Problem with many blocked intrusions coming from WOS

The picture is showing COMODO Firewall Events version 3.5.57173.439. In the picture you can see logs I’m getting everyday, since when I have installed COMODO product. It’s always been given by Windows Operating System. I don’t know what it is and how to fix it, but it’s really worrying. Where is that coming from? I look forward for an answer.

Respects, posciel.

[attachment deleted by admin]

Hello Posciel,

Welcome to the forums, it looks like you receive a lot of icmp type 3 code 1 “Host unreachable” messages.
This must be because of an application on you pc tries to connect to those hosts for some reason.

Are you running some sort of torrent/p2p/skype like application ?

a piece of the RFC:
[i] If, according to the information in the gateway’s routing tables,
the network specified in the internet destination field of a
datagram is unreachable, e.g., the distance to the network is
infinity, the gateway may send a destination unreachable message
to the internet source host of the datagram. In addition, in some
networks, the gateway may be able to determine if the internet
destination host is unreachable. Gateways in these networks may
send destination unreachable messages to the source host when the
destination host is unreachable.

  If, in the destination host, the IP module cannot deliver the
  datagram  because the indicated protocol module or process port is
  not active, the destination host may send a destination
  unreachable message to the source host.

  Another case is when a datagram must be fragmented to be forwarded
  by a gateway yet the Don't Fragment flag is on.  In this case the
  gateway must discard the datagram and may return a destination
  unreachable message.

  Codes 0, 1, 4, and 5 may be received from a gateway.  Codes 2 and
  3 may be received from a host.


You can find the whole article here: RFC 792 - Internet Control Message Protocol (RFC792)

I noticed it is because of uTorrent.exe running. Am I supposed to do anything? I’ve added it to define trusted apps.

You could make a global rule to allow this ICMP destination unreachable messages and place it before the rule where everything get’s blocked and logged, that way it will allow the packets in, but they won’t be logged.

Did you use the Stealth Wizard ?

Haven’t used it yet. What to do?

Let’s first have a look at your global rules, can you open the GUI go to Firewall, Advanced open the Network Security Policy, and click on the tab Global Rules, and tell us what’s there ?


[attachment deleted by admin]

You can safely allow the following:

ICMP IN from any to any ICMP Net unreachable
ICMP IN from any to any ICMP Host unreachable
ICMP IN from any to any ICMP Port unreachable

And place those just above the “Block” rule.
That should take away the logging and blocking of these “intrusions”.