Hi, I'm Using SPF and It's been a while since I test it but I have a tendency to go back to ol habits Yesterday I took a ride at Shields Up to see if my machine was well hidden behind SPF and to my surprise, even when I had closed all the programs allowed to recieve connections from the net -warcraft and eMule- SPF had trouble letting go and the ports opened didnĄt show stealth, in fact they showed OPEN for a long time and then after that just CLOSED. What's most disturbing is that even adding a rule to the packet filtesr to avoid all ICMP, it kept answering all those nasty ping echo replies!!!
Any one has a solution to that??

Make sure your router is not blocking ping requests. My router does not have an option to forward these requests to my machine. But my router does have the "Discard Ping To WAN Interface" option, which I enable and now all my ports are stealthed.

With eMule and other incoming requests, check your router for any rules with port forwarding these requests. You might want to try using UPNP in your router if it is supported.

Thanks for the advice but is not the router that I'm testing, I put the firewall on the router's DMZ for the tests and run a Shield's up scan for ports I usually open with eMule. First the test was running with eMule open, then with it closed.
The firewall could not let go of eMule's status and kept showing the ports as open even 15 minutes after eMule was closed. I had to reboot to get the stealth status again.

The GRC shields up isnt really accurate of how secure you are, you could be fully stealthed but be terribly insecure. There is nothing wrong with allowing pings, it helps diagnose line faults etc. Don't read too much into GRC and its stealth report nonsence (plenty of articles available if you want to check on google)

True. GRC does not test many other known exploits, but it does show if your ports are being stealthed or not, especially ping (ICMP Echo).

MasterTB, you can also check your stealth status at: http://www.pcflank.com/scanner1s.htm. I also tested my machine within the DMZ of my router, but no matter what I tried, my router will always reply to ping requests sent to my current external IP address. The only way for me to stealth that port was to make the router ignore the ping packets via "Discard Ping To WAN Interface" option in the Firewall/Intrusion settings. Check your router manual to see if you have a similar option or try creating a firewall rule to forward the ping to an unused internal IP address.

As for eMule (I use MorphXT ver 10.3) , I checked if my ports where stealthed and they are. I have UPNP enabled on the router, in windows and in eMule, and then use a static internal IP address to set the field "Bindaddr emule to interface" in eMule MorphXT Extended Options. This allows me to have a very HighID and be stealthed aswell.

----My System----
Antivirus: NOD32 version: 2.70.39
Firewall: Customized Kerio based on version: 4.2.2
System Service: 4.2.2
User Interface: 4.2.2
Driver: 4.3.182
KFE API: 4.3.179
HIPS Driver: 4.3.182
BSODhook Status: Passed successfully!

Update!!. Just checked my uTorrent port (which is randomized each time) and the port was shown to be open using GRC. I think this is normal if you want incoming torrent connections. When I shutdown uTorrent the port was stealthed instantly and my machine is still in the DMZ of my router, so Kerio is doing something right .

Also checked my eMule and have found the TCP port (which is also randomized) to be open when eMule is running (i think this needed if you want a high ID). The UDP ports are always stealthed for some reason. This time the port was instantly closed (not stealthed) when eMule was shutdown.

Looks like I will have to check what Comodo does with P2P ports sometime soon.

Most of these online tests have one critical failure, and that is they are not accurate. At the end of the day whichever firewall you have installed, you are probably going to pass its test, and if you dont pass it, then the test is probably useless anyway (such as GRC).

1) if it didn't pass the firewall company would be releasing an update ASAP, and 2) the tests are very basic. I wouldn't read too much into any of them.. Whether your ports and stealthed or closed it makes little difference in the real world..

I have the latest version of SPF and did a test with GRC and another site and the results were not good.

Results from GRC:

Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.


Port 1028
Host
OPEN!
One or more unspecified Distributed COM (DCOM) services are opened by Windows. The exact port(s) opened can change, since queries to port 135 are used to determine which services are operating where. As is the rule for all exposed Internet services, you should arrange to close this port to external access so that potential current and future security or privacy exploits can not succeed against your system.


1026
Host
Closed
Your computer has responded that this port exists but is currently closed to connections.


Port 1026
Closed

Port 1028
Open

Port 1031 Closed

Port 1033 Open

Port 1043 Closed

HOW DO I STEALTH THESE PORTS USING SUNBELT PERSONAL FIREWALL?
SHOULD I ADD rules and if so which ones?

Thanks Captain, you actually answered my question to, I was having the same problem as the GUest. I allowed access to the Kerio GUI, I set them all to Allow Internet and Trusted. Thanks! And GUest, I hope this helps you too.

I actually d to uninstall Sunbelt because it was slowing my system down. I installed ZoneAlarm. But Thanks for your help!