Hi,
in just one PC I’m having an issue. In Firewall I enabled the ARP spoofing protection.
If I enable this seems Comodo find attack and limitate my connection that doesn’t work anymore: slow and with interruption.
As soon I disable this protection Internet return to work.
Is my connection infected?
What can I do to resolve this issue and keep the security option active?
The issue happen on a PC that use the WIFI, the issue is not present in another PC using Ethernet.
Hi peopleinside,
Thank you for reporting.
May i know your cis and win version ?
Thanks
C.O.M.O.D.O RT
Thanks for the answer.
Let me know if is my PC issue or an issue in CIS.
For now I need keep ARP spoofing disable and i don’t understand if I have an issue and a risk on my PC or is just CIS that with wifi create issues with this option enabled.
Hi peopleinside,
Thank you for providing the requested information.
We are checking on this.
Thanks
C.O.M.O.D.O RT
Hi peopleinside,
We have tested and found no difference in internet interruption/speed when the option “enabled the ARP spoofing protection” enabled and disabled.
Thanks
C.O.M.O.D.O RT
@peopleinside you may want to update to the latest beta version 12.3.0.8088 https://cdn.download.comodo.com/cis/download/installs/9010_beta/CIS_2024_beta.exe and see if that solves your problem.
Do you tested also in the WiFi?
If yes do you have any suggestion for resolve the issue I have?
I tried also to remove completely CIS and reinstall but same issue.
@infosec why use a beta version?
The stable should work. I don’t wanna remove the stable to install the Beta or at this time I was using the version 2024
@peopleinside the suggestion for trying the latest beta version was not meant for use on a production system (I should have added that).
All my PC that i have at the moment are production.
I can try maybe the Beta… I’m sad to be unable to fix the issue in the stable… and if the issue is the PC?
But the PC is clean i made a full scan no issues…
I have just this issue with the Comodo Firewall.
Hi peopleinside,
Yes we tested with wifi.
Are you using any other security software other than cis ? If so kindly disable the other software and check.
If not disable all the components in Cis one by one and restart the pc. Then turn on all components and check.
Thanks
C.O.M.O.D.O RT
Still the same issue 
also with the beta 2024.
The question is: why only one PC, same software that the other one… and why the operative system is locked. I tried to disable, reinstall, etc but nothing works.
Out of curiosity, are you using Comodo’s DNS one one system and not the other? You get the option which is ticked by default to change your DNS settings to Comodo servers on installation.
Go to Network & Internet in settings then Wifi and Hardware properties and see if it’s sent to Automatic for DNS or Comodo’s DNS IP Addresses.
I found that the issue is not present if I use LAN.
If I attach the LAN cable to the Notebook, I have no issue surfing with ARP protection.
As soon i remove the cable and use wifi the ARP spofing cause issues.
I tried also to disable this on the Notebook but on or off seems doesn’t make difference.
Wifi use comodo DNS now i set DNS to get automatically but connection still be slow in wifi with ARP spoofing protection active.
Now I attack to the same PC the lan cable
My WiFi notebook card details:
I hope this details help.
So one PC work because is with cable is a not mobile PC.
I have issue with Comodo on Notebook where I use wifi
@peopleinside Assuming you have a well-protected Wi-Fi network (using WPA3, not by hiding your SSID) and “clean” Wi-Fi laptop and wireless AP/router, you can check if the latter and the (wired) devices connected to it are flooding the network with ARP packets due to possible mis-configuration, see here: networking - Extremely high arp flooding from the router - Server Fault.
If still needed, you can check if your (wireless) network is under attack with Wireshark, see here: Detecting Network Attacks with Wireshark - InfosecMatter
Thanks for the advice. So, based on your message you think can be my Wi-Fi network issue?
So maybe an internal IP is ping my Notebook and CIS identify this as ARP spoofing but is normal that my Internet connection get cutted, stop to work because of this?
I suppose Comodo should block an attack not my Internet connection on that PC.
Also is strange that in the same network the issue is not present if Internet is taken by the LAN cable.
Hi @peopleinside I do not know if CIS anti-ARP spoofing feature, which is for preventing ARP cache poisoning, is (also) triggered by ARP packet flooding. Perhaps @C.O.M.O.D.O_RT can comment on this.
ARP flooding can certainly bog down the network, but normally that would not be limited to the wireless section of the network only, assuming they are on the same subnet as the LAN boxes. ARP packets are not routed, so they remain limited to devices on the same subnet.
Have you made sure your devices are “clean” and have you checked for possible network misconfiguration and/or inspected traffic with Wireshark as suggested above?
Umh I don’t understand much of network. Once downloaded the program ask to install other plugins so I stopped… Also I’m asking why only on WiFi this issue… the network is the same of the cable.
Do you tested also in the WiFi?
Hello everyone,
Big problem with the ARP function for me also with Comodo CIS.
It’s Amazon’s small air quality monitor that triggers it. (Amazon Smart Air Quality Monitor)
Comodo CIS does not intend to disable this security only for a particular IP address on the LAN or WAN network, so either I get lots of ARP alerts or I have to completely disable this feature.
Damage…
In my home network I have TWO PC.
One is desktop and one is Notebook.
The Internet network is just one, the home network.
If the PC is connected in LAN no issues.
If the PC is connected by the WiFi I need disable ARP on Comodo or Internet will not work correctly.
