Re: How To - Stop Logging Blocked Torrent Port When Client Is Closed

Should this fix work with V4? I tried it and it didn’t. This is VERY ANNOYING. >:(

https://forums.comodo.com/install-setup-configuration-help-cis/how-to-stop-logging-blocked-torrent-port-when-client-is-closed-t51399.0.html;msg366946#msg366946

Edit: Sorry I forgot to lock the How to, I have added the reference link.

Working flawless in CIS 4

Double check your rules?

Bad

If you have noticed, you are getting these blocks because the global rule in the firewall settings to block all incoming connections is preventing you from uploading to other users. That’s what the blocks are, CIS is blocking user’s attempts to get the file from you. This is preventing uTorrent from functioning properly. I deleted that global rule and now uTorrent works fine after asking you once if you want to allow it to connect. The firewall should not be blocking those connections in the first place. That same global rule was making my router, the Internet connection gateway in the XP all connections window, show up as disabled (if it showed at all, most of the time it wasn’t even there).

Personally I wouldn’t simply allow everything in as you seem to be advocating. It’s much safer to simply create a global rule that allows TCP/UDP IN to your chosen torrent port.

The reason there are inbound connection attempts after utorrent is closed id because of the way the p2p software works. If you stop your client the information is not instantaneously transmitted to the rest of the swarm, hence the continued connection attempts.

In the say way, allowing icmo destination unreachable host/port etc IN, will prevent a lot of icmp log entries that are generated for utorrent but show against the sudo service Windows Operating system.

By deleting that rule, you are not allowing everything in. You are simply reverting to the previous behavior of CIS where if an application tries to make an incoming connection, you are alerted and asked to allow or block. I allowed it for uTorrent and if any other program tries to connect , I will receive an alert again for that application. That is far simpler than making any rules manually, which is something I refuse to do because I shouldn’t have to. It also does not reduce your security in any way.

Silly me, I guess the devs just put the rule there for the fun of it :roll:

No. I believe they put it there in a misguided attempt to enhance the usability of CIS, when in actuality it has just the opposite effect. It not only breaks half of uTorrent, it also prevents a router from making connections with the machines connected to it and will show the router as being disabled in the all connections pane of XP. That’s if it it even shows it at all. It’s a rule that should be removed from the program.

I appreciate the response. Shouldn’t this problem be addressed by Comodo? I have to make obvious rules regarding well known applications that most of the free world uses? I don’t wanna allow everything in, I want to allow safe things in or be alerted and asked if I want them allowed in. Isn’t that the point? Utorrent works, the firewall log just fills up in a matter of minutes. If I do this “fix” that you’ve done, am I simply reverting back to V3 in a way?

Yes, that is pretty much what you are doing,reverting back to the behavior of v3

If that’s the case they should have just left it alone. 88)

No,
The Fix that this thread relates to, has nothing to do with the v3 or v4 Global block rules presence.

It is for people who have already set up uTorrent properly, are already connectible.
Whether or not the block rule exists, this fix assumes, you have made the right rules.

It is just a tweak to tame a logging issue, that does no harm, but bothers some.

And I disagree with, Dch48’s position.
It defies logical rule making.
Why should your PC/Firewall compare every packet of unsolicited incoming traffic to your,
entire Application rules list. Before it can decide whether to block.
Better and more logical/efficient to block the noise early, at the front gate so to speak.

People running server or listening apps, should find it easy enough to open a port.
From whatever products FAQ/Help/Forums.
If you want to do advanced stuff, file sharing/running a server, and the like.
It shouldn’t kill you to ask a question or read a guide, should it?

Bad

Are you saying I need to read a guide?

Your response got up while I was typing.

I was trying to clarify things and respond somewhat to Dch48.

If you are having problems it wouldn’t hurt to compare what you have to a guide.

My latest and simplest attempt is aimed right at CIS v4.
It is manually making 3 rules for uTorrent to work.
You may just be lacking the Rule under Now Get Connectible

https://forums.comodo.com/install-setup-configuration-help-cis/how-to-utorrent-in-cis-4-t52765.0.html;msg375030#msg375030

Bad

uTorrent works (last I checked at least) I’m just getting annoying “firewall has blocked ‘intrusion’ attempts by Widows Operating System” while dowloading through Utorrent. In a matter of minutes the log has literally thousands of these messages.

If uTorrent is running and is connectible incoming, during the times of these WOS blocks.

Then it is some other traffic.
And indeed could be just internet “noise”. If you have no router.

Start a thread in Firewall help.
See if it’s particular ports, protocols or IP’s that stand out in the logs.

Bad

It is blocking "Windows Operating System/Protocol-ICMP/Source IP-66.35.174.25/Source Port-Type(11)/Destination IP-209.168.159.38/Destination Port-Code(0)

XP SP3

I have been PM’d and have given this info to the guy trying to help me, so far I haven’t got a response. What other info should/could I give in this situation? I appreciate the help btw. :wink:

Exactly what I believe as well.
Now, I was assuming that what was being blocked were the incoming connections from other users attempting to get pieces of the file from you. That is what was being blocked for me until I deleted the block all incoming rule. All of the blocked items were directed at the port I use in uTorrent. They also continued being blocked for a short time after I shut uTorrent down. If there are other things being blocked, I would still say that it’s because of the global rule that in my opinion has no reason to exist.

Yes , you shouldn’t have to read any guides or make any kind of manual rules to use a security program. It should be set and forget if it ever aspires to be accepted by the general public. I also think it is far better for the program to block or allow on a per case basis rather than by default for everything. Especially if the default does so without any notice and gives no option to make exceptions.

ICMP 11 - 0 is Time exceeded for which there is a default Global rule, unless you have deleted this?

Yes , you shouldn't have to read any guides or make any kind of manual rules to use a security program.

That takes the biscuit and is probably the (removed by mod) statement I’ve ever heard LOL!

You seem to be quite conflicted.

You don’t have to, but when you download a torrent app or decide your going run a server “listening to incoming strangers” type app. Don’t you read the help file or FAQ, or follow some guide to use it.
Where generally they would mention that if you have a Firewall and or Router,
you may have to open/forward port XXXXX for this or that protocol.

It should be set and forget if it ever aspires to be accepted by the general public.
How does one aquire the comfortable knowledge to "set and forget", when according to first quote. ???
I also think it is far better for the program to block or allow on a per case basis rather than by default for everything.
So how is a brand newbie user decide what to allow or disallow, remember or not remember, safe or oh my, what have I done? hooked up to a broadband modem.
Especially if the default does so without any notice and gives no option to make exceptions.
Why freak out people with pop ups for "noise". The Firewall "out of the box" blocks all the unsolicited incoming traffic, without asking anything and does it IMO in the logical place in the rule lists. If you are an advanced user or just want to open a port, it should be up to you to read/learn how to punch holes in the defenses, rather than expect a true "new" user to build up rules to cover holes.

Bad