Recently I seem to be getting so many log entries it drives me crazy. I’m not sure if this is dangerous or anything, but I want to know if there’s a way to stop this.
I tried reading a couple threads about people with the same problem, usually caused by uTorrent. I myself use uTorrent too, but I can’t say for sure that the logs started pooring in because of that.
I tried adding a couple rules (4 to be exact) in the network monitor that was suggested by someone on these boards, this to make uTorrent a bit faster and stop getting those logs.
Allow - ICMP in/out - ANY - - Where ICMP message is host unreachable
Allow - ICMP in/out - ANY - - Where ICMP message is port unreachable
Allow - ICMP in/out - ANY - - Where ICMP message is net unreachable
Allow - ICMP in/out - ANY - - Where ICMP message is echo request
Here’s my log file: (notice the time span of the entire log which is only a couple seconds and this goes on non stop)
In this instance your rules will not work for the specific ICMP message. The problem with the rules is that whilst they are bidirectional (in/out), the Destination is always . So, they are only appropriate for inbound rules. The ICMP message in question is outbound & has a source of , not the destination. So, for this message, at least, you will require an additional rule…
Allow - ICMP out - - Any Where ICMP message is port unreachable
That might be me :). As kail suggested, you should allow ICMP outgoing for port unreachable, especially for P2P apps. However, some of your rules might not be compatible if you combined them for the ICMP in/out ones (meaning in or out) because the Source and Destination IP(s) is reversed depending on the direction (in / out). To resolve that change to ANY and it might work - depending on your setup, that is.
For uTorrent I have never noticed any log entries for ICMP outgoing host and net unreachable, so they might not be needed.
Hehe you are right ofcourse. I didn’t think of that. I thought that if I add an in/out rule, it would apply to both but I forgot that the destination will always be my ip since I added it.
Another question rises; I added your rule and it works fine, however, what difference does it make if I either add your rule, or I change my second rule
Allow - ICMP in/out - ANY - - Where ICMP message is port unreachable
to
Allow - ICMP in/out - ANY - ANY - Where ICMP message is port unreachable
Thanks for the reply tho, it is fixed for now with your rule
The ANY shouldn’t be used if you have a network or multiple IP addresses. I only have one computer not connected to a LAN, for example, so I basically defined ANY as my IP (or I like to regard it as my computer itself - same meaning).
Ok, for ICMP message port unreachable rule let’s separate the rule into 2 and see what happens:
Protocol - Source - Destination
ICMP In - ANY - → This means that the source (meaning the internet or outside connections) can connect to your computer via ICMP if it’s about port unreachable.
Protocol - Source - Destination
ICMP Out - ANY - → This means that the source (meaning your IP or computer) can ONLY connect to the internet/outside with that specific IP address (which in this case you defined as your own IP). This won’t work! You have to change it to ANY if you decide to set your rule this way.
I always picture Source as the starting point and Destination as the ending point. Where does this connection come from and where does want to connect?
I changed the in the rules to ANY and everything seems to work fine now. I hope it stays this way because I’m a big fan of Comodo and can’t live without it
