Comodo firewall: Inbound policy violation

Status
Not open for further replies.

Sridhar_Rao

In the zone
I am using comodo firewall, things were fine until recently. I am fed up of inbound policy violation resulting in access being denied. Some of the traffic is inbound from ip address such as 52.92.190.19 some from 192.168.1.1. I don't understand what is going on, but I am plagued by loss of internet connection due to access being denied by comodo.
Here are few messages from log:

Date/Time :2007-12-15 21:03:13
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 59.92.190.19, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 59.92.190.19:3130
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 5


Date/Time :2007-12-15 21:16:36
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = ECHO REQUEST)
Protocol:ICMP Incoming
Source: 192.168.1.1
Destination: 192.168.1.4
Message: ECHO REQUEST
Reason: Network Control Rule ID = 5

Date/Time :2007-12-15 21:16:36
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.4
Destination: 224.0.0.22
Reason: Network Control Rule ID = 5

Why is this happening and what can be done to solve whatever the problem is? Here is the screenshot of the log
*www.microrao.com/comodo.gif
 
Last edited:

victor_rambo

हॉर्न ओके प्लीज़
I think, somebody was trying to ping your PC (ECHO REQUEST). By pinging, one can find if a PC is protected by firewall or not.

Do you have an options such as 'Don't show this next time'? This may prevent the pop-ups.

And how is Comodo blocking internet access?
Did you disallow the browser access to internet?

You should ignore such attempts to intrude into your PC as long you keep your firewall updated. There are hundreds of attempts made over a PC everyday by hackers who choose their victim at random by pinging PCs.
 
OP
Sridhar_Rao

Sridhar_Rao

In the zone
Thanks Rohan, I don't know what happens after the access is denied to the incoming request but the firewall blocks access to IE. There is a setting in comodo that states "how long should firewall stay in emergency mode when under DOS attack". I don't know what is happening in background but comodo does not let IE to browse any further. I am fed up of restarting the system. What can be done to let comodo silently block unwanted activities and let me work unhindered.
 

victor_rambo

हॉर्न ओके प्लीज़
Sridhar_Rao said:
Thanks Rohan, I don't know what happens after the access is denied to the incoming request but the firewall blocks access to IE. There is a setting in comodo that states "how long should firewall stay in emergency mode when under DOS attack". I don't know what is happening in background but comodo does not let IE to browse any further. I am fed up of restarting the system. What can be done to let comodo silently block unwanted activities and let me work unhindered.
Sometimes, the browser needs to accept connections initiated from the web inorder to work. This happens with me too but not as serious as with you. They may sometimes be due to malware too. Better to use some other browser such as Opera or Mozilla Firefox. See if you have some worms in your PC which may be generating that traffic.
 
OP
Sridhar_Rao

Sridhar_Rao

In the zone
My avast antivirus database is uptodate, I also ran lavasoft adaware, spybot search & destroy (all updated) and no malware were found. why is comodo blocking internet traffic and what can be done about it. I am surprised why some sites (running before comodo blocks some) continue to function even after other traffic is blocked (i can't access any other website)?

I tested my computer at *www.grc.com/x/ne.dll?bh0ciyl2

here are the results:

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2007-12-15 at 17:58:17

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------
what should I make of this report?
 
Last edited:

Faun

Wahahaha~!
Staff member
can u name those few websites u are not able to browse ?
Ur Comodo firewall version seems to be 2.X
 

victor_rambo

हॉर्न ओके प्लीज़
In the comodo interface, go to Security > Application Monitor. The list of applications will be populated(this may take time). After the list populates, find iexplore.exe, click on it, and then click the Edit button(it nera the top of that list on right side). A box with permission settings would appear. In the general tab, select 'Ask' from the dropdown list.

Now IE will start prompting you for every connection it wants to make to the net. Choose carefully which you want to allow and which you don't want to.
 
OP
Sridhar_Rao

Sridhar_Rao

In the zone
Surprise...surprise, i checked the sites and they seem to be working. for example I ran a search "inbound policy violation" and i was displayed several results, when I clicked on them, nothing showed up, not even page not found errors. It happened with almost every other link. Then I used windows command to ping these websites and no data were returned, there was 100% loss of data. I assumed that these were due to internet blocked by comodo.
Some of the sites that were unavailable some time are all interestingly available now, was I wrong in assuming that comodo was behind all these or was the problem with ISP? Any guess?
 

victor_rambo

हॉर्न ओके प्लीज़
Offtopic:
@ Sridhar: I took the microbio quiz.......I think I must sit back and study real serious :D

Could be ISP or DNS problem, perhaps DNS.
 
Last edited:
OP
Sridhar_Rao

Sridhar_Rao

In the zone
Hi all, have a look at this thread in some forum *groups.google.com/group/comp.security.firewalls/msg/c288185b5ebbb540
 

a_tif

Journeyman
comodo firewall v3.0 is released

it takes care of its old problems

*www.personalfirewall.comodo.com/
 
OP
Sridhar_Rao

Sridhar_Rao

In the zone
I installed the latest version as it was released it was so buggy that I had to uninstall it and revert back to the older version.
 

a_tif

Journeyman
Sridhar_Rao said:
I installed the latest version as it was released it was so buggy that I had to uninstall it and revert back to the older version.

the firewall is better than that of v2.4 but tht new defence+ needs some configuring
 
Status
Not open for further replies.
Top Bottom