Comodo Firewall failed blocking some IPs

Comodo Internet Security - CIS Firewall Help - CIS
1

Hi there,
41.233.121.234
195.216.177.91
121.10.85.89
80.82.70.236
I’ve already blocked them within the Comodo Firewall setting but failed, blocked by Malwarebytes then. Newly installed Comodo Firewall with latest updates.
Please advise.
Thank you!

2

Are we talking about outgoing traffic or incoming traffic?

3

Incoming. Attack from the mentioned IPs. Tks!

4

How did you determine Comodo Firewall failed?

5

That’s what I did:
Security Settings>Firewall>Network Zones>Blocked Zones>Add>New Block Address>Host Name>OK
However, after all these were done and the window closed by itself, Malwarewbytes still keeps alert blocking of the newly added IP attacked for 4-5 times, again after some 10 minutes (same IP); therefore I thought Comodo Firewall failed, or did I do some wrong settings to cause this? Thank you!

6

Hi there, can anyone respond to my question above please? Thank you!

7

5.231.72.186 was added to block list yesterday, today Malwarebytes alerted attack from it was blocked. Can any experts please tell me if this is because Comodo FW failed to block?
Thank you very much!

8

Use the IP addresses instead of the hostname for the blocked network zones settings and see if that works. I don’t think Comodo firewall failed to block anything it could be that the hostname you defined in blocked network zones does not matche the IP addresses you are seeing from Malwarebytes.

9

Thank you for your message! However, there are 7 selections within the Firewall Settings:

  1. Firewall Settings 2. Applications Rules 3. Global Rules 4. Rulesets 5. Network Zones 6. Potsets 7. Website Filtering
    Already checked all of them, none of these allows input of IP addresses except 5.Network Zones
    Please advise.
    Thanks again!
10

Yes in blocked network zones click new blocked address and in the dialog select for type IPv4 single address and enter the IP address you want to block, do this for each IP address.

11

Thank you so much Sir! Will do this!

12

Thanks for you advise and had a peaceful day, however, blocked 41.35.27.169 2 hours ago but Malwarebytes alerted several times again afterwards. Please advise.
Thank you!

13

Basically, you are asking how to block IP addresses. I’m not using Comodo Firewall, but I’m curious to see if it can be easily done.
Network zones doesn’t seem to me to be the place to add ip addresses. I would guess that domain names would go there. But, if it’s possible, the setting wants host names. Try these addresses:

host-41.35.27.169.tedata.net
host-41.233.121.234.tedata.net
89.85.10.121.broad.zj.gd.dynamic.163data.com.cn

I couldn’t find the names for the other addresses, so I’m guessing:

236.70.82.80.in-addr.arpa
186.72.231.5.in-addr.arpa
91.177.216.195.in-addr.arpa

14

Thank you for your reply. However, I’m not as good as you, can only Google the IP addresses to find the host names and in the end nothing. Even I did, seems there are no host names blocking settings in Comodo Firewall. 193.169.12.26 is another IP that Comodo failed to block, if I don’t have Malwarebytes, it may have already attacked successfully, the worst thing is they can even disable the auto protection of Malwarebytes from time to time! I understand there are no absolute Superman in the internet world but I found Comodo did most of the defend job nicely among other free firewalls. I’m using Norton Security, Comodo and Malwarebytes in the meantime, tried Outpost before but IPs blocking is not available. Very likely the recent attacks are caused by my anti-communist posts for more than 6 months and they will never stop. Please help so that I can keep my place in the free world.
Thank you very much!

15

Thanks for your kind words. I’m just an average user, like you, with a lot of experience. Your last message was very revealing. I’m getting a lot of feelings about you, and for you. There’s a lot that I want to say, but I’m going to try to stay on topic.

193.169.12.26 = silko-12-26.silko.lv

I got this info using a program called “win32whois”. Google the words “whois” or “ip address lookup”, and you will find many web sites that will give the same results.
Outpost can block IP addresses, but it needs a list of what to block.

Peerblock is a nice little IP address blocking program. You can download free spyware and ad tracker lists, and you’ll find more information about blocklists.

Finally, I’m not convinced that the addresses that Malwarebytes are blocking are malicious. It might just be reporting packets to closed ports.

16

Thanks for your kindness and some of us really need it! I’m from Hong Kong the invaded land.

See, you’re really better than me! I’m just a single PC DIY guy but know nothing about TCP/IP, anyway, will try and let you know. Wish Outpost and Peerblock will not crush Comodo. BTW, I reported those IPs to The Anti Hacker Alliance (AHA) but wondering if they can really do something.

A million thanks!

17

I should just let this thread end with your message, but you wrote something that troubles me. I know about Outpost problems with Comodo, but why are you have problems with Peerblock. If you just download the spyware and ads lists, you should have no problems. I use Peerblock with Comodo Anti-virus. If you are loading more lists, you can unblock addresses by right-clicking on them and select permanently allow.
So, what addresses are blocked that might give you problems? Looking at my firewall rules, cmdagent makes these connections:

ctldl.windowsupdate.com
cmc.comodo.com
cima.security.comodo.com
usfftp.security.comodo.com
224.0.0.252
cdn.download.comodo.com
download.comodo.com
fls.security.comodo.com

There are probably more, but for some reason I did not create a permanent rule. I’m allowing all, except for cmc.comodo.com. I have mixed feelings about 224.0.0.252. See, I’m not a TCP expect.

Regarding cmc.comodo.com -
I once posted messages here about this address. I obviously discovered something that I shouldn’t know. This address is now hiding on port 443 so that I can’t see what’s happening. This move only makes me more suspicious about that address. It’s time for me to install Fiddler, but first I want to finish my IP address blocking project.

I hope that this helps you solve your Peerblock problems. I can’t imagine cruising the internet without it. I am blocking 89% of addresses, and am still working to get this number to at least 95%.

18

Thank you so much again for your opinions! Seems all of them are getting along nicely! Perhaps I’m an overreacted Murphy’s Law believer especially regarding the alerts from Malwarebyte… Can’t get much fun with IP blocking games, just wish to make my PC a responsible “slave” for me without any interruption as far as possible, just like what those Reds are doing to Hong Kong, we have no difference, hahaha!
Good night!

19

224.0.0.252 is a Multicast Address, specifically Link-local Multicast Name Resolution (LLMNR) address. It resolves the hostnames of computers on the same local network, without necessitating a DNS Server on fore mentioned network. It can be safely allowed if your behind a router as the broadcast will not egress outside of the network.

20

I presume this is because I’m using BT all the time and this IP is one of those channels for uploading/downloading activities, am I correct? But how do I identify them, say any website? BTW I’m not using any routers.
Thanks a lot!