Hello, I’ve recently switched to Comodo from my old firewall, due to positive comments from friends. However, it seems that with installing Comodo, a new problem has arisen.
I’m unable to watch IPTV streams.
I’m using the newest (188.8.131.52) version of Comodo, and I’m behind a D-Link router, connected to a shared 100 megabit university cable connection. I’m using Windows 2000 with the newest updates.
My problem in detail is the following; When I try to watch IPTV streams (with VLC Media Player) from my local IPTV service provider, I’m unable to receive the stream. The firewall logs it as an UDP Flood attack every now and then, despite the fact that I’ve allowed incoming UDP streams from the IPTV ip address. I’ve also naturally allowed the IGMP protocol that IPTV also uses.
As soon as I click on “Turn off” from the Network Monitor tab, I’m able to receive the UDP stream and IPTV works fine. However, I wouldn’t like to do this every time since I watch IPTV quite a lot (when it works) and it feels sort of insecure to turn the whole part of the firewall off just to watch TV.
I’ve also allowed VLC Media Player as a trusted application, and turning off the “Application Monitor” rules has no effect on my ability to receive IPTV UDP stream.
The funny thing is that even removing the “Block&log IP in/out any”, bottom rule from Network Monitor, has no effect. I have to turn the whole tab off before being able to receive the stream. I’d love to hear if anyone else has experienced the same problem, and if they’ve found a solution to it.
I’ve created specific rules in the network monitor tab for the following cases; added a trusted area for my network adapter, allowed IGMP traffic in and out with no exceptions (I doubt this is risky, if it is, please tell me :)), I’ve allowed UDP streams from my IPTV provider’s address, and I’ve even tried to allow ALL udp traffic in and out just to see if I’m able to watch IPTV after adding that rule - no luck. As I said, the only thing that helps me is turning off the whole tab (or naturally, allowing all traffic from the slider in the main configuration menu or by shutting down the program). Very strange.
And yes, the block rule is always at the bottom.
Would there be some way to tell the firewall to “ignore UDP flood kind of attacks”? I’ve tried upping the treshold for UDP flood to 2000 packets/second, but it didn’t help. I’m very frustrated with this problem, especially considering that the firewall is excellent in other aspects. Please help.
Just in case, I’ll post answers to the rest of the questions as well, although they seem irrelevant; I’m logging in as the administrator, I’m using F-secure anti virus, and I’m trying to access IPTV with 3 different applications (Firefox, Internet Explorer and VLC Media Player. VLC is also used as a plugin for IE/Firefox)
edit; Additional info on the problem: As far as I understand, watching IPTV stream opens connections for two seperate functions; 1) Content stream receiving (the actual video&audio from IPTV, UDP traffic) 2) Using IGMP protocol to join a channel, and update channel membership periodically (basically telling the server that you’re watching the stream.)
Now here’s the funny bit; if I try to watch let’s say channel 1 from my IPTV client, the first connection fails, but the second succeeds. I’m saying this because when I try to access channel 1, I can watch the stream from my other computer with no problems. This other computer doesn’t (yet) have Comodo firewall installed. Without trying to access the stream from this computer, I’m unable to watch the IPTV broadcast from my other computer, as I haven’t allowed IGMP traffic in its firewall. This leads me to the conclusion that Comodo is for some godforsaken reason blocking the UDP traffic from the specifically allowed address, UDP traffic which it seems to class as a DDoS flood attack.
pps. If I turn off the tab and check the “Connections” tab, I can see that I’ve allowed the right IP for incoming UDP traffic. It shows Internet Explorer using the IPTV stream and receiving the data stream, from the correct IP address, from which traffic should be allowed even when the network monitor tab is turned on.