I have been using Comodo Firewall for a while now and have some suggestions/comments:
- Option to resolve hostnames in “Firewall Events” window. This way one can quickly tell where the connection is coming from. (ex. Source: JANE to Dest: BOB or ns1.abc.com to abc.dsl.xyz.net)
- A clear button in the Firewall Events dialog. (It is quite annoying to have to click More, then File, then Clear, then All just to clear the clutter off the log.
- Add option for “Gateway Address”, “Broadcast Address” in the Address Selection Dialogs (This way users do not have to manually define the fixed gateway address in various rules)
- Option to turn on logging for connections to non-existent ports. (Currently Comodo only logs events in which an application is attached to the particular port. If no application is attached, Comodo will not log the event despite that it has blocked an ICMP message from going out to the destination computer)
- Option to protect the “gateway’s” ARP table - In case of an ARP poisoning attack, usually the router/gateway is poisoned with a spoofed MAC address. An option to protect such tables would be appreciated. (Maybe have Comodo monitor incoming ARP replies, and if a remote computer sends an ARP reply with a spoofed MAC corresponding to any of Comodo’s protected IPs, send a ARP reply back to the router/main gateway with the corrected MAC so that the attacker will not capture confidential data that may be coming through the router - Tested with Cain)
That’s all I have got for now.
Hopefully someone will take a look at these.
Thanks! (:HUG)