Server rights on Comodo firewall

Hi, I am using Comodo firewall. I am not sure when Opera, other web browsers, my download manager, AV and Comodo itself are a sking for permission to act as a server. Any help will be appreciated?

Hey Aigle,

Firstly, welcome to the forums.

As a rule, if the firewall is installed and configured correctly and you are getting messages saying that XYZ is trying to act as a server, it’s because XYZ IS trying to act as a server. LOL.

Providing its an application you are certain of, and the message was in conjunction with that application being used normally, then it’s OK.

If Comodo Personal Firewall (CPF) is alerting you about something SERIOUS, the dialogue box will make that apparent.

Hope this helps,
Ewen :slight_smile:
(WCF3)

Because I used Zone Alarm Pro and there no programmes get server rights, but on ZA there are two server options, one for trusted zone( server right OK) and one for internet( no server rights).
In Comodo not like this.

G’day,

In CPF, they use the term “server” in its most correct definition - a service (software or hardware) that is configured to listen for data requests on a designated port, acknowledge requests on those ports and “serve” data back to the requesting computer to satisfy the data request. (If anyone’s got a better definition, let me know. This one’s too long to type in too often. :wink: )

Zone Alarm does acknowledge servers, it just doesn’t announce it in its windows and messages. This is, IMHO, one of CPF’s best features - the amount if information it gives you in its dialogues.

hope this helps,
Ewen :slight_smile:
(WCF3)

So u mean it,s safe to allow for server rights?
Thanks.

I would just add that a server listens for unsolicited requests. SPI should be differentiating between responses to requests that an application on your computer initiated and those that are initiated from outside your system.

Nice post aigle,

I also wondered about the same thing (I am very new to this firewall business, was using Windows Xp SP2 inbuilt firewall so far). How to differentiate between solicitated and unsolicitated requests then (by CPF, how to configure it to do that, if possible)? Also, what is SPI?

Zoran

G’day Zoran,

SPI = Stateful Packet Inspection
This means the firewall examines the contents of each and every packet that attempts to enter or attempts to leave your PC.

Solicited / Unsolicited = A solicited packet is one that comes back to your PC in response to a request from your PC, like asking for a web page or emails. An unsolicited packet is one that your PC hasn’t asked for - like a port scan.

You’ve made a very good move choosing Comodo Personal Firewall (CPF). The built in firewall in XP is one directional - inbound only. This means that it assumes that anything coming FROM your PC is OK, it only checks things going TO your PC. What happens if you’re using the XP firewall and get a virus/trojan/backdoor on your PC? The XP firewall will happily let the bug access the internet because it’s stuff is coming FROM your PC, so it assumes that it’s safe.

BAD, Mr. Gates. VERY bad. So bad it borders on DUMB!!!

CPF, on the other hand, monitors both inbound and outbound traffic at the packet level as well as monitoring applications. It really puts the other firewalls to shame! All of them!

Hope this helps,
Ewen :slight_smile:
(WCF3) (WCF3) (WCF3)

Hi all,

Since many of our users are confused with the act as a server type popups, we have changed this behavior to something called queued detection. You will be able to test the new feature in the next BETA release.

Good luck,
Egemen

Thanks. That will be nice I think.

Ewen,

Many thanks for clarification! Hope I can bore you with few beginners’ questions.

(1) Say my computer tries to get web page from computer X. I presume that this works as follows. My computer puts information into the outgoing packet that certain web page should be displayed. Package reaches computer X which sends package back after appending information to it I wanted. My computer receives this, but does not know if this is solicited or unsolicited package so it reads it (some header I guess) and there is finds that this packet was indeed sent by my computer and says “okay this is reply on my request, I’ll let it in”.

(2) But, can’t a hacker squeeze in his/her information and send a packet to my computer without me ever sending any request to anyone. Hacker prepares copy of package and arranges it in such a way (exactly how it would look in step (1)) and sends it to my computer. My computer thinks that package just received is a response from previous request, and chaos…

If not secret, I am really curious how CPF guards me against (2). Would you have time to elaborate on that a little (or, perhaps, point me to some place where I can find such information available in, hopefully, “user friendly” way)? On the other hand if you are busy, I will understand …

Regards
Zoran

p.s. Yes, I read some review on Comodo and there it said that it checks outbound messages/packages as well. Rest is history, Comodo and me are best friends now …

I am sure Ewen will explain the rest perfectly but let me tell you a few things about (2) :

What you describe is an example of “TCP Session Hijacking”. This attack is an old and very efficient attack.
It is very difficult to reproduce. To do so, the hacker must watch your traffic, staying in the middle of you and your remote end(or somewhere it can sniff your packets). Then he should try to guess your next TCP sequence/ackknowledgement number pair and inject his packets to your traffic. He should know a lot about your computer to produce working packets. So it is practically not quite possible for someone to hijack sessions of a random personal computer.

TCP Session hijacking is a bigger threat for SERVER type computers or enterprise network gateways, which have many important networked applications running all the time.

It is theoretically possible for an ELITE hacker(these are real hackers like Kevin Mitnick) to hijack a TCP session in your PC. But even he hijacks your session, what he can do is very limited even without CPF is installed.

Hope this helps,

Egemen

... "TCP Session Hijacking".... To do so, the hacker must watch your traffic, staying in the middle of you and your remote end(or somewhere it can sniff your packets). Then he should try to guess your next TCP sequence/ackknowledgement number pair and inject his packets to your traffic. He should know a lot about your computer to produce working packets. So it is practically not quite possible for someone to hijack sessions of a random personal computer.

Wow, holly smoke, many thanks Egemen! I am very curious, why should he guess next “TCP sequence number pair” from my computer? By the way, what is this pair, some header info I presume? Are there some resources where one cold peek into this type of information on the web, something like “TCP protocol for dummies”?

... But even he hijacks your session, what he can do is very limited even without CPF is installed.

Could you please tell me more about this. I am very, very curious. Could hacker plant in a virus in such a way, or some more complicated trojan? Do you imply that I have some antivirus software installed that could detect such a thing?

Of course, if you think these questions take too much time to answer I will surely understand, you’ve already been to kind already will all this input I’ve got so far.

Zoran

Zoran,

If you can sidestep the bulls#@t on www.grc.com, there is a detailed IP tutorial there somewhere. I think its part of the doc on the RDDoS attack grc.com suffered a couple of years ago. Ignoring the histrionics, the bits about IP and its structure are worth reading.

If you can’t find it, let me know. I’ve got it saved around here somewhere.

HTH
ewen :slight_smile:

Many thanks Ewen! I found it. The link is

http://www.grc.com/dos/drdos.htm

Exactly what I was looking for. I will study it carefully…

Many thanks again.

Zoran