Not sure if i should allow Clearwire IP range or not?

Help for v3
#1

After I installed Comodo Firewall 3.0.13.268 on my Compaq Presario SR1703WM desktop computer, i have had over 500,000 attacks.

Thanks for any help and or support…

The only attack i am really worried about has the clearwire name in its server. Listed below is the blocked IP addresses:

OrgName: Clearwire, LLC
OrgID: CLEAR-26
Address: 5808 Lake Washington Blvd NE
Address: Suite 300
City: Kirkland
StateProv: WA
PostalCode: 98033
Country: US

NetRange: 74.60.0.0 - 74.61.255.255
CIDR: 74.60.0.0/15
NetName: CLEARWIRE-DNS-NET
NetHandle: NET-74-60-0-0-1
Parent: NET-74-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.CLEARWIRE-DNS.NET
NameServer: NS2.CLEARWIRE-DNS.NET
Comment:
RegDate: 2006-05-09
Updated: 2006-09-19

RTechHandle: DGR85-ARIN
RTechName: Grice, Dave
RTechPhone: +1-425-216-7600
RTechEmail: tech@clearwire.com

OrgAbuseHandle: ABUSE817-ARIN
OrgAbuseName: ABUSE
OrgAbusePhone: +1-866-316-7575
OrgAbuseEmail: abuse@clearwire.net

OrgTechHandle: BHA99-ARIN
OrgTechName: Hart, Bret
OrgTechPhone: +1-425-216-7600
OrgTechEmail: Tech@clearwire.com

ARIN WHOIS database, last updated 2007-11-27 19:10

Enter ? for additional hints on searching ARIN’s WHOIS database.

OrgName: Clearwire, LLC
OrgID: CLEAR-26
Address: 5808 Lake Washington Blvd NE
Address: Suite 300
City: Kirkland
StateProv: WA
PostalCode: 98033
Country: US

NetRange: 75.92.0.0 - 75.95.255.255
CIDR: 75.92.0.0/14
NetName: CLEARWIRE-DNS-NET
NetHandle: NET-75-92-0-0-1
Parent: NET-75-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.CLEARWIRE-DNS.NET
NameServer: NS2.CLEARWIRE-DNS.NET
Comment:
RegDate: 2006-09-19
Updated: 2007-01-31

RAbuseHandle: ABUSE817-ARIN
RAbuseName: ABUSE
RAbusePhone: +1-866-316-7575
RAbuseEmail: abuse@clearwire.net

RNOCHandle: NOC1730-ARIN
RNOCName: NOC
RNOCPhone: +1-866-316-7575
RNOCEmail: NOC@clearwire.com

RTechHandle: DGR85-ARIN
RTechName: Grice, Dave
RTechPhone: +1-425-216-7600
RTechEmail: tech@clearwire.com

OrgAbuseHandle: ABUSE817-ARIN
OrgAbuseName: ABUSE
OrgAbusePhone: +1-866-316-7575
OrgAbuseEmail: abuse@clearwire.net

OrgTechHandle: BHA99-ARIN
OrgTechName: Hart, Bret
OrgTechPhone: +1-425-216-7600
OrgTechEmail: Tech@clearwire.com

ARIN WHOIS database, last updated 2007-11-27 19:10

Enter ? for additional hints on searching ARIN’s WHOIS database.

OrgName: Clearwire, LLC
OrgID: CLEAR-26
Address: 5808 Lake Washington Blvd NE
Address: Suite 300
City: Kirkland
StateProv: WA
PostalCode: 98033
Country: US

NetRange: 74.60.0.0 - 74.61.255.255
CIDR: 74.60.0.0/15
NetName: CLEARWIRE-DNS-NET
NetHandle: NET-74-60-0-0-1
Parent: NET-74-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.CLEARWIRE-DNS.NET
NameServer: NS2.CLEARWIRE-DNS.NET
Comment:
RegDate: 2006-05-09
Updated: 2006-09-19

RTechHandle: DGR85-ARIN
RTechName: Grice, Dave
RTechPhone: +1-425-216-7600
RTechEmail: tech@clearwire.com

OrgAbuseHandle: ABUSE817-ARIN
OrgAbuseName: ABUSE
OrgAbusePhone: +1-866-316-7575
OrgAbuseEmail: abuse@clearwire.net

OrgTechHandle: BHA99-ARIN
OrgTechName: Hart, Bret
OrgTechPhone: +1-425-216-7600
OrgTechEmail: Tech@clearwire.com

ARIN WHOIS database, last updated 2007-11-27 19:10

Enter ? for additional hints on searching ARIN’s WHOIS database.

#2

Clearwire is a wireless ISP and as such is probably not the real source of the attacks. Assuming that they don’t provide your internet connection, one of their customers is likely infected with a Bot that is sending out these connection attempts. You can try sending them an email at the abuse[at]clearwire.com replacing the[at] with @. Describe the attacks and request that they trace and stop them. One final note, you should check that you don’t have an infection. The Storm Bot worm has a revenge defense for removal attempts. Installing CFP may have triggered that defense which is a DDOS - somewhat like what you are seeing.

#3

Yes, Cleawire is my ISP, but not sure if any of those IP addresses need to be in the allowed network ranges or where…

Thanks for any help and or support…

#4

The default rules will offer protection, but you may want to define a home or LAN zone and use the Stealth Ports Wizard to make your computer less visible. If you have a home network, you will have to define an IP range (or a IP/subnet mask). If you have a single computer, then you can use the MAC (Physical Address) or a Host Name. To get that info, click Start>Run> and type ipconfig /all at the DOS prompt. If you see ***'s where the IP Address entry should be, then note the Physical Address or Host Name. If you have an IP address, it will be something like 192.168.0.1 and a Subnet Mask of 255.255.255.0. For the example above, your IP address range for your LAN would be 192.168.0.0 to 192.168.0.255 (if your ipconfig results are different, use YOUR results, but the range should run from x.x.x.0 to x.x.x.255 for the subnet mask in the example).
With that info, click Firewall>Common Tasks>My Network Zones. On that dialog window, click Add and select A New Network Zone. On the dialog, give it a name like LAN or Home and click Apply. There will be a new entry on the parent page for your new zone with a line below it with (Add new addresses here). Select that line and click Add and choose A New Address. On the New Address dialog, enter your IP range into the “A range of IP addresses” option if you have a home LAN; If you have a single computer or no IP address from ipconfig, enter the Physical Address from ipconfig into the “A MAC address” option. You may want to add a couple of machine addresses, specifically 0.0.0.0 and 255.255.255.255. You would have to click Add and select “A single Address” and enter each of the above addresses separately. Make sure that the zone you are defining is selected before adding another address.
With the Zone defined, click Firewall>Common Tasks>Stealth Ports Wizard. On the dialog that appears, select the first option: “Define a new trusted network…” and then click Next. Then click “I would like to trust an existing ‘My Network Zone’” and click the drop-down beside the empty box below. Select the Zone that you defined above and then click Finish.
This will allow local machine traffic and if you apply the predefined policies for Browser and Email client to your browser and email app, then you have covered most problems. Note: if you have selected “Allow” for the pop-up that your browser or email client first prompted, you may want to change their rules. (you should choose “Treat this application as…” and select the predefined policy from the drop-down beside that is appropriate if you have not triggered it already). Click Firewall>Advanced>Network Security Policy. Locate the entry for the application on this page, select it and click Edit. If it is not already selected, choose “Use a Predefined Policy” and select “Web Browser” for Internet Explorer or Firefox or the like and “Email Client” for Outlook Express, Thunderbird and so on. Finally, be sure to click Apply on this screen and all parent screens that show an Apply button.

#5

ipconfig /all gave me and IP address, Subnet Mask, Default Gateway, Dhcp enabled: yes, Auto config: yes, DHCP server, 2 DNS servers , Physical address, host name, and that’s it.

Not sure if i should just enter the mac address (Physical address) by itself or use the IP Address Range (ip address to subnet mask address)?

Thanks for any help and or support…this is my first time setting up this stuff with a firewall…in fact, the last version of comodo detected all of this (this new version i think has not)…

#6

If you have an IP address range for your computer, use that to define the Home or LAN Zone using the My Network Zones. The other (MAC) is for people who don’t have a home LAN and connect a single computer to the internet. Then use that Zone to define the Trusted network in the Stealth Ports Wizard as described above. With ports stealthed, you should get less and less of that DDOS stuff with time.