Was checking and monitoring the Firewall logs today for the latest CIS Beta 3.
What I observed Comodo was only blocking some of the same kind of things on Windows Operating systems. I am running with highest Firewall settings configured.
So my question is does Comodo Firewall is capable of only blocking this much network attacks or network instrusions only or it is capable of blocking more I mean blocking all other kinds of RDP Attacks, DOS/DDOS Based attacks, Port scanning attacks , Direct Exploit based attacks, Pentesting Attacks, OS Fingerprinting/masquerading based attacks and more new and old kinds of network attacks and hack attempts.
Please help with proper and appropriate answers, thanks.
Destination port was 20002 and source ports were multiple ports, Comodo Firewall successfully prevented the attack but my question is does the Comodo firewall also blocks all other kinds of RDP Attacks, DOS/DDOS Based attacks, Port scanning attacks , Direct Exploit based attacks, Pentesting Attacks, OS Fingerprinting/masquerading based attacks and more new and old kinds of network attacks and hack attempts. :
Port details as checked today , multiple attack attempts are being blocked by the firewall that’s great, but the question is does the Comodo firewall also blocks all other kinds of RDP Attacks, DOS/DDOS Based attacks, Port scanning attacks , Direct Exploit based attacks, Pentesting Attacks, OS Fingerprinting/masquerading based attacks and more new and old kinds of network attacks and hack attempts.
Filter loopback traffic: Loopback connections refer to the internal communications within your PC. Any data transmitted by your computer through a loopback connection is immediately received by it. This involves no connection outside your computer to the internet or a local network. The IP address of the loopback network is 127.0.0.1, which you might have heard referred to by its domain name of ‘http://localhost’. This is the address of your computer. Loopback channel attacks can be used to flood your computer with TCP and/or UDP requests which can smash your IP stack or crash your computer. Leaving this option enabled means the firewall will filter traffic sent through this channel. (Default = Enabled).
Block fragmented IP traffic - When a connection is opened between two computers, they must agree on a Maximum Transmission Unit (MTU). IP datagram fragmentation occurs when data passes through a router with an MTU less than the MTU you are using. When a datagram is larger than the MTU of the network over which it must be sent, it is divided into smaller ‘fragments’ which are each sent separately. Fragmented IP packets can create threats similar to a DOS attack. Moreover, fragmentation can double the amount of time it takes to send a single packet and slow down your download time (Default = Disabled).
Do protocol analysis- Protocol Analysis is key to the detection of fake packets used in denial of service attacks. Enabling this option means Comodo Firewall checks that every packet on whether it conforms to its protocols standards. If not, then the packets are blocked (Default = Disabled).
Enable anti-ARP spoofing - A gratuitous Address Resolution Protocol (ARP) frame is an ARP Reply that is broadcast to all machines in a network and is not in response to any ARP Request. When an ARP Reply is broadcast, all hosts are required to update their local ARP caches, whether or not the ARP Reply was in response to an ARP Request they had issued. Gratuitous ARP frames are important as they update your machine’s ARP cache whenever there is a change to another machine on the network (for example, if a network card is replaced in a machine on the network, then a gratuitous ARP frame informs your machine of this change and requests to update your ARP cache so that data can be correctly routed). However, while ARP calls might be relevant to an ever shifting office network comprising many machines that need to keep each other updated , it is of far less relevance to, say, a single computer in your home network. Enabling this setting helps to block such requests - protecting the ARP cache from potentially malicious updates (Default = Disabled).
Your router at home is the front end of your network protection and should block all of those attacks but doing the setup as described above will protect you in public wifi but it’s always advised to use a VPN for public connections where possible.
Many thanks for the information, already aware of this thing and have gone through this, from my past experience I can remember that Comodo firewall version v3/v4 in 2007/2008 used to block each & every kinds of network attacks and intrusions, so now it is 2024 and hope more improvements will be made and implemented in terms of the firewall and its protection capabilites so that it can be able to suucessfully block all other kinds of RDP Attacks, DOS/DDOS Based attacks, Port scanning attacks , Direct Exploit based attacks, Pentesting Attacks, OS Fingerprinting/masquerading based attacks and more new and old kinds of network attacks and hack attempts that’s that.
but still it failed on GRC Tests despite Comodo Firewall latest beta 3 installed and protecting the machine. I guess this is also a high risk security fix that needs to be implemented for the firewall component on the firewall stable release of Comodo 2024 as this is something very very important too considering the firewall and network protection module.
Same here check my post properly, I too have pings disabled at router level but still it failed in GRC Tests. This is a serious security bug in the firewall that needs to be fixed positively in the upcoming final stable release of CIS 2024 as it is very very critical for every user’s system protection at the firewall/network level.
GRC Test still only testing your router’s firewall as NAT and Firewall enabled. Run Stealth Ports Wizard to ensure your protect though Stealth Ports is default for Internet Security Configuration whereas Proactive is still stealthed but alerts you to incoming connections which you have to manually allow.
If you enable logging in the global block rules and then visit https://ipv6-test.com/ you’ll see in the logs that the pings are blocked if your filtering IPv6. I’ll post an example later when I get a minute.
P.S. Remember to re-run the stealth wizard after enabling IPv6 filtering so it adds the additional global rule.
I have checked everything, ipv6 filtering and all other settings are set to already enabled in the firewall but nothing works, this is a high risk and high security bug in the Comodo firewall itself that needs to be addressed as well along with other bug fixes and improvements as it is leaving user’s system vulnerable to attacks on the internet. Also protection against latest kind of RDP Attacks, DOS/DDOS Attacks, Buffer overflow attacks, Direct exploit based attacks at network level, pentesting attacks of all types, os masquerading attacks and other new & old kinds of network and firewall level attacks needs to be added & enabled in the final stable release of CIS 2024 as it is very very crucial for each and every users protection at the firewall/network level that’s that.
