New user needs help with logs

Hello all, i am new here and i recently installed Comodo. I have followed a few steps from these forums during my installation and it has helped alot. I am just stumped with this one problem. Every time i play Counter-Strike Source or Day of Defeat-Source i get these entries in the log. Can someone help me identify what they are from or should i just ignore them. I am using a router which was added to the network zone. The hl2.exe has a rule as follows listed in my App. Monitor.

allow
Tcp or UDP
Out
Any
Any
allow invisible connections

This is the entries from the log.

Date/Time :2007-08-26 23:14:47
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 64.37.104.149
Destination: 192.168.1.101
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 7

Date/Time :2007-08-26 23:14:47
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 8.12.16.81
Destination: 192.168.1.101
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 7

Date/Time :2007-08-26 23:14:47
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 8.9.4.166
Destination: 192.168.1.101
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 7

Please post your Network Control Rules

These rules were added automatically when i added a trusted network.

rule 0
ALLOW IP OUT from ip [any] to ip ZONE:Realtek NIC-192.168.1.0-192.168.1.255
Where IPPROTO is [any]

rule1
ALLOW IP IN from ip ZONE:Realtek NIC-192.168.1.0-192.168.1.255 to ip [any]
Where IPPROTO is [any]

rule2
ALLOW TCP or UDP OUT from ip [any] to ip [any] Where source port is [any] and destination port is [any]

rule3
Allow ICMP OUT from ip [any] to ip [any] Where icmp message is ECHO REQUEST

rule4
Allow ICMP IN from ip [any] to ip [any] Where icmp message is FRAGMENTATION NEEDED

rule5
Allow ICMP IN from ip [any] to ip [any] Where icmp message is TIME EXCEEDED

rule6
Allow IP OUT from ip [any] to ip [any] Where IPPROTO is GRE

rule7
Block and Log ip IN or OUT from ip [any] to ip [any] Where IPPROTO is ANY

I would not consider it uncommon to see these types of ICMP messages being blocked, especially when playing online games. The game will probably from time to time cause the other players to ping you as a “stay alive” thing for the connection; if not the game, the system itself will. By default, they are blocked.

If your gaming does not appear to suffer any degradation of performance, you can leave them blocked. You can also, if you like, change your network monitor rules to Allow those types of ICMP Inbound access; ICMP is not a known threat or attack vector, afaik.

LM

Thank you very much. The gameplay is not affected at all. To be honest but i may be crazy, i see better pings with Comodo then i did using ZA free. I like to sometimes look at my pings in game and i don’t remember them being that low on that particular server but i may be wrong. I also like the fact that Comodo’s resources don’t go crazy like ZA free’s VISMON.EXE whenever i played a game online.

If i wanted to add a rule to eliminate that block log how would i add it? Not that i will but do i take the info that’s in the log and create a rule on top of my others or what?

Okay, the entries you posted are all ICMP Port Unreachable. So in Network Monitor, you go to the very last rule, which is the Block & Log All rule. Right-click and select Add/Add Before. Build the rule this way:

Action: Block (don’t check the box to “create an alert if this rule is fired” - that would turn on logging
Protocol: ICMP
Direction: In
Source IP: Any
Destination IP: Any
ICMP Details: Port Unreachable

OK. Reboot (just to clear memory and set the new rules).

That will do it for that one. Any others that show up, you can tailor blocking rules the same way.

LM