Questions

Essah · July 17, 2007, 3:09pm

I downloaded the Comodo free firewall because I heard it was the best. My knowledge of Firewalls and internet security is practically non existant so I was wondering if someone could answer a few questions for me.

How do I know if a hacker slipped past the firewall?

Will using a mud client basically remove the protection provided by a firewall by adding a hole in the wall.?

I have life 17 high alerts. Had the firewall scan for know applications. Restarted my computer and when I returned online the alerts where gone. What happened to them?

Yes I am worried my computer may have been hacked but I am unsure as to how to verify this.

I would appreciate any help.

justin1278 · July 17, 2007, 3:27pm

Hello and welcome to the Comodo Forums,

Usually it will be reported in the logs as a high severity alert, you can click the alerts in the log and get more information to be sure.
Sorry, I don’t know what a mud client is
Those alerts were most likely caused by programs from when the firewall asked if you should allow or deny that programs operation.

It is unlikely you were hacked, and if somebody even attempted to hack you it looks like they failed. You can relax, Comodo is protecting you.

Justin

Essah · July 17, 2007, 3:55pm

Thanks Justin that is a relief. Then I guess I’ll go back to playing my favorite game.

Oh a mud client is just a program that allows you to connect to text based video games. Its real old school, fun fun as all get out… if you like things like role playing games. You just add the site you want to play on. And the port the want you to use to play their game and poof your on.

Well the good news its I increased my knowlege even password protected my guest account that I never used. Laugh Fear can be a good thing. Thanks again.

LuckyS · July 17, 2007, 6:10pm

Laymen answer:

Since the Firewall is a guard “between” your PC and the outside world you are protected. As soon as allow a program to connect to the internet it can do so, of course. Now there is a little risk involved that the target you are contacting tries to abuse a bug in that software to gain access to your computer. That’s where Anti-Virus software, updates and sub-features of your firewall kick in.
Usually a “normal” program contacting a target on the net isn’t that much of a problem.

Another league are programs allowed to communicate with the internet and “listening” for inbound traffic. Anything server related. That’s where those “dreaded” port-scans kick in. People scanning IP-ranges for open ports and then trying to use methods to infiltrate those targets if they find open ports.

Everybody who is not behind a router (and sometimes even those behind with a specific setup) will see those port-scans on a daily basis. But that doesnt mean somebody got in.

Essah · July 17, 2007, 8:29pm

I have no router. Just your firewall. I am definately being targeted by a port scanner. Is there more I can do to defend my computer against this attack. My IP address is expose and am thinking about getting a proxy. Will this do me any good once. The have an ip address to target?

LuckyS · July 17, 2007, 10:26pm

They will always have an IP to target you.
As soon as you are connected to the internet you get an IP by your Internet Service Provider.
It wouldn’t work otherwise.

Now, a proxy is a form of server you contact and tell him where to go for you, retrieve the informations and send them to you. A proxy can even work as a cache where it stores informations that wouldn’t need to be re-requested and could be send directly to you. The downside is, they can be outdated.
And this is mostly no problem for browsing but for gaming and VoIP… meh…

However, if you are interested in hiding your online activity: http://www.google.com/search?hl=en&q=TOR+network&btnG=Google+Search

Now, back to the port scans:
Even if you are configuring a proxy for your connection, you will still have an IP on the internet. Otherwise that proxy couldn’t communicate with you.
And those doing portscans don’t really have your IP, they a scanning a huge range of IPs and hope to find some open ports. If there are none they move on.

The only way to be more secure would be indeed a router because he could intercept that. However, you would also have another item to configure properly to fully use all your programs. It isn’t really hard but it’s one more step.

Now, are you safe? Test it: http://www.pcflank.com/

Essah · July 18, 2007, 4:18am

Thank you Luckys. I will check out the site too. You all are teaching me so much.

Essah · July 18, 2007, 6:46am

Where do I find information on my file submissions or the the file submissions of other to see if it is ok to unblock those files or put them into the always allow category.

gordon · July 18, 2007, 10:05am

1: Your computer will begin to do “strange” things .
f.ex : your browsing might be seriously slow ( because somebody else is using your bandwidth),
files might “disappear” into thin air, programs won’t start or don’t work properly, you get a notice
from your ISP saying that you are sending mass-spam (somebody installed a spam-bot) etc etc .
One thing is sure : IF a “hacker” gets past your firewall you WON"T see it in the logs. You might see
all the failed attempts but not the one that succeeds . Don’t worry to much, chances that a “hacker”
wastes time on a private computer with a firewall are slim . instead they will try to get you to infect
yourself by tricking you into installing something “evil” .

2: a “mud” is a “multi user dungeon” and NO, you are not opening up everything by using it, only
the port(s) that it needs . As long as there are no exploitable vulnerabilities in the mud-software
you should be quite safe.

3: Your high-severity alert-counter is reset every time you restart the firewall …

“Hiding” your IP entirely is not possible if you want to receive data, however you can
hide it to the sites you visit by using a proxy-server or one of the many web-proxies like
hidebehind.net .
Or you could check out secureIX, http://www.secureix.com/ , a VPN-service. There’s a free version
with 256kbit/s bandwidth, enough for browsing, retrieving e-mail or chatting … and you don’t need to install anything to use it .

Why do you think you have been hacked ? Is your computer behaving strange ?
besides the usual virus-scans and spyware-killers you could try to run hijackthis from
http://www.spywareinfo.com/~merijn/downloads.html and then let this site http://www.hijackthis.de/en analyse your log.

LuckyS · July 18, 2007, 2:53pm

The what? Ohhh, do you mean “Send this file to comodo for analysis”?
No, you can’t really check a list of those files and see if it is ok or not.
This would be done by the update feature from cfp.

How do you decide if it is OK to allow access?
Well, I think some files are easy, those you start yourself and want to use. Like your browser, eMail-client,…
Sometimes you get a pop-up but didnt start anything or you just aren’t sure.

Deny (without remembering) and see if anything stops working.
Google the file and check what it is.
Those two options combined with Anti-Virus and Anti-Spyware tools makes your PC quite safe.