Curious firewall events

marconan · December 7, 2010, 6:18am

HI,
Attached is a screen shot of my recent firewall events. I believe the source IP is Comodo’s. Can
someone please explain what this activity is?

Thank you for your help.

[attachment deleted by admin]

Citizen_K · December 10, 2010, 2:45pm

Nope. It a message from the web site telling that the port is unreachable. I don’t know the IP addresses of the cloud servers by heart but the logged addresses are in the range of the hosting provider Comodo uses for the cloud servers.

marconan · December 12, 2010, 8:23am

Thank you for your replies. I am using Comodo firewall (without the AV) with Defense+,
Cloud & Sandbox enabled. There were no Defense+, Cloud or Sandbox events logged
around that time, so why would I be getting a any messages from Comodo? I did read the
intro to 5.x Sandbox but could not find a clue.

Thanks again

brucine · December 12, 2010, 11:45am

ICMP is not able to carry malware by itself, but can be used for various packet attacks (ICMP Flood, DoS, Smurf, Ping of death…).

As far as i am aware of, newest CIS versions don’t intercept flood anymore, and these attacks are more likely to target institutionnal hosts (the last Wikileaks actuality is a good example).

But, as pointed out by EricJH, a Code 3 error for ICMP Type 3 merely reports that the destination unreachable packet has returned a port unreachable error, and has therefore only an informative value to the sender of the said message.
http://www.networksorcery.com/enp/protocol/icmp/msg3.htm
Moreover, and according to these same ICMP RFC, some of the ICMP protocols have to be allowed.

As usual, Valentinchen answers to everyone and everything without knowing a single word of what he is speaking about.

Valentinchen · December 12, 2010, 1:10pm

OFF TOPC

to brucine: Forums exist to help new members or anyone with their problems and to exchange opinions/information. Of course I don’t know everything, but I always try to help and I have helped many ( for instance by finding an alternative solution to lost Vendor list). Compared to others I reply and I am trying give a concrete answer (in this case the firewall blocks things that are related to the OS. Look at the attached pic. I answered therefore: it’s nothing to worry.).

Thanks for understanding, brucine

Regards,
Valentin

[attachment deleted by admin]

Citizen_K · December 12, 2010, 3:49pm

At marconan. Do you still see the reports in the logs? The screenshot does not show at what time these ICMP messages come in. At what frequency do they come in: as in per how many seconds do they come in?

marconan · December 13, 2010, 6:17am

To answer your question I have attached screenshot with date & time included. This is the only instance of these events in the two months that I have had Firewall v5. Do you have any idea why Comodo is the source of an incoming message?

[attachment deleted by admin]