Configuration of Shareaza - It´s correct???

Help for v2
#1

Hello friends:

I create a rule for shareaza of a forum:

  1. Open Comodo and click Security Application monitor.
  2. Now click on add. In the first textbox under Application / Parent Application put in the path to your shareaza.exe (The default is C:\Program Files\Shareaza\Shareaza.exe)
    select learn parent and allow all activities for this application. Also click Allow invisible connection attempts and skip advanced security checks, Click OK.

Next were going to add an port exception so shareaza can use this port.

  1. Now click network monitor and add.
  2. action = allowed. Protocol = TCP or UDP. Direction In/Out. Now click the Destination port tab, Select “A single port”, now enter the port you use for shareaza (the default is 6346). Click OK.
  3. You should now see a new rule has been created, now select this rule. Place it above the rule with the red X that reads “Block & Log”.

My question is:

  1. this configuration is secure?
  2. Before create a rule about a port 6346 allowing this, why “Block & Log” this rule?. I don´t understand, now block this port?

Sorry for my poor english. Bye. (:WIN)

#2

Hello:

With this configuration, I have connection but edonkey show lod id???

What´s the solution?

Chiao. (:SAD)

#3

Benvenuto alle tribune!

To answer your first two questions:
Firstly, yes your configuration is secure because only shareaza will be listening, accepting & processing requests on that port. When shareaza is not running the port is closed and will be in stealth mode.

Secondly, if i understand you correctly you mean the default block rule. This should always appear at the bottom of your network monitor rules. And what it does is stop unsolicited IP traffic which doesn’t have a rule. It basically blocks the traffic you haven’t explicity allowed.

With this configuration, I have connection but edonkey show lod id???

Could you explain that a bit more please? I’m not sure what you mean by “lod id”

#4

Hello:

If you have a low id (which means a slow connection to a server) then you cannot connect to other users on that server that have low ids, you may only connect to high ids on that server. So if you have broadband, keep trying to get on a good server with a high ID so you can connect to all users and get better results.

I have a router and open the port 6346, when I used Outpost firewall Pro, I did not have problems with the connection (had a HighId), but comodo firewall seems more robust, although it limits the connection to me. In other firewalls ones it was necessary to form shareaza as if he was a server, but here not another way.

If I put in network monitor allow in for all ports can enter any intruder, that I can do?

thanks to answer

#5

Hello:

This it is a piece of my log file:

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:61768
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:1439
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:34214
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:33967
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:6346
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:6346
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:25719
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:6346
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:6346
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:6346
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:6346
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:16064
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:6346
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:55375
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:6346
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:6346
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:6346
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:6346
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:6346
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:6346
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:19575
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:6346
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: UDP Incoming
Source: ...:6346
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:10
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ...**..., Port = 6346)
Protocol: UDP Incoming
Source: ...:30715
Destination: 192.168.1.5:6346
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:05
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 1026)
Protocol: UDP Incoming
Source: ...:30977
Destination: 192.168.1.5:1026
Reason: Network Control Rule ID = 6

Date/Time :2007-01-15 13:03:05
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = ..., Port = 6346)
Protocol: TCP Incoming
Source: ...:4021
Destination: 192.168.1.5:6346
TCP Flags: SYN
Reason: Network Control Rule ID = 6

Why it blocks the entrance to port 6346, when I have in network monitor with ID 0?

#6

Hi,

Could you post what network rule you have with ID 6

Thanks

#7

ID 6 Permision:Block & Log Protocol:IP In/Out Source: Any Destination: Any Criteria: Where IPProto is any [Option that brought by defect]

An exception for port 6346 could include in ID 6, but it would be always open (to my to understand).

#8

You said earlier that your allow rule for this is at id 0, so try chaning it to this:

Action: Allow
Protocol: TCP or UDP
Direction: In
Source IP: Any
Destination IP: Any
Source Port: Any
Destination Port: Single Port 6346

Also you will need to add shareaza as a trusted app in the application monitor - have you done that already?

#9

OK, friend. Now everything works perfectly. It was confusing Source Port with Destination Port. In Source Port:6346 and in Destination Port: All.

Thank you for everything. (:CLP)

#10

I have one doubts when firewall test:

With Shields Up → Port 6346 is Stealth (Test Passed)

With PC Flank → Port 6346 is Open.

(:SAD)

I have security in that port against intruders???

#11

:SMLR

Great,

When shareaza is not running the port will be stealthed. The port will only be open when something is listening or accepting requests on that port. So you can test this is the case, make sure shareaza is not running and then test again on PCFlank

#12

Hello again:

I have a new problem, I return to have “LowId”. Not if I said before, that it had to router with open port 6346. With DMZ enabled for IP 192.168.1.5 (IP to Access to router 192.168.1.1). And it leaves the following message to me in log the CPF:

Date/Time :2007-01-22 17:17:23
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = HOST UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: HOST UNREACHABLE
Reason: Network Control Rule ID = 6
Date/Time :2007-01-22 17:17:18
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6
Date/Time :2007-01-22 17:17:13
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6
Date/Time :2007-01-22 17:17:03
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6
Date/Time :2007-01-22 17:16:23
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6
Date/Time :2007-01-22 17:16:18
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:16:18
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:16:13
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:16:13
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:16:08
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:16:08
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:16:03
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:15:58
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:15:23
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:15:18
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:15:13
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:15:08
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6
Date/Time :2007-01-22 17:15:03
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:14:58
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:14:53
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:14:48
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:14:38
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = HOST UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: HOST UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:14:33
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = HOST UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: HOST UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:14:28
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = HOST UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: HOST UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:14:18
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = HOST UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: HOST UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:13:48
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:13:43
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:13:33
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:13:28
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:13:23
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 6
Date/Time :2007-01-22 17:12:08
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = HOST UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: HOST UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:11:58
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = HOST UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: HOST UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:11:58
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = HOST UNREACHABLE)
Protocol:ICMP Incoming
Source: ...
Destination: 192.168.1.5
Message: HOST UNREACHABLE
Reason: Network Control Rule ID = 6

Date/Time :2007-01-22 17:07:54
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: D:\WINDOWS\system32\svchost.exe
Parent: D:\WINDOWS\system32\services.exe
Protocol: UDP In
Destination: 192.168.1.5::dhcp(68)
Details: E:\Archivos de programa\Maxthon\Maxthon.exe has tried to use D:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2007-01-22 16:40:33
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (Maxthon.exe)
Application: E:\Archivos de programa\Maxthon\Maxthon.exe
Parent: D:\WINDOWS\explorer.exe
Protocol: TCP Out
Destination: ...::http(80)
Details: D:\WINDOWS\explorer.exe has tried to use E:\Archivos de programa\Maxthon\Maxthon.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2007-01-22 16:39:44
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: D:\WINDOWS\system32\svchost.exe
Parent: D:\WINDOWS\system32\services.exe
Protocol: TCP Out
Destination: ...:http(80)
Details: D:\Archivos de programa\Maxthon\Maxthon.exe has tried to use D:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2007-01-22 16:38:43
Severity :Low
Reporter :Network Monitor
Description: Information (Access Granted, IP = ..., Port = 6346)
Protocol: TCP Incoming
Source: ...:65043
Destination: 192.168.1.5:6346
TCP Flags: SYN
Reason: Network Control Rule ID = 0

Date/Time :2007-01-22 16:38:38
Severity :Low
Reporter :Network Monitor
Description: Information (Access Granted, IP = ..., Port = 6346)
Protocol: TCP Incoming
Source: ...:65043
Destination: 192.168.1.5:6346
TCP Flags: SYN
Reason: Network Control Rule ID = 0

Date/Time :2007-01-22 16:38:18
Severity :Low
Reporter :Network Monitor
Description: Information (Access Granted, IP = ..., Port = 6346)
Protocol: TCP Incoming
Source: ...:1303
Destination: 192.168.1.5:6346
TCP Flags: SYN
Reason: Network Control Rule ID = 0

Date/Time :2007-01-22 16:38:08
Severity :Low
Reporter :Network Monitor
Description: Information (Access Granted, IP = ..., Port = 6346)
Protocol: TCP Incoming
Source: ...:1303
Destination: 192.168.1.5:6346
TCP Flags: SYN
Reason: Network Control Rule ID = 0

Date/Time :2007-01-22 16:37:52
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: D:\WINDOWS\system32\svchost.exe
Parent: D:\WINDOWS\system32\services.exe
Protocol: UDP Out
Destination: 255.255.255.255::bootp(67)
Details: D:\WINDOWS\explorer.exe has tried to use D:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

Also I have Kaspersky antivirus, formed as it says in the forum to accept to firewall.

As I can improve my connection with shareaza??? :THNK

Thanks.

#13

Buona mattina, Seeking Security!

Well, it’s morning right now, anyway, where I am! Just having some coffee, and thought I’d jump in here at Rucia’s request, to try to help with your Low ID problem.

Two things:

  1. In Shareaza, is there a setting (probably where you set the port to use) to use/disable UPNP for Shareaza? If so, you will probably need to disable the use of UPNP. With torrent applications, this has a tendency (at least with Comodo Firewall) to cause a Low ID situation.

If there is no UPNP option, or if it’s already disabled, try the following:

  1. Create a new rule in the Network Monitor, to look like this:

Action: Allow
Protocol: ICMP
Direction: Out
Source IP: Any (or your computer’s IP address)
Destination IP: Any
IP Details: Host Unreachable

Click OK. I would recommend rebooting your computer at this point. That will clear out CPF’s memory of the previous rules, blocks, et cetera, and set this new network rule.

In some cases, you will also need a rule to allow ICMP In, with Host Unreachable, in order to get the High ID. But for now, just one thing at a time.

Hope that helps,

LM

#14

Hello:

I already had disabled UPNP in the router and also in shareaza.

I create 3 rules:

Allow ICMP out host unreachable
Allow ICMP in host unreachable
Allow ICMP in port unreachable

Without satisfactory results, I continue having “LowId”. The problem of “lowid” is that only I can be connected with that has “highid”. My log is:

Date/Time :2007-01-23 20:44:11
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = UNREACHABLE)
Protocol:ICMP Incoming
Source: 172.183.139.48 (whois -->OrgName: America Online)
Destination: 192.168.1.2
Message: UNREACHABLE
Reason: Network Control Rule ID = 9

Date/Time :2007-01-23 20:43:56
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = UNREACHABLE)
Protocol:ICMP Incoming
Source: 172.183.139.48 (whois -->OrgName: America Online)
Destination: 192.168.1.2
Message: UNREACHABLE
Reason: Network Control Rule ID = 9

I have a PeerGuardian filtering IP?s.

The rule ID 9 Permision:Block & Log Protocol:IP In/Out Source: Any Destination: Any Criteria: Where IPProto is any [Option that brought by defect]

Thanks to respond

#15

Is the America Online IP address always where it is from?

Does the America Online IP address have meaning for you? In other words, would you expect some incoming traffic from AOL?

Will you post a screenshot of your Network Monitor (full-screen) so that we can see what rules you have, and in what order? That will help. You can mask out IP addresses and any other personal info that you like (just leave enough of the IP address to show a match where needed).

Thanks,

LM

#16

You need to create application rules for these.
They can look like this.

Application : D:\WINDOWS\system32\svchost.exe
Parent : D:\WINDOWS\system32\services.exe

General
Action : allow
Protocol : UDP
Direction : Out

Destination IP : 255.255.255.255

Destination Port : 67

Miscellaneous

Application : D:\WINDOWS\system32\svchost.exe
Parent : D:\WINDOWS\system32\services.exe

General
Action : allow
Protocol : UDP
Direction : Out

Destination IP : Zone

Destination Port : 53,67,

Miscellaneous

Application : D:\WINDOWS\system32\svchost.exe
Parent : D:\WINDOWS\system32\services.exe

General
Action : allow
Protocol : UDP
Direction : In

Destination IP : Zone

Destination Port : 68,137,138

Miscellaneous

It also looks like you need to create some rules for Maxthon.

Reboot your PC.

(you can also try to put on UPnP in your router. NOT in Shareasa)

#17

Good afternoon:

It did not count on incoming traffic of AOL.

I show the images to you of Network Monitor and Application Monitor.

As you will see I have allowed to all the Inbound and Outbound for svchost.exe, reason why I think that it would not have to introduce new rules.

I am going to prove to activate UPNP.

Thanks for your advice.

[attachment deleted by admin]

#18

Hi:

My connection to Shareaza. :-\ :-\

[attachment deleted by admin]

#19

Your low id on edonkey is probably coming from the fact that it’s on a different port, which is not specifically allowed by your Network Rules in CPF… You have Shareaza set up on port 6346, but edonkey is on port 3306.

LM

#20

Hello:

I feel that there were lost the time with my problems.
The DMZ was not recorded, since if router is connected to the telephone line, it does not record the changes. Either it is solved, or I have HighID.

Thanks friends and excuse me for the annoyances.

(:SHY) :■■■■