DoS and DDoS Attack

dyego1991 · August 2, 2011, 11:04pm

The Comodo firewall have protection against DoS and DDoS? and how active?

DonZ · August 5, 2011, 12:15am

I asked this question in the CIS forum a while back and never did receive a yes/no response.

Prior to ver. 5, there were DoS settings in the firewall such as amount of time to block an attacking IP, etc. These settings do not exist in ver. 5 firewall settings. Therefore I can only assume that ver. 5 does not protect against Dos and DDoS.

Hopefully, your router protects against denial of services attacks and those settings are enabled.

Citizen_K · August 5, 2011, 12:24am

The v3 series used to have some elemental attack detection settings but were removed with v4 and did not return.

Jacob · August 5, 2011, 12:55am

As The Version v4.x and 5.x The Extra DDOS Settings Can Be Found/Modified Via *.cfgx

You Modify The Configuration File at Your Own Risk Loading a Modified Configuration File Can Result in a disaster.

Copy/Export a Configuration File and Open Up In Notepad then edit accordingly and Once Done Save it and Import It via “Manage My Configurations in CIS”

(Wished that Comodo kept the extra setting via GUI )

miloszcz · August 5, 2011, 10:43am

these settings should be manage via gui, i agree.

Radaghast · August 5, 2011, 11:29am

As Jacob mentioned, the settings controlling various ‘flood’ attacks, are still present, there’s simply no GUI. To see and edit the settings, you can either edit any or the configuration (.cfgx) files, found in:

C:\Program Files\COMODO\COMODO Internet Security

COMODO - Firewall Security.cfgx
COMODO - Internet Security.cfgx
COMODO - Proactive Security.cfgx

See image 1

Or edit the registry:

HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\3\Firewall\Settings

See image 2

Although it’s possible to change these settings, unless you understand the consequences of any changes you make, you could damage your installation or otherwise prevent the firewall from behaving optimally.

If you’re using Windows 7, the tcp/ip stack has been ‘hardened’ in a way that counters various ‘flood’ attacks. if you’re using Windows XP, you can find additions information about hardening here. For additional protection, make sure you’re behind a router that implements ‘flood’ protection.

[attachment deleted by admin]

DonZ · August 5, 2011, 9:42pm

Thanks, guys! Glad that issue is resolved.

I recommend a brief FAQ posting in CIS forum since the question comes up a lot with the GUI options removed in ver. 5.