system just asked for inbound [RESOLVED]

wow system just ask for inbound i think i clicked allow but did not remember it i went and looked and it is still outgoing only why would it ask this? i was browsing comodo site for banners.

I’m not really the one to ask when it comes to network traffic, but I did get some strange inbound connection attempts a couple of months ago. They looked suspicious so I blocked them and changed my CFP global rule to block all incoming IP traffic. Can’t tell what popup you got, though.

LA

at any rate did not hurt anything thank god was all from my router it showed so nothing from the net thank god. at any rate i did allow it but did not have remember checked at the time.

Unless you are doing something unusual that has specific needs, you don’t need to allow anything in or out from “system”. If you start getting stuff logged, you can add rules under system to block and not log the connection requests. Or if something stops working, you can add an allow rule. My rules are attached and work fine under Vista.

[attachment deleted by admin]

ok i will keep a eye on it and see what it dose over the next few days i think it was just a glitch lol

Let us know :wink: Goodluck.

it did it again but i did not get to click it fast enough it went a whey before i could. i did snap a picture of it though right before it left here it is.


http://img524.imageshack.us/img524/5595/ttcc7.th.png

Make it outgoing only. See here.

[attachment deleted by admin]

it is outgoing only was like that default so not sure why it doing this should i allow it ? seams to be my router doing it or something. that ip is my kids computer why is it doing that file sharing is off? i just looked into my router and that is her local ip now i’m puzzled. I will be leaving tomorrow and be back late Sunday so if i don’t answer back i will then.

Allow it outgoing only.

um how do i do that it’s already outbound when this alert pops up what do i do if i click block wont it not block that connection all the time thus changing the rule?

Look at my screen shot and make your like mine.

I manually added those from running processes.

the ones i have in there are outgoing only i did not have dllhost not sure what it is but all rest are outgoing only so it is strange maybe its normal traffic and its just triggering a alert for some reason.

Thank you. The actual alert that comes up gives quite a bit of information.

First thing it tells us, is that an inbound packet got blocked. Meaning the packet did not originate on frogger’s machine, so whatever rules there may be for outbound traffic don’t apply. Irrespective of however impassioned the plea may be to “make it outgoing only”.

Second thing it tells us, is the sender address, of 192.168.0.101. This is a private IP LAN address, so it is coming from some other machine on your LAN.

Third thing it tells us, is the port/protocol is 137/UDP. That’s the Windows networking Netbios name-lookup port.

Fourth thing it tells us, is that it would have been received by System if the packet had not been blocked. That would imply, in the context of the 3rd item, that this was a Netbios broadcast, to the LAN destination address of 192.168.0.255.

Here’s where knowing something about how chatty Windows networking can be might be useful. Netbios methods don’t rely on a coordinating server. It’s one of the original peer-to-peer networking methods. When a machine comes online, and at intervals thereafter, it will broadcast it’s Netbios name to everything on the LAN. That is to allow all the other machines to do their equivalent of writing a sticky-note that says “this name is that that address”, and each machine maintains their equivalent of a phone book matching names-to-addresses.

If you check the CFP log, I suspect you’ll find the blocked packet being logged with the destination address of 192.168.0.255. The LAN broadcast address.

So, that other machine, each time it is turned on, and probably at about 15 minute intervals thereafter, is going to yell at the LAN something like “I’m and I’m at 192.168.0.101”.

And frogger’s machine, being the properly secured machine running CFP that it is, is going to get an alert that some inbound packet from someplace is being blocked. Like when that other machine is turned on, and at about 15 minute intervals thereafter.

So the solution is, either to change the configuration on that other machine (at 192.168.0.101) so it quits broadcasting to the entire LAN, or, frogger’s machine needs to change the CFP configuration to allow that Windows networking broadcast traffic to come inside and be properly ignored.

Any preferences on the solution?

PC’s are quite gossipy when sharing the same modem(wired). I don’n t even have a LAN setup. Both PC’s are routed thru a 5 port switch to the modem. They are always trying to contact each other on port 138(nbgrams) as Comodo V 2.4 calls them. Of course V2.4 blocks thier gossip to each other.

ok all i just got back i read what he said and yes it coming from my other machine so what can i do ? just allow it to come in beings its on my other machine with no malware or viruses at all. i keep a pretty tight system here at the home port. get back all thanks god bless. P.S. seattle omg was nice and cool i loved it now i’m back in spokane and omg its 95 here.

Probably the easiest thing to do, would be to have CFP allow LAN broadcast traffic, with a rule like this

Action: Allow
Protocol: UDP
Direction: In&Out
Source IP: zone[MyLAN]
Destination IP: single IP: 192.168.0.255 #assuming your LAN is 192.168.0.0 thru 192.168.0.255
Source port: any
Destination port: any

and have that in your Global Rules, right up there at the top.

Because this is broadcast traffic, there’s not really anything that can be used to attack another machine on the LAN if one machine somehow gets infected.

how do i know what my lan is you say this Destination IP: single IP: 192.168.0.255 #assuming your LAN is 192.168.0.0 thru 192.168.0.255 how do i know should i just use what you put on there? thanks and oh how the heck do i make this rule?

Go to the Firewall tab. Click Advanced then go to the Network Security Policy. Click on Global Rules then click Add.