My name is Peter… (sort of)
I’m a happy 184.108.40.2069 user who is actually starting to understand the meaning of the phrase “internet connection”. Even though I’ve been a hardcore, almost advanced, Windows user for gawd knows how long, I’ve never actually paid any attention to security. So, I am a newbie… prepare. Thank you!
I am an only (nobody touches my computer) user (admin) of an OS that is currently calling itself: "Microsoft ™ Windows Version 5.1 (Build 2600.xpsp_sp2_qfe.071023-1323 : Service Pack 2) which is guarded by Esets Nod 3.(something), Comodo and the local superhero “Doctor Watson” (what would I do without old watson?) I have an ADSL connection, I think, 24MBIT down and three up, even though It hardly ever exceed two point six.
First I want to say that my memory COULD be failing me. I wanted to write this a week ago, but had things to do and people to meet… sort of. I am not sure that what I describe below is 100% accurate, sorry… what I do know is that something went wrong, and I will describe alternatives. I have been having these second thoughts on how the issue was manifested these couple of days. But I am certain that they were, one way or another. Funny thing is, I haven’t been able to recreate the scenario, as if the firewall have learned to adapt to the new rules and policies I have entered and is applying them to applications itself when it asks. Because it didn’t apply the rules it was asking to “allow” (in this case “allow”) but were giving the program authority to connect to just about anything. This is the issue.
Here’s a somewhat huge illustration on the process of the issue, please see end of message for smaller ones:
I have a virtual server, or rather a program that is supposed to run on a server, but since I don’t have any server I access it though localhost.
No… I’m not connected to any local network, as such.
So I have a bunch of programs that want to access this application, that is supposed to be on a server and I wanted to apply rules to them, and to the application on the localhost, because I wouldn’t want anyone else to connect to my server, neither do I want any of the programs to access other servers. So, while I was observing how they interacted I gave them temporary policies, “The Ask Policy” with the rule (alternative below):
“Ask and Log; TCP or UDP; IN/OUT; Source address: any; Destination address: any; Source and Destination ports any & any.”
(alternatively, but doubtful: “Ask and log IP any to IP any using any”)
The programs on my computer which wanted to access the application on my localhost server started to ask if they could send TCP from IP 0.0.0.0 through some port to IP 127.0.0.1 (loopback) through a specific destination port that the application on localhost is using.
Here comes the Issue (and I am certain that this happend just not exactly how). I answered “yes” and “remember my answer”. When I was checking the update policy update for the program who had connected to my local host server in the network security policy window I noticed it had changed, alright …to:
Allow (log? can’t remember) IP IN/OUT (alt OUT, but I don’t think so) from IP any to IP any by any protocol.
To summerize: It asked me if it could access localhost; I said yes; and it though it could access anything. ?
It doesn’t do that anymore when I try to recreate it. I have specified rules now, for my fantasy intranet, and they seem to work. But I removed the policies from the programs, and added “The ask policy” waited for them to try to connect to my local host server, answered "yes…
…but comodo assigns those new rules I have recently added (not using the names or policies). Could it be that Comodo learn? Still I’m wondering why comodo just didn’t add the specifix rule "Allow TCP out from 0.0.0.0 (wierd address, though) to IP 127.0.0.1 through port 1234 (example) and destination port 4321 (example)? From the beginning. Because that was what happend - right?
That is how I thought comodo worked.
“IP any to any using any”
That is an “easy way ‘out’” imho.
I have seen other programs with the policy “allowed to do whatever they want” mostly some windows system file or something, and I thought it was pre-set when comodo installed. Now I’m not so sure anymore. Can anyone confirm this, please?
Here are my illustrated event files that didn’t do so good. But they are small(-ish). Sorry. The smallest file I was satisfied with was 4.5MB and I can’t publish that. No, that’s right. I dunno how to compress for webb. An excellent time to learn.
huge display | smaller display | big display and | but | but fast connection?| fast connection | slow connetion
Here’s a comic strip I made while I was at it.