Skype and port 31088

sergiuszs · January 20, 2008, 8:23pm

For the first i would like to say HELLO to everyone
and thanks for Comodo Firewall!

Ive one problem, Comodo is blocking access to Skype.exe on port 31088 although application rules (Firewall → Advanced → Network Security Policy)
Logs and rules below:

rules:

http://sergiusz.info/temp/cv3.jpg

COMODO Firewall Pro Logs

2008-01-20 20:53:41 C:\Program Files\Skype\Phone\Skype.exe Blocked 83.13.58.26 51659 192.168.1.100 31088
2008-01-20 20:53:43 C:\Program Files\Skype\Phone\Skype.exe Blocked 83.13.58.26 51659 192.168.1.100 31088
2008-01-20 20:54:50 C:\Program Files\Skype\Phone\Skype.exe Blocked 89.182.1.150 10013 192.168.1.100 31088
2008-01-20 20:56:08 C:\Program Files\Skype\Phone\Skype.exe Blocked 78.88.71.134 24830 192.168.1.100 31088
2008-01-20 20:56:10 C:\Program Files\Skype\Phone\Skype.exe Blocked 78.88.71.134 24830 192.168.1.100 31088
2008-01-20 20:56:49 C:\Program Files\Skype\Phone\Skype.exe Blocked 83.13.58.26 51659 192.168.1.100 31088
2008-01-20 20:56:50 C:\Program Files\Skype\Phone\Skype.exe Blocked 83.13.58.26 51659 192.168.1.100 31088
2008-01-20 20:58:06 C:\Program Files\Skype\Phone\Skype.exe Blocked 65.30.189.251 24285 192.168.1.100 31088
2008-01-20 20:59:13 C:\Program Files\Skype\Phone\Skype.exe Blocked 78.88.71.134 24830 192.168.1.100 31088
2008-01-20 20:59:15 C:\Program Files\Skype\Phone\Skype.exe Blocked 78.88.71.134 24830 192.168.1.100 31088

more here: http://sergiusz.info/temp/cv3.htm

What’s going on ? :-
Greetings.
Sergiusz.

system · January 20, 2008, 8:29pm

Do you have any gloal rules?

sergiuszs · January 20, 2008, 8:35pm

As default after new install of Comodo:

http://sergiusz.info/temp/cv30.jpg

system · January 20, 2008, 8:42pm

Get rid of the last block rule and see if that works. If it does, you can put it back and make an allow rule for incoming to port 31088. For inbound, global rules are checked before application rules.

sergiuszs · January 20, 2008, 9:18pm

So now it works, thanks, but i cant find what is 31088 port, without allowing connection for this port i cant connect to skype servers, its amazing

system · January 20, 2008, 9:31pm

Sorry, I don’t use Skype. Can you select the port you use in Skype? You might try doing a search on the other Skype threads for rules others use. Usually this type of connection is handled by allowing connections to that specific port ahead of the block all in the global rules.

sergiuszs · January 21, 2008, 6:37pm

Today is the same:
2008-01-21 19:30:18 C:\Program Files\Skype\Phone\Skype.exe Blocked 88.179.140.178 49779 192.168.1.100 31088
2008-01-21 19:30:20 C:\Program Files\Skype\Phone\Skype.exe Blocked 88.179.140.178 49779 192.168.1.100 31088
2008-01-21 19:30:23 C:\Program Files\Skype\Phone\Skype.exe Blocked 88.179.140.178 49779 192.168.1.100 31088
2008-01-21 19:30:26 C:\Program Files\Skype\Phone\Skype.exe Blocked 88.179.140.178 49779 192.168.1.100 31088
2008-01-21 19:30:29 C:\Program Files\Skype\Phone\Skype.exe Blocked 88.179.140.178 49779 192.168.1.100 31088
2008-01-21 19:30:38 C:\Program Files\Skype\Phone\Skype.exe Blocked 88.179.140.178 49779 192.168.1.100 31088
2008-01-21 19:30:44 C:\Program Files\Skype\Phone\Skype.exe Blocked 85.89.170.231 4422 192.168.1.100 31088
008-01-21 19:31:10 C:\Program Files\Skype\Phone\Skype.exe Blocked 88.161.128.78 1071 192.168.1.100 31088
2008-01-21 19:31:13 C:\Program Files\Skype\Phone\Skype.exe Blocked 88.161.128.78 1071 192.168.1.100 31088
2008-01-21 19:31:14 C:\Program Files\Skype\Phone\Skype.exe Blocked 88.179.140.178 49779 192.168.1.100 31088
2008-01-21 19:31:19 C:\Program Files\Skype\Phone\Skype.exe Blocked 88.161.128.78 1071 192.168.1.100 31088

bla bla bla

Rule in Global Rules is: Allow UDP In From IP Any to IP Any Where Source Port Is Any And Destination Port Is 31088

the rule is at the top!

its is annyoing…

why comodo is still blocking it ?!?!

31088 is port for incoming calls, in options (skype) we can change only alternative ports 80 or 443 but why comodo cant see this GLOBAL RULE ?!

system · January 21, 2008, 6:48pm

Don’t you need to allow TCP also like in your Skype rules?

sergiuszs · January 21, 2008, 6:55pm

Sure i was trying to allow also TCP, but in log view protocol is only UDP.
Dont know what think about it - something strange.

Propably i will try Outpost Firewall to see it in action, i cant sit more than 2days to configure firewall with one application

system · January 21, 2008, 7:08pm

Try allowing both in your Global rules anyway and see if that helps.

sergiuszs · January 21, 2008, 7:17pm

Allow TCP OR UDP In From IP Any to IP Any Where Source Port Is Any And Destination Port Is 31088

log (when fired)

Btw: I found this:
In the quest for even better voice quality, it is also advisable to open up incoming TCP and/or UDP to the specific port you see in Skype Options. This port is chosen randomly when you install Skype.
source: http://support.skype.com/index.php?_a=knowledgebase&_j=questiondetails&_i=148

Maybe i should reinstall Skype to get better port (31088 is anomalous)

system · January 21, 2008, 7:23pm

Sure, maybe you can get a more random port That rule looks like it is doing what Skype says to do. Problem is to get around the “block all in” global rule by putting an allow exception in front of it for Skype. I actually eliminated the “block all in” from the global rule and put a “block all in and out” at the end of the application rules. If you do that, you just need to remember to remove it temporarily when you want to install something new, but seems like a security reminder to do that anyway.