CFP LOG explain

Hi,
i need help to understand why i have a lot of this warning in my CFP LOG on network monitor ???.

Date/Time :2007-12-14 08:25:12
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 62.94.. (my ip)
Destination: 62.94.0.42
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

where 62.94.0.42 was recognized by CFP as DNS DHCP (alert allow/deny?)

Warm regards,
Paola

I have these in my logs too. They occur around every 2 minutes, first to my ISPs primary name server and then to the secondary. These outbound packets are obviously in response to a query generated by the ISP, but I haven’t, as yet, worked out what that query is.

The fact that the response is with the port unreachable ICMP (3) (3) type, as opposed to ICMP (3) (0) or (3) (1) indicates something like a service is not running. If it was something more serious, like the server down, you might expect to to see Network/Host Unreachable.

Personally I don’t think these are malicious, so I have simply created a rule to block and not log, at least for now. I’ll get wireshark out soon and see what’s going on in more detail.

Just out of interest, is your DNS Client Service running or disabled?

yes,Comodo’s Hero, I have “Client DNS” service (&DHCP) on! (automatic start)

Sometime I connect my PC to another PC with cross cable LAN to share my local webserver apache+mysql (XAMPP) and folders with friends.

So, is this service …the “problem”?

Now I have created some rule to “block” this warning without boring log.
…but i want to know if this “rule block” affects performance of download,ftp or “handshake” to browse web pages.

Do Someone make a “benckmark” to show me the diff. between “allow” or “block” this warnings?
How I can do it?

Regards,
Paola

From what I have seen, I don’t believe these packets are a problem. Create a rule to block without logging and they will go away.