Advanced Attack Detection and Prevention advice needed.

I was looking through the various settings in the advanced section of my Comodo firewall and noticed that in the Miscellaneous tab only two boxes were ticked. the ones called “block fragmented IP datagrams” and “do protocol analysis”. The other three called;

(1) Block all outgoing connections while booting.

(2) Do packet checksum verification.

(3) Monitor other NDIS protocols than TCP/IP.

were all unticked. should I add a tick to any of these three?.


This is pulled from CFP’s Help file:

Block all outgoing connections while booting

This option allows the user to secure the host whilst booting by blocking all connection attempts until the system is up and running.
Block fragmented IP Datagrams
When a connection is opened between two computers, they must agree on a Mass Transmission Unit (MTU). IP fragmentation occurs when you pass through a router with an MTU less than the MTU you are using i.e when a datagram is larger than the MTU of the network over which it must be sent, it is divided into smaller fragments which are each sent separately. Fragemented IP packets can create threats like DOS attack. Moreover, these fragmentations can double the amount of time it takes to send a single packet and slow down your download time.
Comodo Firewall Pro is set by default to block fragmented IP datagrams i.e the option Block Fragmented IP datagrams is checked by default.
Do Protocol Analysis

Protocol Analysis is key to the detection of fake packets used in denial of service attacks. Checking this option means Comodo Firewall Pro checks every packet conforms to that protocols standards. If not, then the packets are blocked
Do Packet Checksum Verification

Every packet of data sent to your machine has a signature attached. With this option enabled, Comodo Firewall Pro will recalculate the checksum of the incoming packet and compare this against the checksum stated in the signature. If the two do not match then the packet has been altered since transmission and Comodo Firewall Pro will block it.
Monitor other NDIS protocols than TCP/IP

This will force Comodo Firewall Pro to capture the packets belonging to any other protocol diver than TCP/IP. Trojans can use their own protocol driver to send/receive packets. This option is useful to catch such attempts. This option is disabled by default: because it can reduce system performance and may be incompatible with some protocol drivers.

Obviously, turning the rest of the options on will increase your security. However, some of them may not be necessary for your situation, and might also cause a significant decrease in performance.

If you want to try them, I suggest doing one at a time, and waiting a few days before trying the next one. This way you can run all your normal applications, to make sure you won’t hit any snags. If you turn them all on at once and lose performance, it’s more difficult to isolate the problem…


The help file explains more. I think (2) may slow down pc performance, while (3) slows down network performance. Users have found that (1) slows down pc boot up time.