Without implementing any changes to my system, my firewall started to show Firefox traffic on port 53, UDP-Out. This has never happened before. The DNS request goes out every time I switch to another website. If this is the way it’s supposed to work? What was controlling this process before Firefox took it over? Has Comodo changed the predefined policies for the Web Browsers, or does this present some sort of security problem? This doesn’t make much sense…
Firewall: Comodo Version 3.5.54375.427
Browser: Firefox 3.0.7
System: Windows XP w/SP2
Don’t worry. That’s a normal thing.
DNS:Domain Name Server[service]
When you use your browser to surf website, you should type website address right?
Eg) When you connect www.comodo.com, you type www.comodo.com
Processing for the connection goes following orders.
1.type www.comodo.com into the address bar.
2.a browser sends UDP packet to DNS server via the port 53 first.
(This UDP packet has this kind of information ‘show me the IP address for www.comodo.com’,
and then connect me to that web site)
3.DNS server starts to match IP address for www.comodo.com.
4.you will get 'www.comodo.com’s actual IP 91.199.212.132
5.then your browser can be connected to www.comodo.com web site.
6.If you change the address to other websites, it’s repeated.
Why do that?
Whenever you connect on internet with a browser, it is always shows you HTTP on the address bar.
It’s called ‘HyperText Transfer Protocol(HTTP)’.
DNS server’s fucntion is matching and changing web address to IP.
You browser shows you wtww.comodo.com, but actually your browser recognizes website with IP address
inside of the browser.
Why do this?
Because it’s the internet protocol rule. Think, it’s hard to remember all of IP address with numbers right?
But we can remember text easly.
Now you will have a question ‘ok, then why comodo firewall observes DNS port?’
Because there is ‘DNS Manipulation attack’. If a hacker attacks your PC with DNS Manipulation attack,
your browser takes you to the other website even if you type www.comodo.com in browser.
The hacker can take you to the ‘Pishing Website’
After then?
Horrible things will be happened.
I’ve forgot to tell you something important.
Update your Windows XP SP2>>SP3
Update your CIS 3.5.54375.427>>3.8.65951.477
Thank you for your response. It just caught me by surprise to see Firefox for the first time to use UDP. As I said, this has never happened before - I monitor connections all the time. I used to have, once in a while, svchost.exe send out a UDP request, but nothing like this.
Thanks again.
No problem.
And Don’t worry, it’s ok. You are safe with CIS.