Should I worry with this log?

Discussion in 'other firewalls' started by Huwge, May 5, 2007.

Thread Status:
Not open for further replies.
  1. Huwge

    Huwge Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    405
    Location:
    UK
    Just trying out Comodo FW and see a long list in the log of Outbound Policy Violations. Does this mean I have a nasty ?

    Rats, just noticed the log only shows two... I had FW block all while I was out. The other part of the log shows dozens of Violations
     

    Attached Files:

  2. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi Huwge :)

    Outbound ICMP
    Source: 192.168.1.100
    Destination : 192.168.4.100
    Port unreacheable

    This ICMP packet = Icmp type 3 code 3 means only this:
    a port on the destination Ip Address 192.168.4.100 is unreachable for some reason by the PC corresponding to 192.168.1.100 ...

    Please note that these 192.168.*.* IP Addresses are reserved for your local network (or router)
    and they are not sent or received over Internet.


    The only ICMP type/code allowed over internet are normally:

    Type 8 code 0 : Echo outbound only
    Type 0 code 0 : Echo reply (to the previous "ping") inbound only
    Type 11 code 0 : Timeout (used by Trace route...) inbound only

    In a local network, on the client PCs, ICMP type 3 code 4 must be allowed in and out within the network (means "Fragmentation needed but a Don't Fragment flag is set.")

    All the other Icmp type/code have to be blocked by the firewall. Blocked and logged to help you to find some events happened in the Network.

    That's all. There is no malware here but only a network event blocked and logged. (a so-called "Violation" ...)

    This event can happen from time to time in a local network and over internet.
    In your example the ICMP warns you that some access was temporarely blocked into the network.
    If your network (or router) works, just forget this.

    Hope this help. Let us know.

    :)
     
  3. Huwge

    Huwge Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    405
    Location:
    UK
    Thanks for the reply but it was way over my head !!!!. I do have a Router though
     
  4. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi Huwge :)

    I'll try to keep things simple:

    this is only an ICMP signal happened locally and not between your PC and internet.

    May be a temporary timeout in the communications between your PC and the router. That's all.

    But your firewall call this a "Violation" ... :rolleyes:

    Keep smile!

    :)
     
  5. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    I'm guessing that somewhere in your configuration there is a rule (or rules) blocking communications to and/or from certain ports. However, like Climenole said, if you're not having any problems with Internet access, don't worry about it. And, you especially don't want to be altering firewall rules if it is over your head, as that could lead to holes in your protection. If you were to start having problems, then there are plenty of people here at Wilders who can help you configure your firewall rules.
     
  6. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi KDNeese :)

    I guess it's only a temporary "glitch" between the router and the PC.

    I have the same ICMP type/code from my DNS server (max. 10 time per 24 hours)...

    Nothings to worry about and it's the same with the Huwge system. If these ICMP warnings becomes too much frequent the best for him is to check the router/PC connection and the firewall setup. (But here we're talking about only a dozen of these Icmp warnings...)

    But I'm sure the firewall message is somewhat too "dramatic":

    "Access Violation" :rolleyes: for this... :rolleyes:

    Have a nice week end KDNeese

    :)
     
  7. simmikie

    simmikie Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    321
    pxconsole.exe belongs to Prevx1. for some reason you have it blocked from checking in with the community database or checking for updates.


    Mike
     
  8. Huwge

    Huwge Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    405
    Location:
    UK
    Like I said, I had the FW to block all while I was away, thats why Prevx is showing as blocked:)
     
  9. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Just curious, is the router or as I call it in ZA Pro the family Lan in the trusted or internet zone. Does Comodo FW assume the router is "trusted"?
     
  10. wat0114

    wat0114 Guest

    You need to create a Network Rule "ICMP Message is Port unreachable" Action=Allow | Protocol=ICMP | Direction=Out | Source Ip=192.168.1.100 | Destination IP=your Default Gateway
     
Thread Status:
Not open for further replies.