What about inboud??

Hi:

I see’ya all concerned and worried about leaktest, but… have you ever considered about inbound attacks?? The reason I post this is because besides the TCP, UDP or ICMP flood analisis on Comodo to prevent DoS attacks, I don’t see that the firewall enables a true Network Intrusion Prevention System (with signatures and all) like the ones you can find in firewalls like Kerio -to name one of the best in the job-.
I used Kerio, before they sell it and I tell you, nothig ever got in, so, why worry about leak tests if you can stop them before getting in??
That said, besides the “Block all” rule in the Network Globall Rules, what does comodo to prevent inbound attacks, like os fingerprinting, scans, network scans, nmap, trojans with particular signatures and drivers to generate TCP traffic…

BTW V3 beta… R O C K S !!!

Ohhhhhhhhhhhhh come on!!!

It’s a fair question since not much firewalls in the market actualy implement an IDS/IPS system I would love Comodo to be able to detect attacks on the network in this way and prevent them (like the old Kerio firewall did).

Snort has some fabulous rules and today actualy the only firewall that is able to implement them is the Sunbelt/kerio firewall.

Yes it is a fair question.

However the number of ppl that can answer question on internal working of the firewall are quite limited and probably are comodo dev wich job are not to answer forum topic (altougth they probably can in their free time). I just want to point out that the limited answer is probably because you have a very narow question scope.

This being said … why dont you just install snort on your computer ?
http://www.snort.org/dl/binaries/win32/

[at] MasterTB,

I’ve PM one of the dev guys your topic details. They are all pretty much flat out with the refinement of CFP V3, so they may not be able to respond immediately.

Cheers,
Ewen :slight_smile:

Hi MasterTB,

A signature based network intrusion detection system, is normally not a vital component of a personal security system because the attacks such a system can detect are usually in the domain of a server computer. Snort, for example, is hardly suitable for a PC. However, this does not mean, an IDS does not mitigate some sorts of risks even for a PC.

An IDS suitable for personal computers/users is in our wish list and will be implemented in the future. But till that time, your firewall should be quite enough to make sure you have a robust inbound network defense.

Good luck,
Egemen

OK, first of all sory for my impatience.
I understand how heavy down in work you are with V3 so again sory for that impatient comment.
Now back to the topic I agree that a personal computer normally wouldn’t need an IDS/IPS protection, but if you take the time to install an IDS -say the free version of Sunbelt PErsonal Firewall- on a computer directly conneted to the net by an ADSL modem you would be surprised by how much a properly configured IDS detect on an every day basis, just a thought…

I’ve fulfilled all 3 conditions: had Kerio firewall (not much different from Sunbelt now since development is slow from what I understood), have ADSL modem, and noticed lots of things IDS detected. However, I’m not concerned about it, especially since Egemen stated it will be included in a future version of CFP.

OK, but you have to agree that if you have an IDS/IPS system on your machine, that corrupted traffick never get’s to the application it is intended for, because what IDS does is filter the traffic incoming to your machine, and it’s most important function is to filter trafic that you have alowed to recieve, say when you are browsing online, all the traffic that incomes is first scanned to check for inconsistances by the IDS/IPS, something comodo doesn’t do actually, and by many people’s standards this is a security risk; thus my question related to wether we will see this kind of improvements in the firewall and how great it would be !!

Wow, Egemen is back on the forums, Looks like he has some time on his hands. ;D
Sorry for the OT, but I just had to join the Comodo fan-boy crowd with some OT stuff ;D.

Al (test with 120 DPI) Adric

I too would love to see this happen…