Advice on port 137 please

Discussion in 'other firewalls' started by djg05, Jun 22, 2006.

Thread Status:
Not open for further replies.
  1. djg05
    Offline

    djg05 Registered Member

    I am just trying out the latest version of Comodo and am unable to activate it. Having eliminated my other layers of protection I discovered that it is being blocked in my firewall by a rule I created that blocks port 137.

    I have always read that that range of ports should be closed off, and if that is the case why is Comodo using that port to activate itself.
  2. Stem
    Offline

    Stem Firewall Expert

    Hi David,
    Port 137 is used for netbios,..Comodo does not use this port for activation,(well I have never seen this).... are you behind a router?
    This rule is in Comodo? or do you have another firewall installed/running?
  3. djg05
    Offline

    djg05 Registered Member

    Thanks Stem

    Yes I am behind a router. Looking at the log at the time I tried to activate I see this

    "Thu, 2006-06-22 21:59:18 - UDP Packet - Source:65.173.142.166,3381 Destination:xxx.175.xxx.xxx,137 - [Block_135- rule match]"

    The last address being mine. Maybe I am barking up the wrong tree but this is the only reason I can see that it is being blocked.

    The rule is one that I inserted that covers several ports around that region.
  4. Stem
    Offline

    Stem Firewall Expert

    Hi David,
    65.173.142.166 shows as "cable 7-166.Maysvilleky.net" is this your ISP (internet service Provider)?
    Have you another firewall installed?, This would cause problems.
    Last edited: Jun 23, 2006
  5. djg05
    Offline

    djg05 Registered Member

    Hi Stem

    No not my ISP. I am in the UK and starts in the 80 range. I did have Kerio installed but went through the registry after uninstalling in with RegSeeker and deleted all Kerio entries. Not having problems with any other program. For instance BOClean updates without problem, likewise my clock updater.
  6. Stem
    Offline

    Stem Firewall Expert

    Hi David,
    Very strange,... I have to go out for a couple of hours (work), but when I get back, I will install the latest Comodo (and run a network monitor) to see what is going on (to see if I have the same problem).
  7. Stem
    Offline

    Stem Firewall Expert

    Hi David,
    Sorry for the delay,...
    I installed Comodo, and activated:-
    There was a DNS query for "secure.comodo.net". The connections where (only) to 195.92.253.137:HTTPS.
  8. djg05
    Offline

    djg05 Registered Member

    Thanks Stem

    Don't worry about the delay - life gets in the way at times <g>

    It is reassuring that it is a benign connection.

    I have been trying it again this morning and now feel that that log entry was a red herring, since when I tried there was no log entry made yet it still refuses to connect, and there are none in Comodo either. Will have to do some more searching around on this m/c
  9. Stem
    Offline

    Stem Firewall Expert

    Hi David,
    The only thing that comes to mind is the possibility of the HTTPS connection being blocked. Have you set any rules that may block HTTPS (outbound TCP connection to remote port 443)
  10. djg05
    Offline

    djg05 Registered Member

    Hi Stem

    I have tried https on two other browsers and no problems.

    Set up a rule in Comodo to fire if port 443 was used and nothing happened when I tried activation. Maybe I will try installing it again.
  11. djg05
    Offline

    djg05 Registered Member

    I have reinstalled Comodo and it makes no difference.

    Tried it on my other computer and that activates without problem, so that rules out the router being a problem.

    Thought then I shut down each program and sys tray icon trying after each. When those ran out I ran Process Explorer and shut down the rest until I just had Comodo and Win components left. Still no effect.

    I am at a bit of a loss - even had a look in the BIOS but cannot see anything there that might affect it.
  12. Stem
    Offline

    Stem Firewall Expert

    Have you tried, DMZ the problem PC while activating (to see if the router is, for some reason blocking the outbound)
  13. djg05
    Offline

    djg05 Registered Member

    Sorry - can you explain that at bit more please.

    Both computers are connected to the same router so surely it will not treat them differently. I did not put in any m/c specific rules into the router.
  14. Stem
    Offline

    Stem Firewall Expert

    DMZ (demilitarize the problem PC IP, there will be an option to do this in the router, this will disable the router firewall for that PC, so make sure to change the settings back when tested) Once you have DMZ the PC, try to activate Comodo
    Each PC as its own IP, if the router bios/rules have somehow become corrupted, this can cause problems (you can also try connecting the problem PC to a different port in the router and/or change the problem PC IP (is this a fixed or DHCP?)
  15. djg05
    Offline

    djg05 Registered Member

    I had already changed the connection. Have now tried changing the address (use fixed addresses), and also tried the DMZ, all of which has no effect.

    The only thing that I can now think of is that there is something buried in the registry that is blocking it. I do keep a basis drive image of 2k that is my fall back in case Win gets too corrupted. Saves having to go through the install hassle. Even so there is still a lot of work to get it back to where I am, but looks like I should just try it to see what happens.
  16. Stem
    Offline

    Stem Firewall Expert

    Hi David,
    There is the possibility that the installer is corrupt, have you tried to re-download/re-install the ISScript installer? (if you have had previous versions of Comodo installed, then the old installer would of been left on your system, and may of become corrupt)
  17. djg05
    Offline

    djg05 Registered Member

    Thanks

    I Did do a fresh d/l and that made no difference.

    My roll back to a Win partition of last year was of no use. Either whatever was causing it was already installed or there is a problem with my particular m/c.

    I think I have now given enough time to it and have gone back to Kerio. At least that works without problems. I will wait and see how Comodo develops.

    I do appreciate all the time you have given. I have learnt a bit more so all has not been in vein.
  18. Stem
    Offline

    Stem Firewall Expert

    Hi David,
    Its a pity we could not resolve this,.. I would of liked to of found out what was causing this.
    Comodo has a beta version out, have you tried that? (I know they where going to (dont know if they have) change the installer which may help?)
  19. djg05
    Offline

    djg05 Registered Member

    I think it is the same version but with their installer. As I understand the installation with me is not a problem, it is just the communication afterwards with their server - but I could be wrong.

    Edit - just read that it is a bit different

    If you think it worthwhile I will try again. Is there any monitoring s/w I can use whilst it is trying to connect?

    After a new install there is a delay whilst it tries to connect, ie the graphics work for a few seconds, but a retry will bring an instant denial. There is nothing interferring with the connection outside my router as has been proved by my other m/c. Incidentally my the pop ups are driving my Wife mad as she does not understand them and it does not seem to learn, so will have to take it off hers.
  20. Stem
    Offline

    Stem Firewall Expert

    Hi David,
    If you dont mind, yes, please try again to see if we can find the problem.
    There are 2 monitors (there are of course others) that I use the most:-
    Port Explorer
    Packet Analyzer
    I have full versions of these, but you can download "trial" versions that you can use to monitor.

    EDIT:
    What you want to look for (during activation of Comodo), is first,.. outbound:remote 443,.. to see if the connection is being attempted
    Last edited: Jun 24, 2006
  21. djg05
    Offline

    djg05 Registered Member

    Hi Stem

    Well, I am getting way out of my depth now. Firstly Port Explorer continuously updates and I cannot see anything specific going on. With Packet Analyzer it does not show any action. This is confirmed with Active Ports (I know much simpler) but no activity is shown.

    I am sure that it is not getting anywhere near connecting out, and on that basis I tried to find a program that would trace the program action. The only one I can find is called Trace Plus
    http://www.programurl.com/software-traceplus-win32-downloadnow.html

    This from the status view

    Time Process Thread Message Delta Time Relative Time
    12:37:15.113887 CPF (2276) 0x798 COM: Object created with CLSID {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (Microsoft HTML Javascript Pluggable Protocol) 1:54.649444 3:56.239261
    12:37:18.165752 CPF (2276) 0x960 Thread 0x960 created. 3.051865 3:59.291126
    12:37:18.189731 CPF (2276) 0x798 COM: Object created with CLSID {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (Microsoft HTML Javascript Pluggable Protocol) 0.023978 3:59.315105
    12:37:18.253786 CPF (2276) 0x960 Thread 0x960 exited. 0.064054 3:59.379160
    12:37:18.275002 CPF (2276) 0x798 COM: Object created with CLSID {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (Microsoft HTML Javascript Pluggable Protocol) 0.021216 3:59.400376
    12:37:24.037713 CPF (2276) 0x968 Thread 0x968 created. 5.762710 4:05.163087
    12:37:24.095182 CPF (2276) 0x968 COM: Object created with CLSID {F6D90F16-9C73-11D3-B32E-00C04F990BB4} (Msxml2.XMLHTTP) 0.057469 4:05.220556
    12:37:24.190180 CPF (2276) 0x968 COM: Creation of CLSID {00000000-0000-0000-0000-000000000000} failed (E_INVALIDARG) 0.094997 4:05.315554
    12:37:24.335726 CPF (2276) 0x87C DLL: Loaded module 0x7B30000 (E:\WINNT\system32\dcsws2.dll). Version: * 0.145545 4:05.461100
    12:37:24.394608 CPF (2276) 0x968 Thread 0x968 exited. 0.058882 4:05.519982


    I'll put the others in a PM to you.
  22. Stem
    Offline

    Stem Firewall Expert

    Hi David,
    A quick (very simple) test to see if your problem PC can comm via SSL (HTTPS).
    Go to http://www.grc.com/port_443.htm part way down the page you will see "Click the link below to view this page via SSL:" Please try this with Comodo active. (does the HTTPS page show, or is there an error?)
  23. djg05
    Offline

    djg05 Registered Member

    Yes, no problem with that. As I said before, I am sure it is not even getting as far as connecting out as the report I sent showed

    Edit
    Misread your thread. I can get the http page ok. With Mozilla and Firefox I get grc.com etc cannot be found. With Opera Proxo and Opera come up with queries about the site certicates. If I accept them then the page loads ok

    Edit 2

    Opera considers the site unsafe as follows:-

    Opera has detected problems with the server's certificate:
    (1) The server name does not match the certificate name.
    (2) The certificate is not signed by a trusted authority.
    (3) The certificate has expired.
    Sending sensitive information through this connection is not safe!

    Edit 3

    Will get this right eventually

    If I connect direct with Opera it is fine and certificate is ok, so Proxo was causing the problem there
    Firefox is now working even though is does not go through Proxo
    Mozilla will not connect at all on a direct connection. Seems Comodo has locked its route in somehow
    Last edited: Jun 25, 2006
  24. Stem
    Offline

    Stem Firewall Expert

    I am not seeing/have any of these problems (even going through Proxo),... This is certainly a puzzle,...


    Download and re-install Windows Script see if that helps with the Comodo registration
    Last edited: Jun 25, 2006
  25. djg05
    Offline

    djg05 Registered Member

    You have to run a validation program from MS. Tried that but it says

    "This version of the Windows Genuine Advantage validation tool is no longer supportes. Please d/l the latest version........"

    Not much I can do about that since I am getting it from MS. I am running 2k so maybe it does not work on that.
Thread Status:
Not open for further replies.