Help with Comodo logs

Chester_Nut · December 31, 2006, 7:40am

Hi, I recently installed comodo firewall and am loving it, seems to be a fantastic program. I am however having a couple of problems.

Firstly, a few messages keep coming up in the activity log.

Date/Time :2006-12-31 18:33:31
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 125.236.146.123
Destination: 192.168.0.100
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 8

Date/Time :2006-12-31 18:32:26
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.100, Port = ms-rpc(135))
Protocol: TCP Incoming
Source: 155.143.102.151:2766
Destination: 192.168.0.100:ms-rpc(135)
TCP Flags: SYN
Reason: Network Control Rule ID = 8

Date/Time :2006-12-31 18:19:26
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.100, Port = MS-ds(445))
Protocol: TCP Incoming
Source: 155.143.146.56:3335
Destination: 192.168.0.100:MS-ds(445)
TCP Flags: SYN
Reason: Network Control Rule ID = 8

Date/Time :2006-12-31 18:16:16
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.100, Port = nbsess(139))
Protocol: TCP Incoming
Source: 155.143.194.62:3326
Destination: 192.168.0.100:nbsess(139)
TCP Flags: SYN
Reason: Network Control Rule ID = 8

Are these usual, unusual, catastrophic or benign?

Secondly, I am unable to get the patching system for World Of Warcraft to work. It is a P2P system, and i have allowed all the ports it requires.

I am running commodo firewall only, and connecting to the internet via a router, on which i have set the DMZ so that it does not filter traffic to my computer. I have also set up a ‘safe zone’ for my LAN (including router)

Thanks

AOwL · January 3, 2007, 12:31pm

I don’t know for sure, but you might need to forward some ports in network monitor for WOW. If your patching system is using P2P, you should probably do it.

Do you have an application rule for the WOW updater?

About your logs, these are normal Windows ports (135-139, 445)
Some people consider them a security risk. They are denied if you look at your log.

Have you checked your log when you try to use the updater, to see if something is getting blocked?

Little_Mac · January 3, 2007, 6:57pm

Hey, AOwl, don’t some of the p2p apps require that ICMP/Port Unreachable be allowed? If so, perhaps since WOW uses p2p, that could be part of it…?

LM

AOwL · January 3, 2007, 10:45pm

Maybe… hmmm…

My son installed WOW a few days ago, and he didn’t mention any problems with the patcher/updater…
I can call him tomorrow and ask. He has the swedish …113 beta CFP version installed.

Chester_Nut · January 4, 2007, 12:55am

Hey thanks guys, that was really helpful
Strangely enough the patching system is working fine today, which makes me look kinda silly, but then again at times i have tried to run it previously i have gotten a fair few log entries with

Access Denied, ICMP = Port Unreachable

This time i have none of them. Curious. Maybe something to do with checking ‘skip advanced security checks’ and ‘allow invisible connection attempts’ for the program in question. At any rate its working now, thanks again

Little_Mac · January 4, 2007, 1:00am

That may be. Whenever possible (sometimes it’s just not possible) I prefer not to skip those advanced checks (that’s the Application Behavior Analysis under Security/Advanced).

Let’s see what AOwl finds out from his son…

LM