I have no Incoming rule in Network monitor for the TCP/UDP protocol, but wondering how can Messenger and Internet Explorer recieve TCP/UDP packets ? I’m new in comodo, and would like to understand all things in it, how they work.
Update: I see the conection type is actualy outgoing, but recieving packets. I supose I am sender, but recieving reply packets ? I supose it is same with MSN messenger …
Incoming rules are mostly blocked by default. Whereas outbound rules are allowed. This is because outbound traffic are initiated by you, your computer or a process you have allowed and are considered benign (safe) traffic. The return traffic will also be allowed and are thus considered to be stateful.
In short, your browser initiates the outbound connection and the firewall allows this. The firewall then expects data in return and will also allow this. This is still considered to be an outbound connection since it is you who are the source (the initiator). Had it been the other way around, it would be considered inbound traffic and the firewall would have dropped the connection.
Look at it from a “point of origin” perspective and it should become a bit more apparent
Thank you very much. It’s the same as with routers I guess.
I take it you’re referring to a router with accesslists? They may look and feel like firewalls, but they are still routers. A routers primary function is to route packets. You can add more functionality to it ofcourse, but it will make an impact on the overall performance. The more additional functions a router does, the less capable it is to route packet efficiently. But this can be compensated with better hardware components
The only similarity is the direction control and permit/deny access. After that the primary role differs.
Hope this cleared things up a bit.
I’m talking about the routers with firewalls - by firewall I don’t mean NAT, but other security features. You can set rules for the incoming traffic specifying internal IP and port. Natively, the big difference is, that incoming conections are blocked by NAT, but with software firewall (comodo) it is blocked by a rule.
I think you mean home-routers (LinkSys, D-Link etc.), right?
These firewalls are pretty basic, and should be regarded as such. These routers still base their “firewall” functionality upon accesslists even though they present it in point-and-click fashion on a web-interface. It is still a router however, and the routers job is to route. Period. Your main security lies in your personal firewall, like Comodo Firewall Pro (just to mention one)
I also want to point out that NAT isn’t a firewall function in itself. Nor will it “block” anything. NAT is a feature to preserve IP addresses. It is not a security feature. The NAT functionality in it’s basics are to “exchange” the internal IP address with an outside address.
All outbound connections will translate into the same “outside IP address”, the returning inbound connections will then translate into the originating inside IP address. This is the NAT mechanism. No security what so ever. Just a way to help increase available IP addresses in an already exhausted IP scheme.
Definitions (may vary in form and functionality)
Router = Routes packets to it’s destination based upon known networks.
Firewall = Permits/denies packets based upon rulesets (source/destination and ports).
IDS = Detects possible intrusions and alerts you about it (does not prevent it).
IDP = Detects and prevents intrusion attempts.
NAT = Translates inside addresses (private networks) into outside address(es) (public networks).
I don’t mean to hammer you or lecture you, so please view this as friendly information