For Current Connections Window Resolve IP And Have Link To WHOIS [M1128]

1. What actually happened or you saw:
Currently View Connections shows the program, destination IP, and bandwidth currently used.

2. What you wanted to happen or see:
I would like for the destination address to be resolved and tested for safety. For example, the destination IP could be compared with addresses that are frequently used by malware and then highlighted in a matching color green for safe yellow for unknown red for potentially malicious.
Also it should show some more information about the destination address. For example, clicking on it could have an option to resolve the IP and open a page with the WHOIS.

3. Why you think it is desirable:
This way the user has more of a chance of seeing when software makes suspicious connections and can manually inspect the program in question.

4. Any other information:
If possible these IP addresses should also be compared to a blacklist, and that information passed on to the user.

Thank you for submitting this Wish Request. I have edited the first post, and the title. Please let me know if everything seems correct to you.

yes it is correct.

Thank you. I just added a poll as well. Please look it over and let me know if everything is correct.

Thanks.

thank you,
it is correct so far, but i want to add that one part of the idea is clearly to check if the ip the computer connects to is blacklisted as connected to malware or viruses if this is technical possible…

I’m not entirely sure, but wouldn’t the Webfilter already be blocking access to dangerous IP addresses? My understanding was that it worked regardless of whether the connection was through a browser or not, but I’m not 100% sure.
Does anyone know for sure about this?

Thanks.

Andreww, I am still looking into whether the Webfilter already filters connections for all applications. If I do find that it does already do this than would you agree that the rest of the Wish Request is ready to be forwarded? I’m just asking because I would like to avoid any unnecessary delays.

Thank you.

Hello,

What will happen is that the Alert will disappear and there will be a browser timeout.

So a link to WHOIS does not really help people to use it in the Alert, but could only confuse novices.

I have placed a request as follows:

https://forums.comodo.com/wishlist-cis/ip-connection-browser-to-control-inboundoutbound-connections-and-manage-later-t105567.0.html

Chrion had currently modified my request. So until he brings it back, you may not be able to see it temporarily.

In my request, things work in a total different manner. Thats one of the best solution in this matter, if one wants to make such detections proactive.

Beyond resolving an outbount connection to an IP and display FQDN, there is not much that can be done. Here, the issue would be to capture multiple outbound connections and resolve their FQDN as well.

Thereafter, the Whois and all other associated work could only be done locally, and not through the Alert, to work with the database of IP/domains.

So, although this request is very small part of my request, it addresses the issue from a different level to the extent that the issue is wrongly solved, although it is fundamentally correct.

Hello,

When I read the topic, I reacted neutral. So I placed my message above.

Now when I read this topic, I see even more things that does not relate to CIS.

CIS is not a malware detection program.

When I used AVG or Kaspersky, there was an Add-on which provided the feature you describe. They call it as Webshield.

Then, that Add-on will check the webpage for any malicious code in it and alert, if any.

Your request relates to a general IP detection that goes beyond the webpage.

Fior this, there are certain IP blocking lists available, for example PeerBlock. They provide free download (the program is a free shareware) once in 7 days.

I doubt if Comodo will enhance their firewall to include such IP lists for blocking. These IPs to be blocked changes regularly. Thus, there is a market where you pay a subscription fee, like www.iblocklist.com, to obtain such lists.

Only then such IP addresses are checked with malicious ones and connections are blocked.

I use PeerBlock with the above mentioned subscription service on the top of the Comodo Firewall 7. I doubt if the company wants to have exactly that feature of PeerBlock included, although I would love it.

But then who shall maintain it on a daily basis, like iblocklist.com, and other such subscription services do?

HI Chrion,

The requester makes a different proposal, which you did not understand. The request includes detection techniques that may include something like Webfilter, but goes beyond.

I say this, because this idea is a part of my request. Further, my request goes beyond the request of the above requester. However, the requester made some mistakes in his understanding of handling an issue and to propose a functional solution.

As the term “Webfilter” says, it relates to any “Web activity”, which also logically applies to outbound connections.

The requester implies an “IP-Filter” that includes a “Webfilter”. Thats the difference.

I have proposed an “IP-Filter” in my request.

A “Webfilter” does, in a usual course of understanding, checks a webpage for malicious sceripting codes that may portentially harm a computer through heuristic technology.

If one wants to address an issue of detecting malicious ip addresses that may harm an users computer, then the question is with what technology should an IP be measured for a qualification of it being harmful, html, etc. and which protocol.

For http/https, a “Webfilter” will equal to an “IP-Filter”. For a dialer or a key logger installed on a users computer, there is no “Webfilter” check requered because the protocol is different.

Thus, one could only work with a predetermined facts of an ip address, when a connection to a remote site is “attempted to be made”.

Here, a subscription service to obtain a block lists play an important role in such detection, which is the only solution to the answer.

While PeerBlock and iBlocklist, as well as many others, offer such service, there is anathor such program called Spybot, which will do exactly the same.

Andreww, I have made a small edit to the first post. Does everything now look correct? If it does I will forward this to the Waiting Area for voting.

Thanks.

PM reminder sent.

everything looks correct

Thank you for submitting this Wish Request. I have now moved this to the WAITING AREA.

Please be sure to vote for your own wish, and for any other wishes you also support. It is also worthwhile to vote against wishes you think would be a waste of resources, as implementing those may slow down the wishes you would really like to see added.

Thanks again.

Just to check shouldn’t this get merged into Comodo Forum as its an alternate implementation workaround and is sort of already posted as a post message https://forums.comodo.com/verified-wish-reports-cis/add-reverse-dns-lookup-for-firewall-alerts-m948-t102663.0.html;msg762358#msg762358

I understand your reasoning. However, I think it’s probably best that they stay separate. The other wish was specific to the Firewall popups, and that is how it was forwarded to the devs. This wish is for the Current Connections Window.

I do agree that if it is implemented for one it should be very easy to be implemented for the other, but as it is possible for it to be implemented for one, and not for the other, I think it’s best to keep them separate.

Thanks.

I would like to thank everyone who has voted on this particular enhancement. As this wish has accumulated the necessary 15 points I have added this to the tracker for consideration by the devs. However, do note that even though this wish will be considered by the devs, it does not necessarily mean that it will be implemented. I will update this topic when I have any additional information.

Thank you.