What Global Rules?.

I was reading a post here on Global Rules where one of you guys was helping someone with a problem they were having as regards internet connections. The person was asked to post a jpg of his Global Rules and I decided to look at mine only to find I have just the one.

    "Block ICMP In From Any to IP Any where ICMP Message is Echo Request"

Is this correct or should I have more as per the jpg shown in the other post. The reason I ask this is as I intermittently have a problem with " Network Timeout" messages. I can go on one of my regular sites one day without any problem and the next day it will take me several attempts to connect. I also connect to a site and navigate within it without problems and then from one click to the next I get a slow responce and the “Network Timeout” message.

The only security that I have running in real time is Comodo Firewall Pro v3.0.25.378, Comodo BoClean, SpyWare blaster and Avira AntiVirus all kept up to date. I am certain it is not my AV or BoClean causing this and think it may somehow have something to do with the ICMP rules but not being very PC tekky i’m not sure how to correct this. Could someone help me to find a solution to this problem. I use Firefox v3 as my main browser and only use IE7 for updates if this helps.

did you use P2P option in stealth ports wizard. that adds the rule you have in global

“Network Timeout” is a technical description of what most of us know as traffic congestion, also known as “rush hour”. It means that somewhere out on the Internet, something has wedged, and packets cannot get thru. If it was a firewall problem, it’d work or it’d not work, with no in-between.

So, two questions:

First, how are you connecting? Wireless or wired, and thru a NAT/router or not?

Second, when you get a “network timeout”, have you tried a “tracert -d” from a command prompt to get something that vaguely resembles a congestion report between your machine and whatever site you are trying to connect to?

first off thanks for the replies.

I have never touched the Global Rules at all in the time I have used CFP. I do download films using VEOH TV and possibly okayed a Comodo pop up in regard to this.

I am on a wired connection through a cable modem using a fast ethernet adaptor and supplied by Virgin Media here in the UK. I pay for a 2MB broadband connection. What is a “tracert -d” and how do I do this.

About my Global Rule. Is the one I have ok or should I have more. I am sure that I had more in a previous version but have used Comodo and the updates for so long that I can’t remember for sure.

Sounds like you have a good solid connection. Some folks have wireless connections, and are subject to occasional interference. That’s not something you’ll be having to worry about.

The “tracert” is a command line app, that measures the round-trip delay from your machine to some destination on a router-hop by router-hop basis. For example:

C:\Documents and Settings\User>tracert -d www.google.com

Tracing route to www.l.google.com []
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms
  2     *        *        *     Request timed out.
  3     2 ms     1 ms     1 ms  <redacted>
  4    35 ms    35 ms    35 ms  <redacted>
  5    36 ms    35 ms    37 ms  <redacted>
  6    36 ms    36 ms    35 ms  <redacted>
  7    39 ms    39 ms    38 ms  <redacted>
  8    66 ms    68 ms    68 ms
  9    66 ms    66 ms    65 ms
 10    76 ms    81 ms    76 ms
 11   250 ms    77 ms    79 ms
 12    81 ms    89 ms    90 ms
 13    81 ms    81 ms    81 ms

Trace complete.

As you can see, my desktop machine is 13 router hops from www.google.com, and there seems to be some momentary delay at hop 11, but it’s not a problem.

In your case, you will need to run tracert to whatever machine that you’re trying to connect to out on the Internet. Small numbers are better, but as you can see from my example, the more distant the server, the longer it takes to get there. Sometimes routers are configured to not respond to path queries, as you see in my example hop 2. That’s typical of a firewall or other security setup. But several such hops like that, and the path is very likely not operational.

To run a tracert, you open up a Windows command prompt. Click Start → All Programs, Accessories, Command Prompt. Then enter “tracert -d some.site” and see what comes back. If you’re not sure of what the result are saying, you can post a screenshot here.

Regarding your Global Rule, the one rule that you have is fine. It’s the CFP default, and will keep somebody out on the Internet from sending a ping request to your machine. Whether you do in fact need additional rules, depends on what what you use your machine to do.

One thing that might be good to check, is to see what is in the CFP log. Open CFP, and click Firewall → Common Tasks, View Firewall Events. If CFP has been blocking anything, and logging the blocked traffic, it will be listed here.

Thanks again grue155,
It seems like the one solitary rule in global is ok then. I did as you suggested and checked the CFP log and found a lot of blocked listings all of them being C:Windows\System32\svchost.exe. They had different Source IP’s but the same destination IP’s and different source Ports but the same destination Port ie 1027. All they entries were from today so it seems to be blocking something that is happening every few minutes or so. Do you have any idea what this could mean?.

What you’re seeing in your CFP log is what passes for the normal Internet background junk these days. Phrasing it differently, it’s spam. In particular, it’s what is known as Windows messaging pop-up spam, in that it is an attempt to find an unfirewalled machine, and cause a “net send” command pop-up that says something like this: “Warning: Your machine is not functioning properly. Visit <evil.site> and download now to correct the problem!”

That CFP is blocking this stuff is a good thing. But it is filling up your logs to no good effect. To keep the logs from being overwhelmed, you can introduce a new Global Rule to block this stuff, and not log it. To do that, you would go to the Global Rules tab, and Add this rule:

Action: Block # and do not mark the checkbox to log
Protocol: UDP # select the protocol from the pulldown list
Direction: In
Source Address: any
Destination Address: any
Source Port: any
Destination Port: a port range: start 1024 end 1030

You’re seeing port 1027 in your logs, but the spam does try a number of ports in the range 1024 to 1030. Best get the lot of them at once.

An alternative, would be to acquire a NAT/router to place between your cable modem and your PC. The NAT/router would function as an inbound firewall, and so block that spam traffic. CFP is doing that job right now, but if you had to stop CFP for some reason, then your machine would be unprotected. A NAT/router would give you an extra layer of defense against the junk out on the Internet.

Again thanks Grue155,
I have set that rule and will see what happens.javascript:void(0);