Author Topic: [at] IP 45.77.153.162  (Read 260 times)

Offline domo78

  • Comodo's Hero
  • *****
  • Posts: 381
[at] IP 45.77.153.162
« on: October 26, 2022, 02:54:34 PM »
W10 Famille - 21H1 - 19043.2130 / CFW : 12.2.2.8012

Hello,

In my global rules settings, I have the following rules for a very long time:
Allow – TCP – Out – To port= 4448  - To [at] IP= 199.066.201.016
Allow – UDP – Out – To port= 4447  - To [at] IP= 199.066.201.016
These [at] IP and ports are used by CIS.

I never had FW blocking on these 2 ports until now.

Since Friday 21, I have blocking on these ports to [at] IP 45.77.153.162 (this would correspond to fls.security.comodo.com).

I don't remember making a change in the FW settings.
CFW has of course not been updated; why all of a sudden, these accesses?

According to this document:
https://help.comodo.com/topic-463-1-1029-15796-Appendix-1a---Xcitium-Services---IP-Nos,-Host-Names-and-Port-Details---EU-Customers.html
FLS should use the same [at] IP as above.

If you have an explanation, I am interested.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5364
Re: [at] IP 45.77.153.162
« Reply #1 on: October 27, 2022, 10:15:24 AM »
Blocking how? What proof do you have that it is being blocked by the firewall?

Offline domo78

  • Comodo's Hero
  • *****
  • Posts: 381
Re: [at] IP 45.77.153.162
« Reply #2 on: October 27, 2022, 10:38:03 AM »
attached is a screen shot

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5364
Re: [at] IP 45.77.153.162
« Reply #3 on: October 27, 2022, 11:51:13 AM »
Your global rules don't have an allow rule for that IP address that is being blocked. Instead you have allow rules for the 199 address and blocking rule for all other requests. You need to change the allow rules destination address to any to allow all outgoing to those ports.

Offline domo78

  • Comodo's Hero
  • *****
  • Posts: 381
Re: [at] IP 45.77.153.162
« Reply #4 on: October 27, 2022, 03:39:09 PM »
I know perfectly well that the rules allow the use of ports 4447 and 4448 only for the [at] IP 199.066.201.016 and not for the [at] IP 45.77.153.162.

As I wrote in my first post these rules have been in place for a long time, more than a year, and there was never a block on these ports before October 21.
I am trying to understand why suddenly since October 21 there are access attempts on these ports and a priori by FLS which is a function of CIS knowing that CIS has still not been updated.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek