Hello all, i am new here and i recently installed Comodo. I have followed a few steps from these forums during my installation and it has helped alot. I am just stumped with this one problem. Every time i play Counter-Strike Source or Day of Defeat-Source i get these entries in the log. Can someone help me identify what they are from or should i just ignore them. I am using a router which was added to the network zone. The hl2.exe has a rule as follows listed in my App. Monitor.
allow
Tcp or UDP
Out
Any
Any
allow invisible connections
This is the entries from the log.
Date/Time :2007-08-26 23:14:47
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 64.37.104.149
Destination: 192.168.1.101
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 7
Date/Time :2007-08-26 23:14:47
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 8.12.16.81
Destination: 192.168.1.101
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 7
Date/Time :2007-08-26 23:14:47
Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: 8.9.4.166
Destination: 192.168.1.101
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 7
I would not consider it uncommon to see these types of ICMP messages being blocked, especially when playing online games. The game will probably from time to time cause the other players to ping you as a “stay alive” thing for the connection; if not the game, the system itself will. By default, they are blocked.
If your gaming does not appear to suffer any degradation of performance, you can leave them blocked. You can also, if you like, change your network monitor rules to Allow those types of ICMP Inbound access; ICMP is not a known threat or attack vector, afaik.
Thank you very much. The gameplay is not affected at all. To be honest but i may be crazy, i see better pings with Comodo then i did using ZA free. I like to sometimes look at my pings in game and i don’t remember them being that low on that particular server but i may be wrong. I also like the fact that Comodo’s resources don’t go crazy like ZA free’s VISMON.EXE whenever i played a game online.
If i wanted to add a rule to eliminate that block log how would i add it? Not that i will but do i take the info that’s in the log and create a rule on top of my others or what?
Okay, the entries you posted are all ICMP Port Unreachable. So in Network Monitor, you go to the very last rule, which is the Block & Log All rule. Right-click and select Add/Add Before. Build the rule this way:
Action: Block (don’t check the box to “create an alert if this rule is fired” - that would turn on logging
Protocol: ICMP
Direction: In
Source IP: Any
Destination IP: Any
ICMP Details: Port Unreachable
OK. Reboot (just to clear memory and set the new rules).
That will do it for that one. Any others that show up, you can tailor blocking rules the same way.