Is there any way Comodo can be configured to reduce or eliminate “man in the middle” attacks using DNS IP Spoofing? FireFox will only run when “Skip advanced security checks” is checked. Even then there are numerous alerts triggered for “access denied”/ “suspicious behavior” Etc whenever DNS 53 or port 80 are connecting. Some clowns have been UDP port scanning me steady for the last month. Any recommendations for App/Network control rules (relating to DNS IP or Firefox) would be appreciated!
If you’ve been getting Port Scanned I’d call your ISP and tell them so they can assign you a new IP.
The Port Scanning has continued across two different IP’s, on the same machine, from the same ISP. There were a couple days of “normal” activity after the IP switch and then the same thing started happening with the second IP.
As long as you have the default Network Monitor rules (6 rules in all), and have not created any NetMon rules to Allow In, you should be secure. Note: The defaults allow some ICMP; that’s not a big deal.
I’m not sure why you have to Skip Advanced checks for FF to run; I’ve not had to. The other “suspicious behavior” entries will be related to Application Behavior Analysis alerts you should be seeing; we’d have to have more details to be able to give a better explanation.