I had a problem with uTorrent not recieving incoming connections (yellow network status) so I searched about it on this forum and what it boiled down to was that I needed to open a port by making a Network Control Rule.
Before I activate the rule I want to ask if it’s safe.
Protocol: TCP/UDP In
Port: any (I use random port in uTorrent)
The reason I’m worried is that this basically allow EVERYTHING inbound, isn’t that almost the same as not having a Firewall at all? Is this rule safe?
So there’s no way to use Comodo Firewall together with uTorrent with the “Randomize port” feature enabled?
I’d rather not muck about with port configurations.
There’s an option called “Allow all activities for this application” that I have enabled for uTorrent.
One would think that allowing all activities for an application would, well, allow all activities for that application hehe but it does not. Maybe it’s a bug.
It works fine with Zonealarm, I’d rather not go back to it. I hope Comodo fixes the bug and allows all activities for an application that has the “Allow all activities for this application” option enabled cause I really like the Firewall (it’s not bloated like Zonealarm ;)).
There’s no way to use Randomize port without being annoyed by having to change your CFP rules everytime you load uTorrent or without having to open a wide range of ports (thereby defeating the purpose of a firewall to secure you in the first place)…
But without configuring it, you wouldn’t be enjoying the full benefit of a firewall and certain programs that require a listening port to be opened like uTorrent.
Thanks for the reply.
I just read in one of the links you provided, quoting a person in reply to opening all inbound traffic:
pandlouk: “A TCP/UDP rule allows traffic for TCP and UDP protocols but blocks the attacks because from the version 126.96.36.199 and later if a port is not being currently used by any program CPF stealths it. :)”
This is great! So it does actually work the way I want it. Opening all ports (like with my example rule in my first post) i perfectly safe. All ports that are not used by a program are blocked!
I actually tested disabling the entire Network Monitor and doing a ports scan via grc.com and I’m Stealth As I’m not using Network Monitor I’ll keep it dissabled. Problem solved
Yes you are. While you can still have a piece of a firewall left, Network Monitor is one of the cores of CFP. If you disable it, I’m sure (but not 100% certain) there are many beneficial options that also get disabled including the Advanced Attack Detection & Prevention module itself (in the CFP gui > Security > Advanced). Think of it as one of the double-layer defenses of CFP. Application Monitor is the other one.
Like Soya suggests, NetMon is the first barrier, it’s the packet filter. That rule basically turns it off.
Building rules for a firewall should follow the “default deny” policy: allow what you specifically need, and deny all else.
Ok, so the only downside is that I might or might not get Advanced Attack Detection & Prevention? (I checked it and it’s enabled in the gui even with Network Monitor disabled so I quess it’s still active).
The firewall blocks everything in by default even with Network Monitor disabled and only programs that I allow with the Application Monitor get either In or Out access to the net. As long as the apps that I allow are safe then I’m safe/firewalled, right?
Not exactly. By default there is an option enabled in Security > Advanced > Miscellaneous > Configure > Do not show any alerts for the applications certified by COMODO (I almost ran out of breath just from typing the longest-named option in the world). These applications (depending on their version as well because the database is currently outdated) will have auto-access to the internet, thereby essentially bypassing Application Monitor altogether.
My question is why would you want to disable Network Monitor? To minimize your resource consumption?
Why would I want to disable it?
Well… I have no need for it, I have no need to control exactly what protocol or port my programs are allowed to use. I’m content with either allowing a program to do it’s networking or completely disabling it. I also don’t want to start digging up port information for every program I use (that use the net) I quess I’m lazy comfortable like that hehe. (and for some programs I don’t know what the ports are and some use random ports).
I understand that many people are really into net security and want to control everything 100%, however I’m content with either Full or No net for my programs since I trust them and as the firewall blocks all other programs and all inbound traffic - then I’m safe, as long as the programs that I allow are OK. It’s a small risk but I feel I’m “safe enough” fully allowing net access for my trusted programs
When I tell my firewall to fully allow net access for my programs then I expect the firewall to do so. I shouldn’t need to tell it twice
So to sum it up: I see no need to specify ports for my programs and when I “Allow all” for a program then I expect it to be so.
I’m somewhat of a minimalist, I haven’t got many programs running on my computer. I don’t install wierd toolbars and such and when I find a new program that I think I might need I first test it in a virtual sandbox.
As for the “longest-named option in the world” (hehe) I have it disabled.
I have discovered that disabling Network Monitor indeed disables Advanced Attack Detection and prevention, as you (Soya) said, so I have enabled it but instead disable the Block-All rule. Now it works as I want it to (Inbound traffic + unknown programs are blocked, trusted programs are unblocked & all the advanced firewall features are active).
I hope this explains a bit how I think/feel (:NRD)
I do not pretend to be an expert and I don’t know HaiDozo harware configuration. So I don’t feel like to make him change his mind.
However I didn’t read he disabled allow all application cetified by comodo. So he could not be granted exactly the bahaviour he wanted.
Using random inboud ports means he actually has a dialup modem or a upnp aware router.
It won’t hurt to add this rule to network monitor anyway. BLOCK and LOG TCP or UDP IN FROM IP NOT IN RANGE Lan TO IP ANY WHERE SOURCE PORT IS [ANY] AND DESTINATION PORT IS IN [135,137,138,139,445]