Port Sets Problem

I am using ver. 3.9. I am also using the canned Comodo web browser rule for IE8. Within the canned web brower rule is a HTTP rule that only allows the canned HTTP port set for destination. This HTTP port set includes 80,443,and 8080. I have observed in my firewall log connects to port 9000 (AOL) and 1935 (Flash).

Now I am not concerned about those 9000 and 1935 connects since they are legit. What I am concerned about is Comodo is allowing connects to ports not included with it’s predefined allowed port set.

What gives?

I can confirm this behaviour, when doing the Adobe connectivity test i see the connection attempt made to port 1935 but i receive nothing from the firewall (Custom/Alert settings High). Also i have put a logging rule on Internet Explorer for everything and do not see any logging shown for port 1935, allthough it seems to log 53,80 and 443.

Can someone explain this behaviour, should we not get an alert at least, i remember in the past servers using port 81 needed that port added to the http port set, why is this RTMP seemingly allowed through?


[attachment deleted by admin]

Unfortunately, I don’t use Adobe or IE, so I’ve never seen this. Can we get some more details?

I wonder if this has something to do with IE8 running at least two versions of iexplore? MS explains as one ver. per tab.

Also you don’t have to use Adobe directly to use port 1935. Flash player is imbedded in everything that IE8 uses. If port 1935 is blocked, flash will default to TCP port 80 and many times bombard you with messges about port 1935 being blocked.

If anyone is interested this also seems to be the case with Firefox and Adobe flash when FX is set to web browser policy.
Go to http://kb2.adobe.com/cps/164/tn_16466.html and then “Start Tests”, while doing this look at the “Active connections” window in CIS. You will see a very brief connection done with destination port 1935 which is allowed and does not show up in any logs, or mine anyway (i have made the Allow and log IP out/any rule).

Im trying this on Widows 7, as DonZ is im ???

[attachment deleted by admin]

Curious. Can you get the movie to play on that site Matt? I can’t, at all, yet flash works just fine when using sites such as You tube. Interestingly, I used currports to capture the log of connection requests, but I still don’t see a connection to 1935. I’ll play with it some more later.

I don`t see any movie and i get Timeout/failed for all the test results. I just tried the test again(FX) and there was a request to Destination port 1935(Pic). All other flash vids work fine.

I`m wondering if it may show up in the active connections briefly but actually packets are droped. Might install wireshark again to have a better look.

[attachment deleted by admin]

I might have been using AOL when the connections to 1935 and 9000 appeared. I use AOL web mail via IE8 and when I close out the e-mail session, the AOL browser pops up. I sometimes use it to check for TV listings and the like. The give away is the port 9000 connection which is one of the server ports AOL uses.

I do know AOL does have a way of getting around a lot of firewalls. I have not seen these port connects since but I haven’t been using the AOL browser.