cFosSpeed not working

user4 · September 29, 2006, 1:38pm

cFosSpeed is not working with CPF. In fact, CPF doesn’t even ask permission for the required files (I think it is spd.exe, perhaps more). While uploading at full speed other things (e-mail, browser,…) slow down a lot and that should not happen. That’s what cFosSpeed is for, to prevent that reduction in speed).
Based on the log CPF appears to be blocking everything cFosSpeed does (just guessing).

Just a few things I found in the log:
Inbound Policy Violation (Access denied, ICMP = UNREACHABLE)
Inbound Policy Violation (Access denied, ICMP = PORT UNREACHABLE)
Inbound Policy Violation (Access denied, ICMP = NET UNREACHABLE)
Outbound Policy Violation (Access denied, ICMP = PORT UNREACHABLE)

Could this be causing the problem?

kail · September 29, 2006, 1:49pm

In order that we can help, I think that you’ll need to post the CPF log entries in full & a copy of your Network Monitor rules. Also did you apply any rules against cFosSpeed in the Application Monitor?

user4 · September 29, 2006, 2:22pm

Default Network Monitor rules.
I didn’t add anything to the Application Monitor and CPF did not ask permission, so nothing was explicitely allowed or blocked by me.

I remembered I had the same problem with LooknStop firewall. My guess was probably right. It does have something to do with ICMP traffic being blocked.

So, a rule should be made to allow this kind of traffic, but I don’t no how to make it a strict one (or rather, how to make one at all). It would be much easier if CPF would just ask about this program…hint, hint, hint.

kail · September 29, 2006, 2:43pm

According to the URL you posted. It seems to require ICMP types 8 & 11 both with code 0. However, by default CPF already has these rules (type 8 code 0 is Echo Request & type 11 code 0 is Time Exceeded).

So, a rule should be made to allow this kind of traffic, but I don't no how to make it a strict one (or rather, how to make one at all). It would be much easier if CPF would just ask about this program...hint, hint, hint. :D

It should have (unless its an trusted app?). Is cFosSpeed listed in the Application Monitor? Can we see the full messages from the CPF log? I’ve not seen an Net Unreachable before. I’ve seen the Port Unreachable before (outbound), there are other topics on those & they’re not normally a concern (and probably not generated by cFosSpeed). But, without seeing your log it’s hard to tell.

kail · September 29, 2006, 2:47pm

On checking cFosSpeed’s web site. It seems that cFosSpeed can trigger a firewalls DoS detection & they recommend for several firewalls that DoS detection is turned off.

user4 · September 29, 2006, 2:59pm

Comodo Firewall Logs

Date Created: 16:45:42 29-09-2006

Log Scope: Today

Date/Time :2006-09-29 16:45:36
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 71.198.173.254:55068
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:45:36
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 59.104.91.7:10076
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:45:36
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 84.251.2.239:36862
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:45:31
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 142.237.99.27:26934
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:45:26
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 80.41.221.193:22437
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:45:21
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 85.75.155.174:60908
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:45:21
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 218.90.220.138:11377
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:45:16
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 61.230.177.139:21588
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:45:16
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 59.115.18.71:19999
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:45:11
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 24.208.23.11:62761
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:45:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 87.127.67.240:30357
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:56
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 125.24.143.54:11157
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:56
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = HOST UNREACHABLE)
Protocol:ICMP Incoming
Source: 202.145.152.182
Destination: 10.0.0.150
Message: HOST UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:56
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 201.150.65.132:15768
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:51
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 221.218.64.248:59415
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:51
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 84.58.223.142
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:46
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = UNREACHABLE)
Protocol:ICMP Incoming
Source: 84.191.46.150
Destination: 10.0.0.150
Message: UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:46
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 196.218.102.193
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:46
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 222.94.61.157
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:41
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 218.160.84.35
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:41
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 218.102.215.230
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:41
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 220.7.92.97
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:36
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 83.60.47.19
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:36
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = NET UNREACHABLE)
Protocol:ICMP Incoming
Source: 210.16.164.234
Destination: 10.0.0.150
Message: NET UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:36
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 24.167.89.46
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:31
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 218.4.215.77
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:31
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 219.79.191.90
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:31
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 220.130.221.247:21331
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:31
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = UNREACHABLE)
Protocol:ICMP Incoming
Source: 80.136.66.152
Destination: 10.0.0.150
Message: UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:31
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = UNREACHABLE)
Protocol:ICMP Incoming
Source: 84.164.225.100
Destination: 10.0.0.150
Message: UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:31
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 212.230.230.253
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:31
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 60.217.130.251
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:26
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 220.180.116.117
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:26
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 222.33.0.161
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:26
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = HOST UNREACHABLE)
Protocol:ICMP Incoming
Source: 86.125.90.208
Destination: 10.0.0.150
Message: HOST UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:21
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 218.208.251.172
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:21
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 200.126.95.136
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:21
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 38.112.120.18
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:16
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 61.62.52.91
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:16
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 221.197.162.74:8838
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:16
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 84.5.49.152
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:16
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 220.133.21.48:21588
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:11
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 219.137.56.235
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:11
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 193.136.29.2
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:11
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 83.148.110.110:56554
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:11
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 201.40.89.117
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:11
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 84.210.83.115
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:06
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 213.84.61.112
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:06
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 81.183.38.138
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:06
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 88.2.65.227
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:06
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 212.7.197.7
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:06
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 85.75.155.174
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:06
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 221.231.38.181
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:01
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 219.131.143.66:12371
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:01
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = HOST UNREACHABLE)
Protocol:ICMP Incoming
Source: 211.139.123.134
Destination: 10.0.0.150
Message: HOST UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:01
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 58.252.70.206:58685
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:01
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 218.5.41.125:14889
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:01
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 58.54.176.57
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:01
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 218.108.19.34
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:44:01
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 85.27.33.84
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:56
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 61.51.71.166
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:56
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 125.78.177.216
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:56
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 222.156.237.58
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:56
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = HOST UNREACHABLE)
Protocol:ICMP Incoming
Source: 85.204.33.198
Destination: 10.0.0.150
Message: HOST UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:56
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 201.248.248.208
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:51
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 221.222.216.250
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:51
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 221.193.192.244
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:51
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = HOST UNREACHABLE)
Protocol:ICMP Incoming
Source: 60.36.249.128
Destination: 10.0.0.150
Message: HOST UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:51
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 202.88.252.35
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:51
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 222.91.98.42
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:46
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 189.141.18.145
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:46
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 83.165.194.61
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:46
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 218.72.30.250
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:46
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = HOST UNREACHABLE)
Protocol:ICMP Incoming
Source: 221.1.132.194
Destination: 10.0.0.150
Message: HOST UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:41
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 60.50.201.23
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:41
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 219.74.245.236
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:36
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 213.195.202.66
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:36
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 83.28.45.51
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:36
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 70.245.108.6
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:36
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 75.6.241.14
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:31
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 221.210.246.197
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:31
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 60.52.25.79
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:26
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = HOST UNREACHABLE)
Protocol:ICMP Incoming
Source: 212.56.2.10
Destination: 10.0.0.150
Message: HOST UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:26
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 218.94.136.168
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:26
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 83.88.64.25
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:21
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 61.52.0.156
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:21
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 218.80.18.243
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:21
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 222.132.170.178:19337
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:21
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 211.143.101.51
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:21
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 220.229.49.104
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:21
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 219.152.69.22
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:16
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 212.247.249.175
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:16
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 221.208.6.253
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:16
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 221.45.108.4
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:43:11
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 221.45.108.4
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:42:31
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 201.248.248.208
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:42:26
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 61.51.71.166
Destination: 10.0.0.150
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:42:16
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 61.231.52.58:21995
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:42:01
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 195.66.143.12:63203
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:41:31
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 83.213.37.3:46231
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:41:21
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 83.94.174.93:ftp(21)
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:41:21
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 201.25.171.202:37782
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:41:16
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 83.94.174.93:ftp(21)
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:41:01
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 221.204.107.202:18660
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:40:51
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 84.170.136.120:63339
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:40:16
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 10.0.0.150
Destination: 10.0.0.138
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:40:11
Severity :High
Reporter :Network Monitor
Description: UDP Port Scan
Attacker: 10.0.0.138
Ports: 35076, 20740, 21252, 22020, 22532, 23300, 23812, 24324, 24836, 25348, 25860, 26372, 27140, 27396, 28420, 29188, 29700, 30724, 31236, 31748, 32516, 33796, 33540, 34052, 34564, 20422, 54520, 14724, 43138, 14724, 2178, 2560, 0, 0, 26624, 12944, 26754, 12944, 130, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
The attacker has been temporarily blocked

Date/Time :2006-09-29 16:40:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 81.24.20.87:18819
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:39:31
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 84.237.140.91:10404
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:39:16
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 151.57.235.158:47107
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:38:46
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 60.171.157.76:59733
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:38:46
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 222.91.105.119:1501
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

Date/Time :2006-09-29 16:38:46
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 10.0.0.150, Port = 58289)
Protocol: UDP Incoming
Source: 205.151.61.105:6881
Destination: 10.0.0.150:58289
Reason: Network Control Rule ID = 5

End of The Report

Ignore everything related to port 58289. It has to do with Utorrent and not cfosspeed.

There also is a “NET UNREACHABLE” in there somewhere, along with other ICMP related UNREACHABLES.

I don’t allow the CPF trusted apps automatically and I’m sure CPF did not ask about anything cfosspeed related.

kail · September 29, 2006, 3:41pm

Date/Time :2006-09-29 16:40:11 Severity :High Reporter :Network Monitor Description: UDP Port Scan Attacker: 10.0.0.138 Ports: 35076, 20740, 21252, 22020, 22532, 23300, 23812, 24324, 24836, 25348, 25860, 26372, 27140, 27396, 28420, 29188, 29700, 30724, 31236, 31748, 32516, 33796, 33540, 34052, 34564, 20422, 54520, 14724, 43138, 14724, 2178, 2560, 0, 0, 26624, 12944, 26754, 12944, 130, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 The attacker has been temporarily blocked

Game over. I’m guessing this is what cFosSpeed’s web site was talking about. CPF has decided that it didn’t like all those inbound UDPs & thought that it was some sort of UDP flood attack or UDP scan. So, cFosSpeed will probably not work for the next 5 minutes after this. Assuming, that cFosSpeed was responsible for this.

I guess that the Port/Net Unreachable’s are genuine & perhaps a response from other cFosSpeed’s users?

To create specific inbound rules for these, go to the Network Monitor & add a rule. When you change the Protocol to ICMP, then a tab will appear called ICMP details. The different types of ICMPs can be found under there (including Port/Net Unreachable). Then move your new rule(s) to above the last blocking rule (currently rule 5 on your set-up).

However, it is odd that cFosSpeed’s web site didn’t mention these. It is possible that they will not make any difference. But, you’ll need to do something about the detected UDP scans… otherwise you’ll keep loosing cFosSpeed. I guess you’’ either need to turn it off or increase the amount of UDP packets allowed per second (50 by default… which is a lot). The options to change the UDP flood sensitivity are under - Security tab, Advanced section - Advanced Attack Detection and Prevention button.

kail · September 29, 2006, 3:48pm

PS the IP of the UDP attacker looks a little odd (10.0.0.138).

user4 · September 29, 2006, 4:11pm

Thanks for your help.

That address looks familiar, from my LooknStop days. It has something to do with my system. Modem or network adapter, I think. :-\

I don’t know whether that attack has something to do with cfosspeed. It could be, I’ve seen it before.

All this is pretty awkward, while the sdituation seems to be pretty normal. A(t least one) component belonging to cfosspeed sends a signal (ping?) and wants to receive it. Why doesn’t CPF recognize that? Now I’ll have to mess around with things I don’t understand, possibly resulting in a (slightly) lower security level.

Anyway. thanks again. I’ll “play” with those UDP options for a while…

kail · September 29, 2006, 4:18pm

Well… cFosSpeed should be mentioned in CPFs Application Monitor. If it is, then CPF probably did mention it at some time or another. If it isn’t there… then perhaps cFosSpeed doesn’t directly connect to Net itself.

user4 · September 29, 2006, 5:00pm

Well, I found this in the German section of the cfosspeed forum:

“Wenn man eine Firewall im Einsatz haben, sollte man darauf achten, dass
den Anwendungen CFOSPEED.EXE und SPD.EXE Zugang auf das externe
Netzwerk gewährt wird.”

Meaning that in case a firewall is being used, CFOSPEED.EXE and SPD.EXE must have permission to access the external network. These files are not in the CPF application monitor. CPF never asks\asked permission. Only this morning I installed an updated version of cfosspeed and again nothing happened.

So, CPF is “overlooking” cfosspeed… ???
Hey, did I just find a bug?

kail · September 29, 2006, 5:13pm

A b… bu… undocumented feature?

I’ll need to defer that question to Egemen (which I just did ;D). If he doesn’t show… which he’ll probably will since you mentioned the B word… I’ll notify him.

kail · September 29, 2006, 5:17pm

Whilst you wait… why don’t you manually add CFOSPEED.EXE & SPD.EXE as trusted applications & see if that works.

Frankster · October 2, 2006, 8:55am

thats right: spd.exe needs to get added to the trusted application settings.

beside doing that, you must create an outbound and inbound rule for icmp-msg echo request and echo reply. as i mentioned in the ICMP-thread (https://forums.comodo.com/index.php/topic,2784.0.html), you can use the hostnames instead of ip’s, which is much better and more convenient.

user4 · October 2, 2006, 1:52pm

What’s this all about? This is supposed to be a very user friendly firewall. Why does it take the most complicated “tuning” of any firewall I’ve used in order to make cfosspeed work?
Awkward, to say the least. (And why does CPF not even ask about spd.exe??).

ubuntu · October 2, 2006, 2:19pm

According to the URL you posted. It seems to require ICMP types 8 & 11 both with code 0. However, by default CPF already has these rules (type 8 code 0 is Echo Request & type 11 code 0 is Time Exceeded).

cFosSpeed work well with CPF default rules
spd.exe only need ICMP ping out, so it dosen’t need add in application monitor and CPF not even ask about spd.exe.

ICMP rules for spd.exe

Allow Outgoing ICMP(8) : Ping other (Echo Request)  
Allow Incoming ICMP(0) : Ping other (Echo Reply)  
Allow Incoming ICMP(11) Time Exceeded

kail · October 2, 2006, 2:47pm

I don’t know. It’s possible that SPD.EXE is already a trusted application. But, that doesn’t really explain why it initially didn’t work.

I’ll PM Egemen to bring this topic to his attention.

kail · October 2, 2006, 2:54pm

Ah… there you go. Thanks ubuntu.

user4 · October 2, 2006, 3:46pm

ubuntu post:16:

cFosSpeed work well with CPF default rules
spd.exe only need ICMP ping out, so it dosen’t need add in application monitor and CPF not even ask about spd.exe.

ICMP rules for spd.exe
Allow Outgoing ICMP(8) : Ping other (Echo Request)  
Allow Incoming ICMP(0) : Ping other (Echo Reply)  
Allow Incoming ICMP(11) Time Exceeded

What do you mean? It works by default? It certainly doesn’t work here. Or something else (CPF) is slowing things down.

egemen · October 3, 2006, 7:00am

Because it is not CPD.exe who is connecting to the internet with TCP or UDP protocol. Its own driver shapes the traffic.

CPF does not ask per application based ICMP as ICMP is not a layer 4 protocol i.e it is not application based.