Can someone explain why I can't block this properly? (bug confirmed!)

Hi folks,
I am trying Comodo Firewall last version. Now I see how we may block hostnames or IPs, but I am having a little issue here.

Two websites with no relationship between them are using the same IP address. For example, let’s say Google is using:

22.30.10.2

So if I select www.google.com as hostname to be blocked, it will.

And facebook.com will be blocked as well, because it’s using 22.30.10.2 as their IP address. This is the issue I am facing.

When you do a tracert in DOS Prompt you can see the following result for site A (in this example, Google):

Route: a134.dsw3.akamai.net [22.30.10.2]

And facebook, site B:

Route: a1676.sa.akamai.net [22.30.10.2]

Why Comodo can’t deal with this when I told to block www.google.com and not the IP 22.30.10.2? Maybe it’s a bug?

Thanks!

Welcome to the forum.

Would you be able to be specific about exactly what you’re trying to block, is it google or akamai or something else? The reason I ask, content providers like those mentioned, don’t have a single IP address assigned, they have many and they may also be region dependent. For example from my perspective, google search has:

www.google.com.         87      IN      A       173.194.47.241
www.google.com.         87      IN      A       173.194.47.244
www.google.com.         87      IN      A       173.194.47.242
www.google.com.         87      IN      A       173.194.47.240
www.google.com.         87      IN      A       173.194.47.243

However, those few are from a much greater pool of addresses - 173.194.0.0 - 173.194.255.255

That said, you should still be able to block a domain using Blocked zones in CIS.

Radaghast, look at this picture:

It seems both sites share the same IP address, however, the route is different if you do a tracert:

Route: a134.dsw3.akamai.net [same IP address]
Route: a1676.sa.akamai.net [same IP address]

Right now I am seeing that my tracert is telling otherwise, but yesterday the end of that IP was the same.

Let’s say:

186.215.209.9
186.215.209.9

When they are the same (now or later), and you try to access a website that you have not added to be blocked as a hostname, it will be blocked too.

So if you block google.com which uses 70.2.0.1 and it just happens that when you try to access facebook.com it’s using the same IP address from Google, it will be blocked even if you have not added neither 70.2.0.1 in your list or facebook.com.

Do you understand what is going on now?

Which means I can’t block by hostname or IP neither one of them. Maybe I should block this thing instead?

Route: a134.dsw3.akamai.net

Please note that:

Route: a134.dsw3.akamai.net

Remains the same no matter when you do a tracert for that site. The same goes for:

Route: a1676.sa.akamai.net

I am having a match right now:

If you block www.bing.com you will block americanas, too.

C:\>tracert www.americanas.com

Rastreando a rota para a1676.sa.akamai.net [186.215.209.11]
com no máximo 30 saltos:

  1    <1 ms    <1 ms    <1 ms  192.168.25.1
  2     5 ms     5 ms     4 ms  177.17.56.1.dynamic.adsl.gvt.net.br [177.17.56.1
]
  3    21 ms     5 ms     5 ms  177.135.187.225.dynamic.adsl.gvt.net.br [177.135
.187.225]
  4     6 ms     6 ms     7 ms  187.115.215.213.static.host.gvt.net.br [187.115.
215.213]
  5    42 ms    43 ms    43 ms  gvt-ge-3-0-0-rc01.rjo.gvt.net.br [189.59.244.201
]
  6    44 ms    42 ms    43 ms  187.115.217.110.static.host.gvt.net.br [187.115.
217.110]
  7    41 ms    41 ms    41 ms  186.215.209.11.static.host.gvt.net.br [186.215.2
09.11]

Rastreamento concluído.

C:\>tracert www.bing.com

Rastreando a rota para a134.dsw3.akamai.net [186.215.209.11]
com no máximo 30 saltos:

  1     1 ms    <1 ms    <1 ms  192.168.25.1
  2     5 ms     4 ms     4 ms  177.17.56.1.dynamic.adsl.gvt.net.br [177.17.56.1
]
  3     5 ms     4 ms     4 ms  177.135.187.225.dynamic.adsl.gvt.net.br [177.135
.187.225]
  4     8 ms     6 ms     7 ms  187.115.215.213.static.host.gvt.net.br [187.115.
215.213]
  5    45 ms    42 ms    43 ms  gvt-ge-3-0-0-rc01.rjo.gvt.net.br [189.59.244.201
]
  6    44 ms    43 ms    43 ms  187.115.217.110.static.host.gvt.net.br [187.115.
217.110]
  7    41 ms    41 ms    41 ms  186.215.209.11.static.host.gvt.net.br [186.215.2
09.11]

Rastreamento concluído.

C:\>

It looks like your ISP is intervening in your communications. If you look at the first and last hops in your tracert:

177.17.56.1.dynamic.adsl.gvt.net.br [177.17.56.1
186.215.209.11.static.host.gvt.net.br [186.215.2

Which is why these completely different sites appear to have the same IP address.

$ tracert www.americanas.com

Tracing route to a1676.sa.akamai.net [80.156.250.40]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  jellytot [192.168.1.1]
  2     *        *        *     *
  3    10 ms     7 ms     1 ms  *
  4     2 ms     1 ms     1 ms  *
  5    10 ms     3 ms     3 ms  *
  6   180 ms   163 ms   175 ms  ethernet16-1.ar4.fra4.gblx.net [208.178.194.173]
  7   158 ms   161 ms   161 ms  ae8.scr3.FRA4.gblx.net [67.16.145.237]
  8   179 ms   177 ms   190 ms  po1.ar5.FRA3.gblx.net [67.16.147.13]
  9   168 ms   170 ms   167 ms  80.156.160.45
 10   204 ms   206 ms   200 ms  mad-sb3-i.MAD.ES.NET.DTAG.DE [217.5.95.201]
 11   206 ms   200 ms   202 ms  80.156.250.40

Trace complete.

GCB@Beano ~
$ tracert www.bing.com

Tracing route to a134.dsw3.akamai.net [23.15.14.8]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  jellytot [192.168.1.1]
  2     *        *        *     *
  3     1 ms     1 ms     1 ms  *
  4    12 ms     3 ms     6 ms  *
  5     2 ms     2 ms     5 ms  *
  6    12 ms    13 ms    13 ms  *
  7    40 ms    36 ms    47 ms  *
  8    36 ms    35 ms    36 ms  otejbb206.int-gw.kddi.ne.jp [106.187.6.161]
  9    36 ms    52 ms    42 ms  cm-ote232.int-gw.kddi.ne.jp [118.155.197.13]
 10    54 ms    48 ms    55 ms  111.87.10.14
 11    38 ms    38 ms    35 ms  a96-7-248-250.deploy.akamaitechnologies.com [96.7.248.250]
 12    46 ms    36 ms    36 ms  a23-15-14-8.deploy.akamaitechnologies.com [23.15.14.8]

Trace complete.

==================================================
Order             : 1
IP Address        : 80.156.250.49
Status            : Succeed
Country           : Germany
Network Name      : AKAMAI-TECHNOLOGIES-MADRID-3
Owner Name        : Akamai International B.V.
From IP           : 80.156.250.0
To IP             : 80.156.250.127
Allocated         : Yes
Contact Name      : Network Architecture Role Account
Address           : Akamai Technologies, 8 Cambridge Center, Cambridge, MA 02142
Email             : ip-admin@akamai.com
Abuse Email       : abuse@akamai.com
Phone             : +1-617-938-3130
Fax               : 
Whois Source      : RIPE NCC
Host Name         : 
Resolved Name     : 
==================================================

==================================================
Order             : 2
IP Address        : 23.15.14.8
Status            : Succeed
Country           : USA - Massachusetts
Network Name      : AKAMAI
Owner Name        : Akamai Technologies, Inc.
From IP           : 23.0.0.0
To IP             : 23.15.255.255
Allocated         : Yes
Contact Name      : Akamai Technologies, Inc.
Address           : 8 Cambridge Center, Cambridge
Email             : ip-admin@akamai.com
Abuse Email       : ip-admin@akamai.com
Phone             : +1-617-444-2535 
Fax               : 
Whois Source      : ARIN
Host Name         : 
Resolved Name     : a23-15-14-8.deploy.akamaitechnologies.com
==================================================

==================================================
Order             : 3
IP Address        : 186.215.209.16
Status            : Succeed
Country           : Brazil
Network Name      : 003.420.926/0002-05
Owner Name        : Global Village Telecom
From IP           : 186.212.0.0
To IP             : 186.215.255.255
Allocated         : Yes
Contact Name      : GVT - Equipe de redes IT
Address           : 
Email             : registro@gvt.com.br
Abuse Email       : abuse@gvt.com.br
Phone             : 
Fax               : 
Whois Source      : LACNIC
Host Name         : 
Resolved Name     : 186.215.209.16.static.host.gvt.net.br
==================================================

==================================================
Order             : 4
IP Address        : 177.17.56.1
Status            : Succeed
Country           : Brazil
Network Name      : 003.420.926/0002-05
Owner Name        : Global Village Telecom
From IP           : 177.16.0.0
To IP             : 177.19.255.255
Allocated         : Yes
Contact Name      : GVT - Equipe de redes IT
Address           : 
Email             : registro@gvt.com.br
Abuse Email       : abuse@gvt.com.br
Phone             : 
Fax               : 
Whois Source      : LACNIC
Host Name         : 
Resolved Name     : 177.17.56.1.dynamic.adsl.gvt.net.br
==================================================

Radaghast, if you try to access a website in the United States you will get a different IP than someone from Brazil and other locations. I can’t explain exactly why, but it’s related to the routes your ISP is accessing. For example, facebook.com here:

http://network-tools.com/default.asp?prog=express&host=www.facebook.com

IP address: 66.220.152.19
Host name: www.facebook.com
Alias: star.c10r.facebook.com
www.facebook.com
66.220.152.19 is from United States(US) in region North America

TraceRoute from Network-Tools.com to 66.220.152.19 [www.facebook.com]
Hop	(ms)	(ms)	(ms)		     IP Address	Host name
1 	  1 	  0 	  0 	     8.9.232.73	 xe-5-3-0.edge3.dallas1.level3.net  
2 	  19 	  20 	  20 	     4.69.145.254	 vlan90.csw4.dallas1.level3.net  
3 	  20 	  20 	  21 	     4.69.151.170	 ae-93-93.ebr3.dallas1.level3.net  
4 	  20 	  20 	  20 	     4.69.134.22	 ae-7-7.ebr3.atlanta2.level3.net  
5 	  20 	  20 	  20 	     4.69.148.242	 ae-63-63.ebr1.atlanta2.level3.net  
6 	  19 	  19 	  19 	     4.69.150.14	 ae-1-51.edge5.atlanta2.level3.net  
7 	  38 	  38 	  38 	     4.28.26.46	 facebook-in.edge5.atlanta2.level3.net  
8 	  39 	  39 	  39 	     204.15.23.210	 ae2.bb02.atl1.tfbnw.net  
9 	  43 	  43 	  43 	     31.13.27.116	 ae11.bb04.frc1.tfbnw.net  
10 	  40 	  52 	  40 	     31.13.27.73	 ae4.dr04.frc1.tfbnw.net  
11 	  41 	  40 	  40 	     31.13.26.131	 po1019.csw09b.frc1.tfbnw.net  
12 	  Timed out 	  48 	  49 	     66.220.152.19	 edge-star-ecmp-09-frc1.facebook.com  

Trace complete

And in my computer…

C:\>tracert www.facebook.com

Rastreando a rota para star.c10r.facebook.com [31.13.85.16]
com no máximo 30 saltos:

  1     6 ms    <1 ms    <1 ms  192.168.25.1
  2     5 ms     5 ms     5 ms  177.17.56.1.dynamic.adsl.gvt.net.br [177.17.56.1
]
  3     6 ms     6 ms     5 ms  177.135.187.230.dynamic.adsl.gvt.net.br [177.135
.187.230]
  4    18 ms    18 ms    19 ms  187.115.216.86.static.host.gvt.net.br [187.115.2
16.86]
  5    21 ms    34 ms    17 ms  ethernet3-3.ar1.fcs1.for.gblx.net [206.165.73.12
1]
  6   112 ms   128 ms    71 ms  xe0-0-0-10G.scr2.GRU1.gblx.net [67.16.144.173]
  7    61 ms    59 ms    70 ms  ae1-100G.ar4.GRU1.gblx.net [67.16.148.10]
  8    58 ms    61 ms    59 ms  telecomitalia-1.ar4.GRU1.gblx.net [64.208.27.86]

  9    61 ms    59 ms    71 ms  xe-7-0-0.sanpaolo8.spa.seabone.net [195.22.219.1
77]
 10    60 ms    60 ms    59 ms  facebook.sanpaolo8.spa.seabone.net [195.22.219.1
07]
 11    59 ms    60 ms    60 ms  po126.msw01.02.gru1.tfbnw.net [31.13.29.149]
 12    60 ms    59 ms    60 ms  edge-star-ecmp-02-gru1.facebook.com [31.13.85.16
]

Rastreamento concluído.

C:\>

US ISP: 66.220.152.19 is from United States(US) in region North America
Here: 31.13.85.16 is from Ireland(IE) in region Western Europe

However, 66.220.152.19 and 31.13.85.16 are both from the same company.

What I am asking in this thread is what happens with Comodo if two distinct websites ARE SHARING the same IP address. As you can see, blocking by IP or hostname won’t work.

And blocking a1676.sa.akamai.net, a7218398127391823.sa.akamai.net or a323213.sa.akamai.net will not make any difference, since they all share the same IP address. It’s just the name of the route (path).

Indeed, this is why I mentioned regional differences in my first post. It’s about load balancing and providing content as close to the user as possible.

SNIP…

What I am asking in this thread is what happens with Comodo if two distinct websites ARE SHARING the same IP address. As you can see, blocking by IP or hostname won't work.

What I’m trying to help you understand is that two completely disparate websites cannot share the same IP address. IP addresses are unique. However, a large content provider like Akamai, will map many alias names to an address.

And blocking a1676.sa.akamai.net, a7218398127391823.sa.akamai.net or a323213.sa.akamai.net will not make any difference, since they all share the same IP address. It's just the name of the route (path).

If you wanted to block something like Akamai, you’d need to find all of the IP blocks used by the company - there are a lot - and create a block zone containing all of them. See the image below for an example and that list is still incomplete.

[attachment deleted by admin]

Nothing so dramatic. I just want to block one thing, let’s say, the hostname americanas.com.

However, if I block americanas.com, submarino.com.br (a quick note: submarino/americanas are the same company) and bing.com are blocked.

I did a traceroute now and americanas is currently using 186.215.209.16 while bing.com uses 186.215.209.11. A few minutes later, both are again using 186.215.209.11 or any IP address that creates the issue I am telling you about.

Even if my dynamic IP has not changed, everytime I do a tracert to google.com or any other website different in some regards, the IP changes.

Do you have any idea if it’s possible to block a hostname (attention: only block a hostname such as google.com, facebook.com, etc., not a single IP address or any IP range) using Comodo and not block other domains? That’s all I want here.

Is Global Village Telecom your ISP?

Do you have any idea if it's possible to block a hostname (attention: only block a hostname such as google.com, facebook.com, etc., not a single IP address or any IP range) using Comodo and not block other domains? That's all I want here.

You can block hostnames, domain names and IP addresses, all of which are unique but may be region specific.

Yes. And I am also using their DNS.

Hostnames are not unique for Comodo, so it seems. Because if you block a website that happens to be using the IP 1.2.3.4 and another hostname in that moment is using 1.2.3.4 this second hostname is blocked, too.

In short: hostnames = IP addresses for Comodo (technically they are, but I expected Comodo to circumvent this scenario).

When I tell Comodo to block Google.com, I want Comodo to block Google.com if my browser tries to access the Google domain.

I am not telling Comodo to block globally Google’s IP 1.2.3.4 and in the meantime, block other websites using 1.2.3.4.

It will be the same as blocking the street and not a Ferrari from driving through that path. If you mess with that order, the Porsche, Fiat, and all other vehicles will be affected. 88)

The problem with your analogy is that the internet doesn’t work this way. As Radaghast has pointed out, IP addresses are unique. You will not find two websites with the same IP address.

Using your street analogy, your street address is unique, correct? Any mail addressed to you will reach you from anywhere in the world, correct? Think of the problems that would arise if somebody shared the same street address! You would constantly be getting their mail, and they would be constantly be getting yours, because there would be no way for the post office to differentiate between the two identical addresses.

IP addresses are exactly the same as your street address! Each one is unique. The internet would not work if IP addresses were shared. There would literally be no way to determine which website a user actually wanted to visit if IP addresses were shared.

This is why Radaghast is asking questions about your ISP, because it’s just not possible for Google to share an IP address with any other website. This would “break” the internet…

I tried to point out in my erlier post that you’re traceroutes are not displaying the correct information.

I did a traceroute now and americanas is currently using 186.215.209.16 while bing.com uses 186.215.209.11. A few minutes later, both are again using 186.215.209.11 or any IP address that creates the issue I am telling you about.

The IP address block:

186.212.0.0 - 186.215.255.255

belongs to Global Village Telecom, as does

177.16.0.0 - 177.19.255.255

Order             : 1
IP Address        : 186.215.209.11
Status            : Succeed
Country           : Brazil
Network Name      : 003.420.926/0002-05
Owner Name        : Global Village Telecom
From IP           : 186.212.0.0
To IP             : 186.215.255.255

Order             : 1
IP Address        : 177.17.56.1
Status            : Succeed
Country           : Brazil
Network Name      : 003.420.926/0002-05
Owner Name        : Global Village Telecom
From IP           : 177.16.0.0
To IP             : 177.19.255.255

You could try using a different DNS, it’s possible you will see a difference

Radaghast, either you neglected to mention this IP was from my ISP or I misunderstood your explanation.

Anyway, you were right! That was exactly what happened here, my ISP, GVT, was interfering with the resulting IP from those websites.

I changed my DNS to http://www.opendns.com/opendns-ip-addresses

208.67.222.222
208.67.220.220

And look the results:

C:\>tracert www.bing.com

Rastreando a rota para a134.dsw3.akamai.net [198.144.112.65]
com no máximo 30 saltos:

  1    <1 ms    <1 ms    <1 ms  192.168.25.1
  2     5 ms     4 ms     4 ms  177.17.56.1.dynamic.adsl.gvt.net.br [177.17.56.1
]
  3     5 ms     4 ms     4 ms  177.135.187.226.dynamic.adsl.gvt.net.br [177.135
.187.226]
  4    18 ms    24 ms    24 ms  ethernet2-4.ar1.FCS1.FOR.gblx.net [64.214.196.12
1]
  5    82 ms    82 ms    83 ms  xe2-1-0-10G.scr4.MIA1.gblx.net [67.16.147.253]
  6    83 ms    83 ms    82 ms  po3-20G.ar3.MIA2.gblx.net [67.17.75.66]
  7    83 ms    82 ms    82 ms  xe-4-0-0.cr1.mia1.us.nlayer.net [63.141.207.29]

  8    83 ms    82 ms    82 ms  as35994.ae1.cr1.mia1.us.nlayer.net [63.141.207.3
4]
  9    83 ms    82 ms    83 ms  198.144.112.65

Rastreamento concluído.

C:\>tracert www.americanas.com

Rastreando a rota para a1676.sa.akamai.net [23.15.5.198]
com no máximo 30 saltos:

  1    <1 ms    <1 ms    <1 ms  192.168.25.1
  2     4 ms     4 ms     4 ms  177.17.56.1.dynamic.adsl.gvt.net.br [177.17.56.1
]
  3     5 ms     4 ms     4 ms  corporativo.gvt.net.br [189.115.160.2]
  4     7 ms     7 ms     7 ms  187.115.215.217.static.host.gvt.net.br [187.115.
215.217]
  5    54 ms    54 ms    55 ms  gvt-ge-4-1-4-rc01.rjo.gvt.net.br [189.59.244.5]

  6   107 ms    91 ms   104 ms  187.115.216.10.static.host.gvt.net.br [187.115.2
16.10]
  7    76 ms    76 ms    76 ms  187.115.216.66.static.host.gvt.net.br [187.115.2
16.66]
  8   158 ms   158 ms   158 ms  Xe0-1-0-0-grtssatw1.red.telefonica-wholesale.net
 [84.16.7.157]
  9   160 ms   160 ms   160 ms  Xe5-2-0-0-grtfortw1.red.telefonica-wholesale.net
 [84.16.14.242]
 10   152 ms   151 ms   152 ms  Xe5-1-2-0-grtmiana2.red.telefonica-wholesale.net
 [94.142.127.50]
 11   152 ms   152 ms   151 ms  176.52.251.189
 12   130 ms   129 ms   131 ms  176.52.252.190
 13   129 ms   129 ms   129 ms  a23-15-5-198.deploy.akamaitechnologies.com [23.1
5.5.198]

Rastreamento concluído.

C:\>tracert www.submarino.com.br

Rastreando a rota para a1656.sa.akamai.net [23.15.5.198]
com no máximo 30 saltos:

  1    <1 ms    <1 ms    <1 ms  192.168.25.1
  2     4 ms     4 ms     4 ms  177.17.56.1.dynamic.adsl.gvt.net.br [177.17.56.1
]
  3     5 ms     5 ms     4 ms  corporativo.gvt.net.br [189.115.160.2]
  4     6 ms     7 ms     7 ms  187.115.215.217.static.host.gvt.net.br [187.115.
215.217]
  5    61 ms    56 ms    56 ms  gvt-ge-4-1-4-rc01.rjo.gvt.net.br [189.59.244.5]

  6    92 ms    91 ms    90 ms  187.115.216.10.static.host.gvt.net.br [187.115.2
16.10]
  7    77 ms    76 ms    76 ms  187.115.216.66.static.host.gvt.net.br [187.115.2
16.66]
  8   158 ms   158 ms   158 ms  Xe0-1-0-0-grtssatw1.red.telefonica-wholesale.net
 [84.16.7.157]
  9   160 ms   217 ms   160 ms  Xe5-2-0-0-grtfortw1.red.telefonica-wholesale.net
 [84.16.14.242]
 10   152 ms   152 ms   152 ms  Xe5-1-2-0-grtmiana2.red.telefonica-wholesale.net
 [94.142.127.50]
 11   152 ms   151 ms   152 ms  176.52.251.189
 12   130 ms   129 ms   129 ms  176.52.252.190
 13   129 ms   129 ms   129 ms  a23-15-5-198.deploy.akamaitechnologies.com [23.1
5.5.198]

Rastreamento concluído.

C:\>

Still, as you can see, submarino/americanas are sharing the same IP. They are both from the same company. Network-tools reports:

IP address: 199.239.182.217
Host name: www.americanas.com
Alias: a1676.sa.akamai.net
americanas.com.br.edgesuite.net
www.americanas.com.br
www.americanas.com
199.239.182.217 is from United States(US) in region North America

IP address: 199.239.182.171
Host name: www.submarino.com.br
Alias: a1656.sa.akamai.net
submarino.com.br.edgesuite.net
www.submarino.com.br
199.239.182.171 is from United States(US) in region North America

In another tracert, two minutes later, americanas = 23.15.5.198 and submarino = 23.15.5.206.

What I am afraid is that sometimes americanas is blocked and submarino, too. Is this result to be expected? I saw that even Google changes their IP (the last 3 numbers) based on the time you do a traceroute to their hostname. If two different sites match their IPs 100% you will have both blocked when you try to access them using Comodo.

I’m glad you’ve managed to get the traceroute information corrected, however, As HeffeD and I have explained, separate and different websites do not share the same IP address. So, if you create a block rule for www.americanas.com.br it will block that site and only that site.

I am having a different issue with Comodo right now.

At first, I tried blocking some domains, then I removed those entries from the program. However, as I explained to you, I tried blocking americanas.com and bing.com which shared the same IP, something done by my ISP. When I changed the DNS servers, this issue was solved.

However, today I discovered that Google.com was blocked. This was detected after I added some different domains in that list. I checked each one of them and neither was sharing any IP address similar to the one used by Google, either by using GVT DNS or any other DNS.

When Google.com was blocked (doing a traceroute you can’t see a single hop, instead you get a “failure” warning) I was using Comodo DNS servers. I changed to others (such as OpenDNS) and Google was still blocked.

I removed Comodo from my machine and even used one advanced uninstaller to remove leftovers such as Windows registry entries and config files not deleted from folders. Then I reinstalled Comodo again.

After I removed all entries from the blocked zone/list Google was not blocked. I had to remove ALL OF THEM, pay attention to what I am going to say: if I add a single, I mean, A SINGLE ENTRY in that blocked zone list, Google will be blocked again.

I reinstalled Comodo. Apparently this was fixed, but another domain that I added to the block list the first time Comodo was installed was also blocked when I checked.

So let me explain in a few words to you what kind of bug I am reporting above:

• If you add let’s say a few domains the first time you install Comodo, such as:

facebook.com - google.com - bing.com - yahoo.com

And then you remove all of them and add new ones, it seems Comodo still thinks you are blocking one of those domains. Even if you clean the whole list, some kind of bug is still accessing a hidden config file where some domain is listed to be blocked.

Perhaps this has something to do with the annoying Windows 8 “Run everything as Administrator” difference when compared to previous Windows versions.

If you attempt to save a configuration file without running any software as administrator (and in my case I am the only user in this machine, I am the administrator), the config file won’t be saved in some cases.

For example, Media Player Classic Home-Cinema needs to “run as admin” (edit the properties from the .EXE file) in order to save the INI file with all program settings. Otherwise it won’t be saved in the install folder.

Or maybe this bug is happening because somewhere (a hidden folder?) Comodo is still reading that I want some domain or IP range blocked.

I even installed another firewall to replace Comodo because of this bug (which is not related to the issue I was talking before), but I didn’t liked, so I want to stick with Comodo.

Can you help me fix that?

To begin with, I want to find out if there are any config files about blocked zones/domains somewhere, and if there is one left, I need to delete for good, to reinstall your firewall.

• P.S.: Windows HOSTS file is not blocking anything, I checked and it’s clean.

Sorry to hear that

Snip…

Can you help me fix that?

To begin with, I want to find out if there are any config files about blocked zones/domains somewhere, and if there is one left, I need to delete for good, to reinstall your firewall.

• P.S.: Windows HOSTS file is not blocking anything, I checked and it’s clean.

I’ve tried to reproduce the problem you’re having but I cannot. Using Windows 8 with a standard user account, I can add and remove blocked zones and the change is instant.

As far as configuration files, Comodo uses the registry. Blocked zones can be found under:

HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Blocked Addresses\0\Address\IPV4

Perhaps you have a problem with your installation of Windows 8 or perhaps you have some other security application installed?

[attachment deleted by admin]

Radaghast, it’s really strange and it was with sadness that I had to remove Comodo because of this (new) bug. The other one was easily fixed but this one cannot be solved.

I simply added a few domains that had no relation with each other and with different IPs, also using a DNS such as OpenDNS, Comodo or even Google (8.8.8.8), etc. and in the end a hostname (it was globo.com) was blocked without any reason at all.

The reason for that seems to be a conflict between the hostnames added and this unrelated website, or maybe globo.com was accessing one of them and it was blocked as well.

I mean, if you block facebook.com but comodo.com is accessing facebook.com, comodo.com (even if it’s not in your blacklist) is penalized.

I will try installing again, but so far the only explanation is a bug in this feature.

Sorry to hear you’re still having problems, unfortunately, the problem seems to lie with your configuration/ISP/DNS. As mentioned several times, unique web sites do not share IP addresses. If you block www.google.com, you will block all of the IP addresses associated with that domain, as seen from your region. Even if a site unrelated to google has a link to the google search page, you will only block the link, not the site.

If you can be specific about what it is you’re trying to block/allow, as well as providing details about how you’re doing this, we may find an answer.

The problem seems to be fixed now. The only thing I did different this time was to change my DNS to Comodo’s right from the start, while installing again.

Thank you Radaghast and all of you for the support.

I hope everything works fine now! 8)

Comodo is better than other firewalls in terms of blocking because you can’t see a custom message that is blocked. Instead you will only get the error page, like the site can’t be reached anyway. This is my favorite method.

Hey, I just confirmed this is a bug and I am going to explain why.

When I blocked facebook.com, and tried to access globo.com, globo was blocked because it used facebook data in their website.

Proof is attached to this message.

In other words, if the website you are blocking is being used by other not-blocked hostnames, they will be blocked BY ASSOCIATION.

Strange thing is that I can do a traceroute to facebook.com, even though is in my block-list.

Globo.com isn’t. Also attached to this post (the traceroute).

Another update: while I can do a tracert to facebook.com, Firefox can’t access the website. So it’s blocked in one way, and not by traceroute. Globo.com, which is not in any list, is blocked both ways. Only because it used facebook trackers in their website.

[attachment deleted by admin]

As I mentioned in my previous post.

1. You create a block rule for site A
2. You visit site B and site B has a link to site A
3. Site A is blocked both directly and via the link from site B. site B is not blocked.