Hello,
I am currently testing comodo v3.
To be sure everything is logged, I created only 2 rules :
application for for all applications, everything is allowed and logged
global rule, any any accept log
On my lan, I am using a fw-free PC, and I am pinging the comodo-firewalled PC.
When I checked logs, I can see only echo request log.
I would like to see the echo reply log !
May I miss something ?
Hello,
May I ask if it’s possible to have the echo request and echo reply both in the logs ?
Did anybody manage to have this kind of log ?
Thanks for your answer.
If ICMP echo requests are blocked no ICMP echo reply will be sent.
To block pings you have to block
Inbound ICMP ECHO Requests (you won’t see ECHO Replies)
Or
Outbound ICMP ECHO Replies ( ECHO Requests should be explicitely allowed but you can Log them)
Thanks for your answer.
ICMP is authorized.
To be sure everything is logged, I created only 2 rules :
application for for all applications, everything is allowed and logged
global rule, any any accept log
IN fact, the ping is working.
But the thing is I cannot manage to see icmp echo-reply in the logd, only icmp echo-request packet.
Is that an
or
2. Allow & Log IP Out From IP Any To IP Any Where Protocol Is Any
or
3. Allow & Log IP In/Out From IP Any To IP Any Where Protocol Is Any
Did you try to add
Allow & Log ICMP Out From IP Any To IP Any Where ICMP Message Is ECHO Reply
on top of all your global rules?
First I used
allow and log ip from IP any to IP any where proto is any
Then I tried with 2 rules, one for in and one for out, same result.
Please note that I can log icmp echo-request, the problem is just with echo-reply.
I wonder if comodo could not consider some kind of SPI regarding icmp, so they log only in session (the echo-request) and consider echo-reply as an answer.
Or maybe it is a bug.
That’s why I would like to know if somebody is able to log echo request and echo reply.
Thanks.
I made few tests and I could not log it either.
I tested this with a new beta v 3.5.50676.393 (BETA1)
A new Beta was just released if you wish I can submit a bugreport in the beta bugreporting topic or you can join the betatesting too. :-TU
If you don’t wish to install the AV component of CIS you’ll have a CFP installation.
EDIT: Tested with v 3.5.51259 (BETA2) It looks like it doesn’t Log nor Block ICMP echo replies.
Thanks for your answer.
I appreciate your proposal about submitting yourself the bug, as I don’t belong to the beta testing pool.
I have noticed that CIS beta1 has the same log as the CPF version I installed.
And I’m a bit afraid beta2, not only doen not log icmp echo reply, but doen not BLOCK echo reply either !
So it is worst using beta2 than beta1 (just regarding echo reply messages) !
Does echo reply need a specific process ? Quite weird…
I posted about Log and block in https://forums.comodo.com/beta_corner_cis/comodo_internet_security_beta2_bug_reports-t27344.0.html;msg199845#msg199845
Nobody confirmed yet the inability to block echo replies so maybe it only affect my setup.
I don’t know either if the echo replies generated in response to Extranet (outside LAN) Echo request will be handled differently.
I only tested those ICMP on the LAN. My router don’t pass those requests from the internet and can block or allow them automatically.