespective of whether you trust them or not. The average home user (using a single computer that is not part of a home LAN) will find this option the most convenient and secure.  You will not be alerted when the incoming connection is blocked, but the rule will add an entry in the firewall event log file.  Specifically, this

   option will add the following rule in the 'Global Rules' interface:

   Block And Log  |  IP | In | From Any IP Address | To Any IP Address | Where Protocol is Any
   If you would like more information on the meaning and construction of rules, please  click here.