Network Monitor modes

rejzor · June 17, 2006, 2:19pm

I think there should be 4 pre-made rules (presets if you want) for Network Monitor

OFF (Network Monitor disabled)
Stealth (Blocked all inbound ICMP Echo Requests)
Super Stealth (Block all inbound IP requests & allow only outbound IP requests, basically default settings which are enabled out of the box when you install CPF at the moment v2.1.1.1)
Custom (leaves user a full control over rules).

Example of normal Stealth mode.

http://img58.imageshack.us/img58/1053/trustealth7gt.png

Settings for Custom should be saved separately so they remain even if you switch to Stealth in between and then back to Custom.

These 4 options should be placed in dropdown menu under Network Monitor, so users can change it easily.

I’ve checked the machine and got a green status for stealthing (based on GRC.com).
So i think it’s ok. Plus it appears to work just fine with eMule (which doesn’t get HighID if i leave default Network Monitor settings aka Super Stealth).

Just a hint and i hope you’ll impliment this soon. If you need more info or what i meant about something specifically, feel free to ask Also feel free to comment this

Melih · June 17, 2006, 2:30pm

Welcome to the forum RejZoR

Thanks for the help you have given Comodo earlier.

What you are suggesting is good idea. Can you pls put that in the wish list ver 2 in this forum as developers are now working from that document.

thanks and welcome to our forum:-)

Melih

weldermyass · June 17, 2006, 3:27pm

Hi RejZoR, is this network rule really necessary? Its been some time ago that I tried sygate sos testing site ,but cpf passed icmp test and all the others with the 2 default rules.

rejzor · June 17, 2006, 3:51pm

Yes, Comodo Firewall indeed passes tests with default Network Monitor rules, but problem is that it’s way “too secure”. eMule for example simply fails to obtain HighID status (which is required for painless data transfers and clients communications). LowID is ■■■■ because it’s slow and produces loads of overhead. Using just ICMP Echo blocking keeps your PC hidden, though it allows other programs like eMule to function correctly.

pandlouk · June 17, 2006, 7:14pm

Could you please give an example of the rules you use for emule?I never had a problem like that.

Are you behind a router or switch? If yes, have you added the routers IP at the trusted zone?

rejzor · June 18, 2006, 12:35pm

No, i’m using direct connection based on PPPoE ADSL. Rules are fully open for eMule (all ports and all IP addresses are allowed, inbound also allows invisible connections).

Now if i left Network Monitor rules as they are, eMule failed to obtain HighID, but if i disabled Network Monitor it failed stealth tests on GRC.

Also please note that i have WinXP SP2 firewall disabled. Comodo firewall doesn’t disable it, so most of users are still running it, thus resulting in stealthed status even if you disable Network Monitor module.

system · June 18, 2006, 1:11pm

So the default in CPF is “Super Stealth (Block all inbound IP requests)” this makes you stealth, even if you have “act as server” permissions.

But I think with Stealth (Block all inbound ICMP Echo Requests) then any “act as server” permissions would allow inbound IP requests as they no longer have a rule to block them and so you wouldn’t be stealth.

rejzor · June 18, 2006, 1:24pm

No really. I’m not gonna go into details but GRC was always a good indicator of stealthing, so i still rely on it.

system · June 18, 2006, 1:29pm

The sygate scan site used to show many ports as Closed when GRC said they were all Stealth. I could only stealth Sygate and Kerio when there were no “act as server”. Its up to you but maybe try some other scan sites too.

pandlouk · June 18, 2006, 5:17pm

Please take a look at this post https://forums.comodo.com/index.php/topic,411.msg3561.html#msg3561

ps. After you move the rules up you are still having the same problem?