??? I’m a little confused here, i don’t know if this is important.
Since upgrading to Comodo firewall 4 i’ve noticed the little shield icon in the system tray continuously shows 4 red and 4 green chevrons, indicating (i think, i don’t understand much of this stuff) traffic being blocked. The Local Area Connection icon along side it has both its little monitors constantly lit up too, indicating (i think) incoming and outgoing traffic. This wasn’t happening before i upgraded to version 4 of the firewall.
Having a look at the firewall events i see ‘windows operating system’ has been blocked 3 times:
TCP source 192.168.1.254 port 1035 destination 192.168.1.64 port 2869
TCP source 192.168.1.254 port 1029 destination 192.168.1.64 port 2869
IGMP source 192.168.1.254 destination 188.8.131.52
Looking up 184.108.40.206 on google i find its something to do with my router (BT home hub 2.0) and multicast - whatever that is. (I’m using XP sp3 and Avast anti virus)
Looking in these forum pages i see that this sort of behaviour can be fixed by either changing the ‘stealth ports’ settings, which i have tried to no apparent effect, or switching off ‘stealth ports’ entirely, which i do not know how to do and do not like the sound of either.
Is this behaviour a problem and if so, what can i do about it?
The traffic is coming from one and the same IP address that is most likely the IP address of your router.
To make sure it is indeed of your router do the following. Go to Start → Run → cmd (type and push enter) → now you will get a black DOS type box → ipconfig (type and push enter) → now look up the IP address of the Default Gateway.
When the IP address of the gateway is 192.168.1.254 then proceed as follows.
Define a new Trusted Network Zone under Firewall → Advanced → Network Security Policy → My Network Zones. Give it the name Router for example and add the IP address 192.168.1.254 to it.
Next step is to use the Stealth Ports Wizard to make your router trusted. Go to Firewall → Common Tasks → Stealth Ports Wizard → choose “Define a new trusted network - stealth my ports to EVERYONE else” → Next → now select “I would like to define a new network” → choose Router from the Zone name drop down box → Finish.
That should do the trick for you.
Thanks for your reply Eric.
While i was waiting for a reply i had a look through the firewall settings and associated help files for some more information (i’ve a little time on my hands at the moment).
I decided to try going to the Network Security Policy section of the firewall and adding 3 new rules to the Application Rules tab:
allow and log ICMP in/out from IP 192.168.1.64 to IP 220.127.116.11 where message is any
allow and log TCP in/out from IP 192.168.1.254 to IP 18.104.22.168 where source port is 1035 and destination port is 2869
allow and log TCP in/out from IP 192.168.1.254 where source port is 1029 and destination port is 2869
That seems to have done the trick. Is it ok to leave things as they are or should i delete these new rules and use your solution?
Once again, thanks for your help.