Fresh out of the box newbie ! ;D Installed Comodo for the first time yesterday and am pleased so far. Please advise whether there is any point in specifically blocking/allowing the following as I did with Sygate. I am behind a router and am using Proxomitron localhost (the reason I changed to Comodo) :-
Block ports 135-139 TCP&UDP both ways remote and local.
Block ports 1025,1026 TCP both ways local.
Block port 69 UDP both ways local
Allow port 123 UDP both ways remote and local (for Windows Time)
These to be added above the generic block all rule I presume. Is there any point, or don’t I have to worry about the above ports ?
OK. Having searched the forum it appears that these notoriously “bad” ports need not be specifically blocked as the default Network monitor settings would take care of this. But for peace of mind I would really appreciate confirmation from the more experienced.
If I would be advised to add the block ports mentioned in my previous post, are there any hierarchy considerations ( of course leaving 5 - block all in place at the end)…??
Block ports 135-139 TCP&UDP both ways remote and local.
RPC is 135 & Netbios is 139.. depending on the software you use, you might need to allow local RPC (135). Otherwise, you can block it if you wish. 139 depends on if you're using LAN/File Sharing or not. I don't think ports 136, 137 or 138 are used by either RPC or Netbios.
Block ports 1025,1026 TCP both ways local.
TCP 1025 is also RPC, I'm not not sure what TCP 1026 is.
Block port 69 UDP both ways local
UDP 69 is TFTP (Trival File Transfer Protocol), I've no idea why you're seeing this port as open/listening, unless there is a supporting service/application.
Allow port 123 UDP both ways remote and local (for Windows Time)
I don't think you need to specifically open this port in the Network Monitor, as actions on this port should be related to a Windows service & CFP would prompt specifically for that action. It is best not to allow unsolicited inbound communications on this port & leave it to the Component Monitor.
However, in saying all that… since you’re using a router, then this will, in its default state, probably block all inbound unsolicited communication attempts & will not translate your open local ports to the Internet. You normally need to configure the router to do this. So, you are probably perfectly safe anyway.
Thanks kail !
In order to check the firewall I switched to dial up and tested the ports mentioned at Shields Up.
All were stealthed Network Control ID 5 denied access to them all. Very good indeed - now I won’t bother adding them as block rules.
Switching back to router now. Comodo is behaving very well !
Network Control ID 5 denied access to them all. Very good indeed - now I won’t bother adding them as block rules.