Hi. I have a question. When I try to access my yahoo/sbcglobal email. It tells me I can’t. I log onto yahoo and click sign in, and it tells me the page can’t be displayed. Then when I click on diagnose, it tells me a firewall won’t allow it. How do I correct this problem?
Thanks,
Roberta
Roberta,
Will you do the following:
In CFP, go to Activity/Logs. Right-click an entry, and select, “Clear all Logs.”
Then try to access your yahoo account as normal… go thru the process as you have indicated.
Then go back to Activity/Logs. Right-click an entry, select “Export to HTML.” Save and reopen the file. Copy the entries surrounding this time frame, and Paste as text into your post here. You can edit your personal IP address, if it shows.
Then we’ll know more about what’s going on.
LM
PS: I moved your post where it would get better coverage for the problem you’re experiencing, and changed the Subject to better match.
Okay – here it is. I hope I did it correctly.
Date Created: 14:44:17 14-03-2007
Log Scope:: Today
Date/Time :2007-03-14 14:42:56Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 24.64.250.114, Port = 1028)Protocol: UDP IncomingSource: 24.64.250.114:20155 Destination: x.x.x.x:1028 Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:56Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 24.64.250.114, Port = 1027)Protocol: UDP IncomingSource: 24.64.250.114:20155 Destination: x.x.x.x:1027 Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:56Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 24.64.250.114, Port = 1026)Protocol: UDP IncomingSource: 24.64.250.114:20155 Destination: x.x.x.x:1026 Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 9450)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:9450 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 8031)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:8031 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 8000)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:8000 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 65506)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:65506 TCP Flags: SYN Reason: Network Control Rule ID = 5In the attackers’ world, this port is usually used by Trojan.Phatbot(65506)
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 65208)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:65208 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 6649)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:6649 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 55485)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:55485 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 553)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:553 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 554)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:554 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 4480)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:4480 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 4807)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:4807 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 3129)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:3129 TCP Flags: SYN Reason: Network Control Rule ID = 5In the attackers’ world, this port is usually used by Trojan.Master’s Paradise(3129)
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 35866)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:35866 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 3082)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:3082 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 27819)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:27819 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 29141)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:29141 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 24817)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:24817 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 22154)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:22154 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 29122)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:29122 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 29319)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:29319 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 13954)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:13954 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 1026)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:1026 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 444)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:444 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 3128)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:3128 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 8080)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:8080 TCP Flags: SYN Reason: Network Control Rule ID = 5
Date/Time :2007-03-14 14:42:36Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 60.216.233.69, Port = 7212)Protocol: TCP IncomingSource: 60.216.233.69:x11(6000) Destination: x.x.x.x:7212 TCP Flags: SYN Reason: Network Control Rule ID = 5
End of The Report
Well, we’ll work on that… 
Looks like you changed the file to text, then copied/pasted it; doing so removes the formatting, and makes my head hurt. ;D I cleaned it up a little, and edited your personal IP address to preserve your privacy.
Now I’ll take a deeper look to see what I see…
To help clarify the process a little, are you going to www.yahoo.com, then clicking the link on the right side for email?
If so, at what point in the process does it tell you the page can’t be displayed?
What browser (and version) are you using?
LM
Roberta,
Okay, here’s what I’m seeing:
The 24.x.x.x incomings are from Shaw Communications; this may be your ISP. Go to Start/Run, type in “cmd”. At the DOS prompt, type “ipconfig /all”. This will give you some IP address information. Look to see if that address is in there, as it may be one of their servers. Even if it is, that’s odd traffic to be seeing, as the logs indicate it is an unsolicited Inbound connection attempt. If it’s not there, but you do use Shaw, please contact them to ask about this; you will want to have the IP #, Port # (both Source & Destination), dates/times, etc.
The majority of the entries, from 60.x.x.x, are from the following:
1 60.216.233.69 Succeed China CNCGROUP-SD CNCGROUP Shandong province network 60.208.0.0 60.217.255.255 Yes CNCGroup Hostmaster No.156,Fu-Xing-Men-Nei Street, Beijing,100031,P.R.China abuse@cnc-noc.net abuse@cnc-noc.net +86-10-82993155 +86-10-82993102 APNIC This is China Network Communications Group Corporation.
I would be suspicious of this; not only the amount of log entries, but the fact that it’s coming from China as well. Unless you know that you were contacting that domain, that is…
All that said, I saw nothing in your logs that would relate to Yahoo! or SBCGlobal email. For those you should see an associated IP address in the 209.x.x.x range.
More specific information about the error message you’re getting when trying to access the email, browser, etc, will be helpful.
LM
Hello again,
Thanks for checking into this for me and correcting what I sent. Sorry for making your head hurt!
I am going to yahoo.com and clicking on the “check you mail status sign in”. Then it goes to:
Internet Explorer cannot display the webpage
Most likely causes:
• You are not connected to the Internet.
• The website is encountering problems.
• There might be a typing error in the address.
What you can try:
Diagnose Connection Problems
More information
When I click on Diagnose connection problems – a window pops up asking if I want to proceed. I click next and then it says: Network Diagnoses for windows xp cannot connect using HTTP, HTTPS, or FTP probably cause by firewall settings. Check the firewall setting for the ports. You might need to contact your ISP or manufacture of you firewall software.
My browser is internet explorer. I’m not sure what version.
Sorry if I sound stupid when it comes to firewalls, browsers, etc.
Thanks again,
Roberta
No problem, Roberta ~
My head only hurts (figure of speech) when trying to read everything all run together with no spaces or anything. Hard to sort out.
Thanks for the info.
Based on what you’re saying, it sounds like you might have Internet Explorer 7, as it has a diagnostic utility. I’ve attached a screenshot of IE7 running the connection diagnostic. See if that matches what your browser looks like. You’ll also see a popup from CFP regarding that connection attempt, for xpnetdiag.exe. If you were blocked and did not see such an alert, there should be a log entry showing that it was blocked for some reason. You will be looking for something like this:
Log Scope:: Today
Date/Time :2007-03-14 15:40:57
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (xpnetdiag.exe:10.0.0.2: :dns(53))
Application: C:\WINDOWS\network diagnostic\xpnetdiag.exe
Parent: C:\Program Files\Internet Explorer\iexplore.exe
Protocol: UDP Out
Destination: 10.0.0.2::dns(53)
See how easy that is to read? ;D Just giving you a hard time… (:WIN)
Also check your Application Monitor for an entry blocking xpnetdiag.exe; if it’s there, remove it, and reboot.
If it’s not there, do the following: Go to Security/Advanced/Miscellaneous. Check to make sure the top box, “Enable Alerts” is checked (it should be by default). Uncheck the 2nd box, “Do not show alerts for applications certified by Comodo.” Move the Alert Frequency slider to High or Very High. Click OK, and reboot. On reboot, you will see a lot of alerts asking to allow permission for applications (that may already be in the Application Monitor); you may Allow without “Remember” to avoid creating a lot of extra rules, as these alerts will be IP, Port, Direction, etc specific, based on that setting (after we’re done, you can change it back down to Medium or Low, and re-enable the Certified Comodo list as well).
Now try to access your email just as you did before, continuing to Allow without “Remember.” If you need to repair the connection, you should now definitely get a popup… Allow it to run, and see if that helps.
Also when you’re done, check the logs again, looking for IP addresses matching Yahoo, the 209.x.x.x range, and for an entry for xpnetdiag.exe.
LM