Firewall Events Query

Discussion in 'other firewalls' started by John Bull, Mar 19, 2010.

Thread Status:
Not open for further replies.
  1. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    See :-
    http://i876.photobucket.com/albums/ab327/johnbull17/Firewall.jpg

    This is from my recently installed Comodo IS-V4. These blocked identical events occur every few seconds - there are hundreds of them in a session.
    Surely it cannot be normal traffic ?

    Can somebody please explain what they mean and tell me precisely how to get rid of them ? I do not know how to configure Comodo to stop them. Is it some kind of Loop-back problem ?

    Thank you folks
    John Bull
     
  2. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
  3. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    I have read the link :- http://www.linklogger.com/UDP67_68.htm posted by Mvario and it is very educational. But I still do not know how to stop this Comodo firewall from eventing the UDP shown on my example every few seconds.

    Recap :- http://i876.photobucket.com/albums/ab327/johnbull17/Firewall.jpg

    I have entered this Loopback :- http://i876.photobucket.com/albums/ab327/johnbull17/NetworkZone.jpg

    BUT, it makes no difference, the damned thing just keeps plodding on with it`s eventing.

    Can anybody please tell me what to do in order to stop this firewall obsession with the 255 thingy ?

    Not interested in the theory, just what to do to stop it. Put my finger on the trigger and I`ll pull it.
    John Bull
     
  4. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    Sorry, I don't have any experience with Comodo firewall so I can't give you any advice on how to have it stop logging or ignore bootp stuff. Have you tried asking on the Comodo forums?
     
  5. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    PROBLEM SOLVED

    Thanks to mvario for this link :- http://www.linklogger.com/UDP67_68.htm plus a good look at the Comodo HELP guide and a couple of strong beers, I have solved this DHCP, UDP ports 67 & 68 problem that has been pinging my firewall every few seconds and generating a mammoth log.

    To me, Comodo Firewall Pro Free is the best firewall on the market by a very long shot. I would never consider any other firewall unless I was forced to. Comodo is not for the faint hearted, it is versatile, comprehensive and requires a reasonable technical knowledge plus a good amount of PC experience. It is not for dear old Granny who only uses the PC for shopping online at the local supermarket.

    Now for the solution :-
    Problem was :- http://i876.photobucket.com/albums/ab327/johnbull17/Firewall.jpg

    Solution is :-

    COMODO>My Network Zones, you get :-
    http://i876.photobucket.com/albums/ab327/johnbull17/NetworkZone100.jpg
    This shows My Network Zones with the required Network Zone added i.e the offending firewall log.
    To enter this Network, go to Add>A New Network Zone - a small panel asks for a Network name - give it one, you can call it what you like - a chose Loopback. You then get a panel asking for the address details :-
    http://i876.photobucket.com/albums/ab327/johnbull17/NetworkZone300.jpg

    Enter the offending firewall details as shown. Now the Network Zone has to be "trusted".

    Firewall>Stealth Ports Wizard. You get this :-
    http://i876.photobucket.com/albums/ab327/johnbull17/StealthPorts.jpg

    Select item 1. Panel :- http://i876.photobucket.com/albums/ab327/johnbull17/NetworkZone200.jpg
    comes up. Item 1 plus drop down Network Zone tab and the offending firewall ping log is now "trusted", APPLY and it will not be logged again.
    This procedure can be used for any "trusted" firewall network that you do not want logged. No limit to the Networks added.

    Get behind me Satan. Gee, life is now so sweet.

    John Bull
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Following your parable, you have got annoyed with Satan knocking on the door, so have opened it, allowed him/her in and given him/her coffee and cake.

    The first screen grab you show, shows blocked DHCP broadcasts, you have then not only allowed those broadcasts but also allowed any/all other traffic to/from that IP.
    If then, for example, you find your logs are filling from scans from some specific IP, what would you do?. If you follow your own direction (as with these broadcasts) would you set that IP as trusted?


    - Stem
     
  7. wat0114

    wat0114 Guest

    Three years ago (where'd the time go o_O ) this worked for me when I used Comodo for a bit:
     

    Attached Files:

  8. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Looks fine to me so far Stem. Maybe I have exorcised Satan, at least I do not have those pings polluting my firewall events every few seconds.
    As far as other pings are concerned, I do not intend to trust any of them, so the firewall can clobber them all, but this DHCP crap is nothing but a pain in the butt.

    My firewall events are great now, just recording what is necessary.
    Ain`t life grand ?
    John Bull
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Well John,

    I still do not understand why you would allow what was previously blocked just to stop the event being logged.

    They are now actually being allowed onto the IP stack.

    - Stem
     
Loading...
Thread Status:
Not open for further replies.