Add Reverse DNS Lookup For Firewall Alerts [M948]

1. What version of CIS, or Comodo Firewall, are you currently using:
7.0.313494.4115

2. What actually happened or you saw:
In the Firewall Alerts it will show you IP addresses but no way of getting information on that IP address.

3. What you wanted to happen or see:
At least an option to perform a whois query and a reverse DNS query. The user should be able to see the name of the website to which the app is connecting.

4. Why you think it is desirable:
Firewall alerts would become more informational and it would make it easier to answer alerts and it would save work for the user so the user doesn’t have to do it manually for each and every IP address.

5. Any other information:
This is a basic feature in many firewalls.

Thank you for submitting this Wish Request. I have now reset the poll and moved this to the WAITING AREA.

Please be sure to vote for your own wish, and for any other wishes you also support. It is also worthwhile to vote against wishes you think would be a waste of resources, as implementing those may slow down the wishes you would really like to see added.

Thanks again.

I think in this case it is necessary to perform whois query and a DNS query for the given name to check whether the reverse transformation and any additional information.

**** I forgot the whois part. :-[ Chiron, could you perhaps edit that in?

Sure. Is it okay now?

I think you need more detail to specify that you want to be able to perform not only reverse DNS but received the name again forward DNS

Otherwise, the reverse DNS lookup useless

I don’t really know how it works technically, reverse DNS lookup or Whois lookup, iunno… I just want more information on the IP-address like ISP and if possible hostname etc. If you got an idea of how to put that in a wish then please write it as a reply and maybe Chiron can do some magic and modify the main wish?

I have edited the wish to say “At least an option to perform a whois query and a DNS query. The user should be able to see the name of the website to which the app is connecting.”

How does that sound?

Perhaps change “[…] and a DNS query […]” to “[…] and a reverse DNS query […]”? I don’t know, maybe that’s wrong… iunno… too many terms I don’t completely understand. >_<

Done. How’s that?

I think that looks fine, fdsc might have something to add though.

Reverse DNS response information managed by the owner of the IP and is not reliable. This only reference information
I see two options desired behavior COMODO


  1. Request for IP 213.180.193.11 entails popup with IP 213.180.193.11 and information for reverse DNS: yandex.ru
    And popup with button for additional information window. (screenshot 1)

  2. Additional information window displayed forward DNS request result and inetnums with whois buttons (screenshot 2)


OR

Request for IP 213.180.193.11 entails popup with information:


IP 213.180.193.11
DNS yandex.ru (A)

if forward DNS for yandex.ru contain A-type record.

  1. if A-type DNS record does not contain IP 213.180.193.11, COMODO forward DNS for NS and MX records.
    If they contains IP 213.180.193.11 (example yandex.ru MX mxfront.yandex.ru, and mxfront.yandex.ru A 213.180.193.11) get popup with information:


IP 213.180.193.11
mxfront.yandex.ru

else (if not contains)

IP 213.180.193.11
reverse DNS incorrect

  1. if no reverse DNS.

    IP 213.180.193.11
    no DNS

[attachment deleted by admin]

A great idea

Are also well flag the country a followed her ip

[attachment deleted by admin]

Great suggestion.

I would like to thank everyone who has voted on this particular enhancement. As there have been 20 or more votes, and more than 75% of those votes were positive, I have added this to the tracker for consideration by the devs. However, do note that even though this wish will be considered by the devs, it does not necessarily mean that it will be implemented. I will update this topic when I have any additional information.

Thank you.

Not added in 7.0.315459.4132

Thanks for checking this. I’ve updated the tracker.

Given the overwhelming ignorance of CDN and edge caching, this is most likely going to generate a large number of complaints that stuff is phoning home to Level3, Akamai, FortressITX, NLayer, et ali.

It’s better than to check out all the sites manually

I just wanted to add this as a wish, when I recognized that many similar requests have already been made numerous times, including this one here (thanks to Sanya).

So I’ll just add here what I initially intended to post and why.

[i][b]Please add extensive "whois" RIR lookup functions to the "view connections" dialogue window[/b][/i] .....

i.e.

AFRINIC
APNIC
ARIN
LACNIC
RIPE

lookup.

Please see here for further info:

Comodo Firewall’s lookup capabilities should at least be comparable to the following lovely ol’ prog:

KarenWare’s Whois still does it’s job quite well, but it’s a somewhat old software now, and an “integrated solution” would certainly be more desirable.
(It’s being meant as a hint at what I’m asking for, though.)

Being able to do those kind of lookups directly and instantly from within COMODO firewall would be a very welcome thing, definitely adding to the overall level of user information and internet security, obviously not just in my opinion.

Thanks, REBOL.

PS: I seem to remember that even good ol’ Sygate Firewall Pro had this useful and quite important function implemented (being called “Back Trace”) as early as of 2002. :wink:

So, come on, COMODO… 8)

Kind regards, REBOL. :slight_smile: