Firewall Logs Continuously

Happy 4th to all Comodo Members,

just went into the port wizard and changed all ports to stealth.

Prior to that I have not had one entry in the firewall log.
Now there is continuous logging (2 or 3 times per minute)

My question is: Is this normal? (won’t take long for hundreds of entries to show up)

I have a standalone desktop, Windows XP, Service Pack 3, DSL connection

I have the new version of CIS just released (3.10) as the only security software installed. Nothing else to conflict with CIS.

You folks helped me out so much with my last problem where the DSL connection would keep dropping
once I closed the browser. That Problem has been fixed, thanks to all the good advice. Wound up
installing Connection Keep Alive.

Also, if I wanted to go back to the default settings as they were installed by the software,
how would I do that?

thank you very much for any education on this firewall and stealthing or unstealting ports

Chuck

it looks like it is coming for your router

Is it normal for the modem to do this?

If not, how can it be changed? Is it due to the software that’s keeping the connection alive?
Can the stealthing of the ports be reset to install defaults?

This is what the stealthing of the ports changed the global rules to:

How can i keep the ports in stealth mode and not have any un-needed logging?

Thanks for any help,

Chuck

Most of it is IGMP traffic. You can safely allow this. Use the following tutorial from point 11 on to allow this traffic: https://forums.comodo.com/firewall_help/utorrent_comodo_firewall_guide-t32326.0.html;msg230413#msg230413 .

Thanks much EricJH,
I’ll check it out.

As always, I appreciate your help.

Chuck

Made 3 global rules as suggested.

Still a lot of logging going on. Are there any other changes that can be made!

Attached should be current screenshots of log and global rules.

Thanks for all the help. Hope the screen shots are readable for you.

Chuck

What IP address is the 192.168.0.1 for? Is that your local IP address or the local IP address of your router? Can you tell me a bit more about your network connection? Do you have ADSL or cable? Do you use a router?

Hi EricJH,

This is a standalone desktop, windows xp sp3

I’m not on any network (except for internet connection).

I have DSL connection from AT&T through a Speedstream dsl modem… model 4100
there is no router, just the modem… pretty basic setup.

192.168.0.1 is the modem address

76.223.246.196 is the IP address
76.223.255.254 is the IP Gateway

let me know if you need any more info.

Thanks again for the help

Chuck

Most of them are echo requests from local IP address 192.168.0.1.

Add the following Global Rule:
Action: Allow
Protocol: ICMP
Direction: In
Description: Allow echo request

Source Address: ANY
Destination address: Your MAC address or local IP address (only if it is a fixed address)
ICMP details: Echo request

Make sure it is above the basic block rule like the other rules.

There is other traffic coming on port 28748. Do you use a p2p program that uses this port?

Hi EricJH,

I’ll go ahead and setup that rule.

I had a p2p (360Share) on the system at one time but I uninstalled it due to security concerns.

Is there a way to find and remove any remnants that may be left?

I don’t want any p2p activity at all.

Thanks,

Chuck

Okay, I added the global rule but it still seems to be logging quite a bit.

See above post on P2P.

Thanks,
Chuck

Try adding a rule similar like the previous but fill in with ICMP details → custom → fill in type 8 and code 0.

Does that do the trick for you?

Hi EricJH,
I set up the global rule as in this screenshot.

It did not add the rule as I entered it. When I went in to Edit the rule to see if it was okay,
this is what the rule shows

The new logging is as follows:

Not sure what’s going on with the rule but it’s apparently not valid.

I put in the MAC Address as with the others… was this correct?

Thanks for all your help with this,

Chuck

To make sure you have entered the MAC address correctly check with ipconfig /all.

Go to Start → Run → cmd → enter → ipconfig /all (notice the space before .all) → now look up the MAC address for your network adapter.

Okay EricJH,

Here is what I found:

In Ipconfig, I get a different number than what shows up in the modem Config.

screenshot of Modem:

Screenshot of IPCONFIG:

Just for the sake of trying it, I changed the MAC address in the global rule I’m trying to set up to the
Physical address that shows up in ipconfig, which is different from the Modem MAC Address but is the only address which contains the same amount of numbers that the Modem MAC address has. Anyway, it made no difference, it does not accept it.

Confusing but Amusing, thanks for hangin’ in. I appreciate it.

Chuck

You need to fill in the MAC address of your network adapter as shown by the ipconfig command. The MAC address to fill in is: 00-40-CA-94-CF-50. I hope I read that MAC address properly.

Your photos are unclear; I need to zoom in on them to be able to properly read them. Next time please post higher resolution images. 32 bits instead of 24 bits.

EricJH,

Thanks for the information on ipconfig and using that physical address. That did the trick.

I was unaware of those stats, and under the assumption that what was showing up in the
modem config was the configuration involved.
The firewall log is much cleaner and just logging a few UDP and TCP events

I have no idea what all that is.

Just a quick question… is there any writeup or entries in this forum that I can look through that
would explain what is being blocked and why. As you can tell, I am new to this forum and to COMODO
Internet Security, but I am very impressed with your software and with your support.

Thanks so much.

Chuck

To learn more you can start with our FAQ’s: https://forums.comodo.com/faq_cis-b128.0/ . They only cover certain basic things. Other than that feel free to ask. (:NRD)