Streaming Audio Help?

Help for v2
1

Greetings,

I’m a new user. I’ve figured out most of the in’s and outs of Comodo Pro Firewall. I like that it lets me see specifically what’s happening with each application as it accesses the internet (not that I understand the function of each and every file). However I still need assistance trying to figure out how to make it work with “Streaming Audio.” I enjoy listening to broadcast radio from stations that also “stream” on the web. So for me part of the function of my computer is as a radio.

I don’t seem to have any problems with sites which use windows media player as their streaming vehicle. However using this site as an example ( http://www.wbbm780.com/ ) the listen live audio stream gets cut off after a minute or so of playing. I’ve tried finding and reading other posts on similar subjects (I don’t think I’ve found anything that exactly covers my specific situation) and tried to adapt some of the steps I’ve seen on those threads, but I guess I’m still doing something wrong.

I would appreciate any help one might be able to offer.

I connect direct to the internet via a dsl connection.

Thanks.

2

Good morning, afternoon, evening, night, or whatever time you’re in, Kempis :D. Welcome to the forum.

Your connection and preference is like mine. Good taste. ;D

Please export your log to HTML then edit it with a text editor like Notepad to mask any private IP’s. It could be something blocked. Then upload it here. Also, out of curiosity, are you running a proxy server?

Edit: I found that the station you linked doesn’t even open with Opera, but works smoothly with Internet Explorer. I’ve been playing it for over 2 minutes without disconnect.

One possibility for streaming audio to get cut off is if the majority of your connection bandwidth is being used by something else like downloading.

3

Here’s the most recent section of the my logs, I think I’ve edited out anything personally Identifiable. I use Mozilla firefox to connect to the web (not a big fan of I.E.).

In reading other threads I created two rules which are as follows:

Rule 5 - ALLOW IP IN or OUT From IP Any To IP Any where PROTO is IGMP

and

Rule 6 - ALLOW UDP IN or OUT From IP Any to IP Any where source port is Any and destination port is (the number it was asking for in the error logs at the time- which now reads “ANY”).

All the other rules are the default one - Old rule #5 (block IP IN/Out) is new Rule #7

I also played with the UDP Flood numbers.

I’m not sure what you mean by Proxy Server (I never understood the term even when I was doing basic tech support) but the set up I have is that my computer runs an ethernet cable between it and the DSL modem provided by the ISP (with the phone cable between modem and wall jack) and I am assuming that my IP assignment method is Dynamic - I turn my modem off and on I get a new number.

Yes I’m probably in over my head, but everyone starts somewhere.

Thanks-

Logs begin here***

Date/Time :2007-03-26 21:41:08
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192...
Destination 192...
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 7

Date/Time :2007-03-26 21:38:28
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192...
Destination: 192...
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 7

Date/Time :2007-03-26 21:37:25
Severity :High
Reporter :Application Monitor
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\Program Files\Mozilla Firefox\firefox.exe
Protocol: TCP Out
Destination: 66...2**::http(80)
Details: C:\Program Files\Mozilla Firefox\firefox.exe is an invisible application

Date/Time :2007-03-26 21:37:23
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192...
Destination: 192...
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 7

Date/Time :2007-03-26 21:36:56
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (svchost.exe)
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP In
Destination: 127...*::1029
Details: C:\WINDOWS\explorer.exe has tried to use C:\WINDOWS\system32\svchost.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2007-03-26 21:34:49
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (firefox.exe:192... : :dns(53))
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\Program Files\Mozilla Firefox\firefox.exe
Protocol: UDP Out
Destination: 192... ::dns(53)

Date/Time :2007-03-26 21:34:49
Severity :High
Reporter :Application Monitor
Description: Application Access Denied (firefox.exe:192... : :dns(53))
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\Program Files\Mozilla Firefox\firefox.exe
Protocol: UDP Out
Destination: 192... ::dns(53)

Date/Time :2007-03-26 21:33:54
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (firefox.exe:192... :dns(53))
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\Program Files\Mozilla Firefox\firefox.exe
Protocol: UDP Out
Destination: 192... ::dns(53)

4

Oh, and when it happens I’m not “downloading.” With the exception of the background software (security and anti-spyware) when this is happening it’s only the browser and Comodo as the active software.

5

Thanks, Kempis. Your Rule 6 is one to look out for: it doesn’t seem right. Is that your final rule on the Network Monitor list? Remember ordering matters because the top has highest priority, bottom has lowest priority. Your last 3 log entries show that firefox was blocked for UDP out, which meant it failed to query the DNS to retrive the name…of sorts… It must have something to do with…rule 6.

It’s better if you upload (click on Additional Options… at the bottom left when posting in this forum) a screen shot of your Network rules.

6

Here’s the screenshot of my current commodo firewall rules. Rules number 5 and 6 are basically the same as mentioned above- however I’ve reversed them since last night and below is the most recent error in the log.

Date/Time :2007-03-27 09:22:17
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192..., Port = route(520))
Protocol: UDP Incoming
Source: 192...:route(520)
Destination: 192.*..,:route(520)
Reason: Network Control Rule ID = 6

[attachment deleted by admin]

7

Doh!! Wrong screenshot. :frowning:

Here’s the 2nd try…

[attachment deleted by admin]

8
ALLOW UDP IN or OUT From IP Any to IP Any where source port is Any and destination port is (the number it was asking for in the error logs at the time- which now reads "ANY").

Which is now your rule #5, is incorrect if the destination port is Any because you’re basically allowing everything in and out of your computer, leaving you wide open! May I ask why this rule was created?

CFP blocked incoming attempts at port 520 (route) - I’ve seen other places that require a Network rule to allow UDP on this. Let me seek help from the other mods ;D.

9

I think this is a browser issue, not a firewall issue.

My network rules do not allow anything besides TCP and UDP outside of my immediate network.

With Firefox, the audio feed bit the dust after about 30 seconds.

With IE7, there were no problems.

Here’s some other tidbits… the site (at all levels) is running various scripts. Some of these lead to advertisements. I know this because with FF, no page would load (including the streaming interface) until I allowed scripts temporarily (the famous NoScript extension). With IE7, the page loaded fine once I turned off Peerguardian (which was blocking almost every aspect of it), and everything worked - streaming, etc.

So there’s my take on it.

Hope that helps,

LM

10

With Opera, javascript was enabled and it didn’t work for me. This leads me to believe, thanks to LM’s suggestion, that it requires cookies, which I had disabled in Opera but not IE6. That at least explains why the link didn’t open a new small window.

PS: Ignore the proxy server question. If you don’t know what it is, it’s most likely you’re not running one.

11

:-[ The rule was created because I didn’t know any better and was experimenting with things I probably don’t fully understand. I’m basically a hobbiest just trying to make my computer a little more secure than it was. I know just enough to get me into trouble- the computer equivalent of a shade tree mechanic. If I poke at it long enough eventually I’ll figure something out.

I’ll try running the link via IE7 and will post back with the results one way or another.

Thanks for the assistance. :smiley:

12

Alright. It seems to work with I.E. 7. I guess this will just be another one of “those” sites- the small few that I must use with I.E. However I’m not convinced that it is “entirely” just a browser issue, with other firewalls I never had the problem with that site and mozilla firefox. Of course other firewalls aren’t “Comodo.” So I’m willing to live with it.

Thanks for all your help. Much appreciated. :■■■■

13

Interesting that it worked previously w/other FWs and FF… Wonder what CFP’s doing that they’re not? Of course, I guess it could be possible that in between FWs, they changed the website (although probably not likely…)

What if in CFP if you edit FF’s application rule, go the miscellaneous tab, and select Skip Advanced Security Checks, OK and then reboot. Then try it…

LM

14

Could also try other streaming sites and report the status while you’re at it. (That means you, too, mac)

15

oh, okay… :THNK

http://www.897powerfm.com/

Allowed scripts for this site, in order to access the streaming audio.
Allowed scripts for the streaming popup, in order for the stream to do its thing. CFP prompted for components in FF to be allowed - Ndpsplay.dll then it worked fine.
At 1 min 43 sec it cut out, and it started buffering. This corresponded (seemingly) to a blocked inbound IGMP (from Gateway to 239.255.255.250) and a blocked outbound IGMP (from computer to 239.255.255.250). I was in the process of adding an oubound IGMP rule to NetMon, when CFP prompted for several more FF components. I allowed, and it started up again. About 4 minutes later, it cut out again, with a corresponding IGMP block again. No more CFP alerts for FF components. It buffered a minute, then came back on automatically. Same thing in a few more minutes. Now I’ve added the outbound IGMP rule. Let’s see…

LM

16

IGMP is definitely the key for this site’s streaming audio.

Right when I expected it, there was a momentary blip in the feed, then all was fine. Checked CFP logs, there was a block for inbound IGMP, just as before, but no block on an outbound IGMP (such as there had been before). Then it went for several minutes; actually hasn’t cut out since.

I went ahead and created the Inbound IGMP rule to match the log entry, and no problem so far. Been going straight for a solid 10 minutes.

LM

17

Thanks for the updates, mac. This is the first I’ve encountered that requires IGMP (not that I know a lot of anyway), and an incoming one at that. Hmm.

18

Now I’ve gotta test the process for Kempis’ site…

LM