I have just ditched ZoneAlarm in favour of Comodo. I have the latest version (2.4.18.184).
When I had just installed it and hadn’t added any rules myself there was already a rule in ‘Network Control Rules’ to block all IP in or out from any ip to any ip where the ipproto is any.
This rule prevents incoming remote desktop connections. I can create outgoing ones but I can’t connect to this machine from another one via rdp.
If I delete this rule or set ‘Allow all’ I can then use rdp.
Obviously allow all isn’t an ideal solution but does anyone know if deleting this rule puts me at risk as if I had allowed all?
I’ve searched this forum and tried all the combinations of settings I could find before deleting the rule. None of them worked.
I would be grateful if someone could suggest a rule I can add that will allow rdp and allow me to recreate the rule above at the same time…or at least can someone tell me if I’m now at serious risk by deleting this rule?
Please do NEVER EVER delete this rule. YES, it puts you at a great risk.
Let me explain:
Network control rules (NCR) are ordered hierarchically, i.e. CPF parses the rules from TOP to BOTTOM. Thus, the block IP In/Out rule blocks everything that hasn’t been allowed by the rules above.
All you have to do is create a rule to allow incoming remote desktop connections and put it ABOVE the generic block rule.
Just right-click on the rule nearest to the botton and coose “add after”. The rule will be the put last. Do you remember the exact rule?
Cheers,
grampa.
For anyone reading this with the same problem, once I put back the rule I shouldn’t have deleted (I knew as I deleted it that it’d be important…typical) I created a new rule that allows TCP in and out from Any source to any destination where source port is Any and destination port is 3389 (as per settings in the help section of this forum).
You should put the IP address of the machine that you are using as the source. Otherwise you are allowing anyone in thru port 3389.
Just change the Source IP to whatever the IP address is of the PC that you are using to access the other PC. This will only let the PC with that IP address IN on port 3389 of the other PC.
I need to be able to log in from any machine wherever I am. I have a few machines/IPs I use regularly but if I get a call when I’m visiting friends or whatever I need to be able to use their pc to access my works desktop.
Just to add to grampa’s reply, if someone gets in that port then they can access whatever you access. You are also exposing any other PC’s that are accessed from that machine.
If you use it to access your company’s servers then so can anyone else that might use your PC. I know that I might be a little overzealous here but it happens everyday.
