If this question has been answered before I’m sorry but I can’t find it in the FAQs.
The PC is directly connected to a DSL modem without a router (for now) and the modem has a setting for PPP set to “PPP is on the modem”.
A specific app wants to connect to the Internet but all I see from CFP (I have turned off component monitor if it makes any difference) is that the app wants to do a dns(53) to 192.168.0.1 which is the internal IP of the modem itself. I do not see what IP the app wants to connect to.
I don’t need to block the app from all access to the Internet - I need to block it only for the IPs it wants to connect itself but I have to see what IP it wants to connect first and I thought CFP would show that.
Is the PPP setting on the modem why CFP shows only the internal 192.168.0.1 address and not the real IP the application wants to connect to?
Even if I change the PPP setting on the modem, I will eventually use a router in this setup so when the router does the IP assignments in the home LAN will then CFP show again the internal IP of the router every time an application wants to connect to the Internet and not the actual IP the application wants to connect to?
Thanks for any help on this.
If the notification window had a couple of options like “Block the connection to this IP from this app or from any app on the system” every time an app trips the firewall that would be a very useful feature.
You won’t see the IP address of a site you propose to connect to even if you’ve got a router. As a workaround, and assuming you’re using Firefox, install the Shazou extension from here: Search results for "shazou" – Add-ons for Firefox (en-US) When visit the site, click the “S” icon on the Status Bar and you’ll get a map of the location together with the IP address. You can download Firefox from http://www.mozilla.com
You can also download a freebie utility called “IPNetInfo” from here: IPNetInfo: Retrieve IP Address Information from WHOIS servers It’s a stand-alone program, so no installation required. Simply launch the application and then checkmark the field called “Convert host names to IP addresses”, type in the host name and click OK. Double click the results to get the IP address of the recipient before you go there.
The suggestions you’re proposing will not have any effect because CFP is not showing either the domain or the IP an application wants to connect to.
My intent is for CFP to show the destination IP of an attempted connection [i]before[i] I create a rule to allow or block it.
For further testing, I deleted all the rules I had for my email client and restarted the client and tried to get my email. CFP blocked it and showed its notification but again the only thing it notified me with was that the email client wanted to do a dns(53) connection to 192.168.0.1, the internal IP of the modem, and did not show the IP of my ISPs email server that the email client wanted to connect to.
After the connection is allowed then CFP shows the destination IP that the email client is connecting to of course, but not before a rule is made to allow it or block it from connecting to the Internet.
Does anyone know if there are there any settings I may have turned off in the program that cause CFP not to show the destination IP of the attempted connection of an application?
This is why I suggested to you to use IPNetInfo. Since practically all ISPs email servers use pop.isp.com, all you need to do to get the IP address of the email server is to type that in, checkmark the option: “Convert host names to IP addresses” and then click OK.
For example, my previous ISP was www.xs4all.nl (this has got to be the ugliest website you’ll ever see…lol). So type: pop.xs4all.nl and you’ll get the info shown in the image. You can now create a custom rule manually to allow or block that IP.
In the interest of clearing up any misunderstanding due to my description of the issue:
I don’t need to find the IP of any site or my ISP’s email server or anything like that.
I need to set CFP to show me the IP of the destination of an attempted connection by any application on my system when it notifies me that the application wants to connect to the Internet.
As it is now CFP is telling me that an application that I don’t have a rule for yet wants to do a dns connection to the internal IP of my modem (dns-53 to 192.168.0.1). I’d like to see the IP the application wants to connect to, not its dns request to the modem, before I block or allow it to connect to the Internet.
I hope I was more clear in my request. Thanks again for your help.
I’m pretty sure TCPView shows IPs of established connections only and I don’t know what URL Snooper does but I doubt it can show the destination IP of an attempted connection of a program.
I was under the impression that this is a primary feature of a software firewall. I was using Outpost before I switched to CFP and before Outpost I was using AtGuard (which then became Norton Internet Firewall) and both showed the IP that a program wanted to connect to on the notification to the user after a connection attempt.
Apparently it’s not any setting on CFP that I may have missed.
this is true however after this comodo should show the connection to the IP that you are looking for however you have to allow the dns first. Comodo can not show the IP until after the DNS lookup nor can any other firewall.
If you were not seeing the DNS lookup with other firewalls, either the application was going straight for an IP, or The other firewall was not warning you of the DNS lookup.
A direct answer to your question is yes Commodo should show this. If you want to force comodo to create a rule for this IP. Move your alert setting to “High” or “Very High”.
Just a note: I personally had problems with 2.4 recognizing rule for specific IPs without keeping the settings at “Very High”. If I moved the setting back to a lower setting, it would want to create general rules to replace my Specific rules, and at “Very High” it would not read all my general rules and wanted to replace them with Specific rules.
I have not had this problem with 3.0.X however it is still in the last phases of Beta, but it just about ready for RC
OD
PS
A packet sniffer will show this but you need to know what you are looking at, and you still need to allow the DNS lookup to see the IP Address
Since I@m interested in the same thing, I’ll piggyback on this thread
Thanks Opus Dei for your post, I think it answers my question halfway, but I’d like to be sure…
Am I right in thinking that CFP lets you set rules to determine which IPs an application can access?
If that only works with the “very high” security setting, will I get bugged by alerts alot? Or should I go with the 3.0 Beta?
Another thing, while I’m here - I find that with my current firewall, games often get “stuck” because the firewall throws up an alert, but the desktop will not be displayed, so I cannot grant access, and the game will wait indefinitle until I terminatei it. Is the situation any better with CFP?
Thanks for the info - CFP looks much better than my Zone alarm, but before I go through all that configuring again… you know
J
Yes, CFP 2.4 allows or denies an application to connect to specific IPs or a range of IPs.
The rule creation is pretty flexible, for example you can allow an application outbound tcp or udp communication everywhere except a specific IP or a range of IPs or a list of IPs. Same thing with allowing it to connect only to a specific set of IPs and nowhere else.
I was told you could lower the alert setting by users with more experiance than myself, however I had problems and could not get this to work there was a rather long discussion in the forums about this.
Remember it is a Beta so far you have had to start your rules from scratch with each new release.
Hope fully this won´t be the case with the change from RC to the final. It is however a good learning experiance
Disclaimer: it may not work as intended on your system it could even cause major system problems, however this has not been my experiance
