Unknown ICMP Blocks after setting up uTorrent [RESOLVED]

I set up uTorrent with Comodo firewall yesterday after reading this thread: https://forums.comodo.com/firewall_help/utorrent_comodo_firewall_guide-t32326.0.html using Bad Froger’s instructions and (since I am behind a router) by forwarding my ports. It seemed to be setup correctly and was working well. So I decided to leave it running overnight. But when I checked the logs, I see these ICMP blocks. What’s going on? What do they mean?

[attachment deleted by admin]

This is the ICMP type 3 code 1 message

3=Destination Unreachable
1=Host Unreachable

http://www.iana.org/assignments/icmp-parameters

This basically means that uTorrent was trying to connect to hosts that are no longer “available” on the internet.
You could put up an allow rule for this traffic as it will speed up your downloads, it tells uTorrent the host is not there now by blocking it it has to “time-out” before it can flag the host down.

Thanks for replying and explaining what those blocks mean Ronny. :slight_smile:

Alright, I added a rule in the Global rules to allow ICMP type 3 code 1 message in and cleared my firewall logs. Those blocks have stopped but now I’m seeing a new one in the logs:

ICMP type 3 code 10 message

Should I add a rule for that one to the Global rules as well or should I just go ahead and add a rule to allow all Destination Unreachable completely no matter what the message is?

You can allow those "3/10 Destination Unreachable / Communication with Destination Host is Administratively Prohibited states that there is an active firewall between your pc and the server/pc your communicating with and the “other side” is blocking your request.

Hi guys,

I saw this thread so I went and added the rule in my little guide.
Is there really a perceivable speed difference to be gained from this?
I have never bothered with allowing this ICMP traffic and have never had any trouble.
uTorrent doesn’t seem to mention it anywhere I can find.

So now, first it was type 3 code 1, now it’s type 3 code 10.
If I add another rule for the second one will that be the end of it?

TIA

Hi Bad Frogger,

If an application tries to connect to an other system it needs to send packets for TCP those are the “3way handshake” for UDP this could be “fire and forget” but for both it expects a “response”.

And waiting for a response takes time, if the app waits let’s say 1 second on a response and you have a 10ms “unreachable” response you “lose” time.

You can safely allow in all cases (no only uTorrent) Type 3 Net unreachable, Port Unreachable, Host Unreachable.

Thanks Ronnie

Just makes one wonder why they don’t have it in the predefined rule sets.
I really wanted to be sure not to ■■■■■ up Stealth.
Adding a bunch of extra ICMP Allows when my downloads have always gone
at a healthy rate.

Later

Thanks Roony.

After I allowed that one, I see a block in the log for ICMP type 3 code 13. I’ve just gone ahead and created a rule for that one too and the others that Rooney said were safe to allow. So, in my Global Rules I have ‘allow in’ rules for:

ICMP type 3 code 0
ICMP type 3 code 1
ICMP type 3 code 3
ICMP type 3 code 10
ICMP type 3 code 13

Is it safe to have all of these allowed in, along with the uTorrent rule and the ones that were created after I ran the Stealth Ports Wizard?
And as Bad Frogger asked, am I still stealth?

Hi Ronny is offline,

You only need the 3 of them. Port, Network, and Host Unreachable.

I edited the guide you started with.
If you end up with the rules like in the last pic you are good to go. Stealth.
You are aware that when the uTorrent rule is above the block rule you have
1 port open. So to be 100% Stealth you need to move it down. I do when
I’m not Torrenting.

Gotta let the firewall block something, you shouldn’t get to much
Internet “noise” because of the router.
You wanna see a log fill up fast go without the router.
I think the log by default only goes to 1MB then deletes and starts over,
So you needn’t worry about a giant monster file filling your HD.
To test for stealth you would go to GRC | Gibson Research Corporation Home Page  
and run the Shields up scan. But when you are behind a router it really scans your routers
ports.
You could connect direct to modem to test, but be ready for the new network
detected pop up, due to IP address change. You can just close the pop up
If you are inclined to do that route.

Later

I think I do need the ICMP type 3 code 10 & code 13 rules, not for downloading but for uploading/seeding, which is what I was doing when I got those ICMP blocks. My downloading speed has been going at a constant rate, like it was when I used Windows Firewall. But when I started using Comodo Firewall, my uploading rate was cut in half, fluctuated often, and according to my router logs, rarely reached the maximum upload rate that I set it to. I also got those ICMP blocks in the Comodo logs. After adding all those ICMP type 3 rules to my Global Rules, my upload reaches the maximum rate and stays that way, just as it did before.

To see if I was still getting any Destination Unreachable requests, I set those rules to be logged if they were ever fired…and they were. So I’ve decided to leave them as they are, unless someone tells me it’s not safe to have the ICMP type 3 code 10 & code 13 allow in rules and then I will remove them.

Thanks for the other info, I’ll give it a go. :slight_smile:

EDIT: OK, umm, I just checked to logs again and now I have a few ICMP type 4 code 0 blocks. What do those mean?

Type 3 (destination unreachable)

Type 3, code 0 - network unreachable
Type 3, code 1 - host unreachable
Type 3, code 3 - port unreachable
Type 3, code 10 - destination host administratively prohibited
Type 3, code 13 - communication administratively prohibited by filtering

Type 4, code 0 - source quench
This message is a request to decrease the traffic rate of data messages
sent to an internet destination.

OK, I added all of these to my rules for incoming to test, and checked for Stealth.
I haven’t added them to my guide other than the basic first three.
You are still Stealth so if you find it helps your speed go to town!

I’m guessing I don’t see any real difference because I’m not a big upper and some
of these codes may be from your router, purely speculation of course as I haven’t
any real detail of your setup.

Consider your traffic controlled and be careful out there.
Later

Interesting topic. I had noticed the same ICMP logs as well; with me they are related to using E Mulle. I added three ICMP rules to the Global Rules and got rid of nearly all ICMP blocks.

I do have some questions about the nomenclatura regarding ICMP and how CIS logs show them. CIS log will show for both Source and Destination the port type; for example src type (13) dest type(3). The IANA guide Ronny linked to speaks of types and codes.

My question is how types and codes translate to the CIS log system?

Looks like It translates thus -

Source = Type | Destination = Code

ex. Type 3, code 1 - host unreachable = Source Port 3, Destination Port 1

Noticing a beneficial side effect also.
ICMP being message control protocol.

In some other thread we were talking about CIS showing legacy connections like
ex. utorrent shows 50 active and CIS showing hundreds.
It’s becoming apparent that CIS/Windows was waiting for every query to time out
as it didn’t get the responses like Unreachable, Blocked, etc.
There is still some lag but the difference seems to be substantial.

Just can’t stop learnin,
Later

Thanks for all the help everyone! Comodo and uTorrent have been working well together for the last couple of days. I have eliminated of the blocks in the logs and my speeds in uTorrent have been high and consistent. No more problems whatsoever. :slight_smile:

Oh, and Happy New Year guys! ;D

Good to hear. I’ll lock this and mark it as reloved. If you need it re-opened, PM any of the mods.

Cheers,
Ewen :slight_smile: