I may be alone in this, but I operate a Samba share on a linux box on a different network. When I try to access the share Comodo informs me that there is a TCP port scan and blocks access. I can get round this by increasing the port scan rate to 500/sec, but ideally I would like to make the Samba share IP address an exception to the port scan rule.
Rules which govern this are:
IP allow IN XX.XX.XX.XX ANY ANY
TCP/UDP allow IN XX.XX.XX.XX ANY ANY
I realise that this is relatively insecure and will tighten up these rules, but I wanted to make sure that I was not blocking Samba
The log entry is
Date/Time :2007-08-09 10:42:49
Severity :High
Reporter :Network Monitor
Description: TCP Port Scan
Attacker: XX.XX.XX.XX
Ports: 30724, 21508, 22020, 22276, 22788, 23044, 23556, 23812, 24324, 24580, 25092, 25348, 25860, 26116, 26628, 26884, 27396, 27652, 28164, 28420, 28932, 29188, 29700, 29956, 30468, 43605, 43605, 21994, 21930, 43605, 43605, 21930, 21930, 43605, 44637, 21930, 21930, 43601, 43605, 21930, 21930, 43605, 43605, 21930, 21674, 21930, 21915, 43605, 35413, 21930
The attacker has been temporarily blocked
Any suggestions other than what I have done?