CFP "Found New Hardware"

Hi
I am hoping you have an explanation for a weird phenomenon I am experiencing. When I activate the: “Firewall / Attack Detection Settings / Miscellaneous / Packet Checksum Verification”
the next time I boot the computer, it reports a “Found New Hardware” condition, which turns out to be a new network, with the address 169.254.140,1 and asks me to name the network. If I don’t comply, access to the Internet is cut off. I can regain access by disabling the verification and rebooting the computer.

I suspect that this is a VPN filtering device by Comodo, but I can’t find any information on it.
I’d be grateful for any info you could provide.

Hi czl - you should turn off automatic detection of new networks. Find it on Miscellaneous>Settings>General tab. Uncheck: Automatically detect new private networks. This is very useful for setting up your LAN when you first install CFP and if you set up a new network, it would save a lot of trouble, but occasionally it identifies spurious connections as networks (once in three months for me). Turn it off unless you are setting up a network.

I can do that, but it does not explain the reason why this occurs. It is definitely associated with the Comodo setting, as I can reproduce it at will. It aslo inserts itself between my regular “Network Place” and the Internet. If I disallow it, I lose communications with the net. That means that the new network filters all data between my computer and whatever connection I have made. Not a desirable condition if the exact purpose is not known. A side effect of allowing this network is that Netstat no longer reports a final destination address other than ports on my own computer. This is also not a good thing, as I can’t check the true destination. It is rather important to know that the data sent out goes to the right place no?

169.254.x.x is a self assigned fake network address from your computer that is handed out when you can connect but are unable to access a dhcp server. Couyld be part of how CFP3 does the checksum verification, but ??? if it doesn’t work anymore when you do it. If we can get some other verification we should turn this into a bug report.

Thanks for that info. Actually it does work if I rename the network and allow it, to the extent that will then permit communications with the outside. However, logging is still abscent. According to RFC 3330 this address is designated as a “Black Hole” the description is:

169.254.0.0/16 - This is the “link local” block. It is allocated for
communication between hosts on a single link. Hosts obtain these
addresses by auto-configuration, such as when a DHCP server may not
be found.

Ok, so it acts as a “Man In The Middle” as I suspected. I sure wish this feature was better documented by Comodo.

One of the undesirable side effects is that Netstat now indicates a Final destination as a port on my computer, and no longer provides a true value, in effect disabling it. Maybe it’s just me, but I don’t like this. Specially as the lack of logging is still an issue.

Now you know how to build a black hole with CFP3. But the icon/notification “limited connectivity” that usually appears for your NIC really means it. :wink:

OK; I tried it and got nothing. I am running Vista, but:

  1. No new network appeared
  2. IPconfig /all doesn’t see anything
  3. Netstat functions normally

So let’s see if anyone else has seen it. Another approach would be to use Wireshark to view the actual traffic at your NIC, since sometimes CFP3 logging is unreliable, Otherwise, you can fill out the bug form in that section and submit it, This is a higher traffic board, so I would enourage you to leave this thread here, at least for a while.

I have seen it in previous versions not in the last two in Vista just canceled the alert and connect alright.
Dennis

Sorry, it looks like I did not properly understand your situation. Would you describe your connections for us? That is - computer(s) on your local network - connection to the internet - router/etc and how connected - proxy or other intermediary software. I think that there must be something different in your configuration.

Thanks for your interest.
Mine is a very simple setup, a single computer, no network, proxy, or routers involved.
The OS is XP Pro SP2. The only area of possible conflict might be my use of Spyware Doctor
5.5 which appears to catch things that the firewall missed. The latter is not a criticism of the Comodo firewall, as I am well aware that we allow unwelcome guests unwittingly while surfing the net.

Do you connect to the internet via an ADSL modem (as opposed to a router)?

If so, this “new hardware” is most likely the local host connection between your PC and the modem. You will see similar connections appear if you connect a PDA via USB to a PC. In effect, you are creating a network between your PC and the device.

Hope this helps,
Ewen :slight_smile:

It looks to me like you need to configure the firewall to allow connections to your ISP’s DHCP server. I would add it to a My Network Zones entry including your PC (use its MAC if there is no assigned IP address - discover this by clicking: Start>Run>cmd>(at the DOS prompt, type: ipconfig /all). The results will show your IP address, if any, and the MAC.) You would need to include an address for your modem (MAC is sometimes on the serial number plate of the modem) in the Network Zone also. Then run the Stealth Ports Wizard and choose to trust the Network Zone you define above. For some other background, see:
http://homepage.ntlworld.com/robin.d.h.walker/cmtips/security.html#stealth
and click the “personal firewall configuration” link (this refers to a cable modem, but the ideas are similar for other modem types).

My guess is that the lack of a direct access to the ISP’s DHCP server results in the creation of a network for the purpose of using the modem for DHCP contacts.