how disable flood protection for a secure IP

Help for v2
1

Hi all,

I’m currently trying the personalfirewall. I have some problems that I already found in the forum but with no solution. Probably because the mistake was not identified.

In France we can’t watch TV with the freebox (which is a very sophisticated adsl modem with a lot of features) using VLC. But video streams are stopped by anti flood system !!!

The stream is coming with an artificial IP address (isn’t connect to internet) wich is the bridge to TV tuner to IP streams. I have put this address in trusted zone and allowed rules are correctly recorded in Network Control Rules. The application VLC is allowed too.

At connection the reports become :
Date/Time :2006-09-04 22:19:04
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Outgoing
Source: 192.168.2.4
Destination: 212.27.38.253
Protocol : UDP
Reason: Fragmented IP packets are not allowed
Date/Time :2006-09-04 22:19:04
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fake or Malformed UDP Packet)
Direction: UDP Outgoing Source: 192.168.2.4:1252
Destination: 212.27.38.253:1234
Reason: UDP packet length and the size on the wire(1508 bytes) do not match
Date/Time :2006-09-04 22:11:49
Severity :High
Reporter :Network Monitor
Description: DDOS Attack (UDP Flood)
Duration: 20 seconds

of packets: 141

of attackers: 1 Attacker(s): 212.27.38.253

The firewall has switched to EMERGENCY mode
Date/Time :2006-09-04 22:09:53
Severity :High
Reporter :Network Monitor
Description: DDOS Attack (UDP Flood)
Duration: 21 seconds

of packets: 142

of attackers: 2 Attacker(s): 212.27.38.253, 192.168.2.1

The firewall has switched to EMERGENCY mode
Date/Time :2006-09-04 22:08:13
Severity :High
Reporter :Network Monitor
Description: DDOS Attack (UDP Flood)
Duration: 23 seconds

of packets: 233

of attackers: 1 Attacker(s): 212.27.38.253

The firewall has switched to EMERGENCY mode
Date/Time :2006-09-04 22:05:58
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 212.27.38.253
Destination: 192.168.2.4
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 10
Date/Time :2006-09-04 22:05:53
Severity :High
Reporter :Network Monitor
Description: DDOS Attack (UDP Flood)
Duration: 21 seconds

of packets: 194

of attackers: 1 Attacker(s): 212.27.38.253

The firewall has switched to EMERGENCY mode

and so on…

Do you have a solution ? Thanks

2

The only solution to this problem is to increase the flood detection parameters. Otherwise, CPF does not have any ignore IP list for DOS attacks.

3

thanks for your reply

I’ve put 500 packets/second for a duration 200 seconds for UDP and the log don’t show flood attack any more.

But video stream still blocked somewhere :frowning:

Tonight I’ll try to understand why.

I’ll repost to say where I am…

4

There are some fragmented packets blocked. You may also need to disable some options at Security->Advanced->Advanced Attack Detection->Miscellaneous section.

egemen

5

Hello

I’m a new (french) user of comodo, and I have the same problem that SyntaxError with the freebox.
To resolve it, I need to increase the flood parameter to 1500 paquet/sec.
I think that would be a good idea to allow to disable the flood test on an ip in a future version of comodo (:WIN)