Why do I get requests I shouldn't get?

Okay… Let me explain the whole picture.

I have a PC with cable internet connection (no router) and Notebook that I share that connectiction with via Wi-Fi, Also I run FTP server, minecraft server and use torrent. Wi fi network that I use to share internet connection I named Connectify and is 192.168.236.1 - 192.168.236.255.

Now… global rules list is as follows from top to bottom

Allow incoming IP source adress - network zone (connectify) destination adress - any, cuz any outgoing traffic from notebook is considered incoming traffic to a PC.

Allow incoming TCP destination port 25565 - that’s for minecraft server

Allow incoming TCP destination port 21 and
Allow incoming TCP destination port range 5000 - 5100 - those are for FTP server

Allow incoming TCP and UDP destination port 16606 - that’s for Utorrent

Allow incoming ICMP fragmentation needed
Allow incoming ICMP Timed out
Block Incoming IP from any to any - those 3 are default rules

Now why on earth from time to time I get requests about incoming connection on port 80 from skypekit.exe (that is a part of trillian) with source IP outside of Connectify zone, like 208.64.252.230?

From my previous thread I kinda though that port 80 and any other except those listed above will be blocked without requests \ notifications.

Windows 7 Sp1 x64 CIS x64
Enable enhanced protection mode is ticked in defence+ settings (if that has to do anything with anything.)

Reading your global rules, it should not ask for unrequested incoming on port 80, it should be blocked.
Can you make a screenshot (anonymized) of the question window, with the global rules?

Does only one computer gets this question?

Here you go, my version isn’t english though…

208.64.252.230 is the site I used port scanning from (on myself) Here’s the link http://www.t1shopper.com/tools/port-scan/#

Easiest way to trigger this is to launch port scan of common ports, when it’ll get to port 80 you’ll get this alert… but not all the time. And sometimes I get this error from other IPs when I’m NOT portscanning myself.

Both trillian exe and skypekit.exe have only “allow outgoing IP” rules in application rules.

No alerts are displayed on the notebook.

[attachment deleted by admin]

Well, i asked for screenshots to read what the question and circumstance is.
I can not read it :smiley:

If you dont mind, switch comodo to english for this screenshot. It will increase the chance that someone finds the clue.

Edit: Keep in mind that skype uses a technic to circumvent firewalls (if its allowed to connect out). The firewall will think, the unrequested message from your friend is “a requested packet”. Skype is peer to peer. Though, it will run with an “outgoing only”-rule, “thanks” to this technic.

Here’s english version

[attachment deleted by admin]

If you dont mind… could you save your configuration first (for later re-entering), and then erase the green rules for another test?
We would be able to nail the problem in the green rules :wink:

If you still get this question with only the last rule, we would have something interesting.

Lol, or just move the red rule on top for the test :smiley:

[at]Clockwork
Thanks for the idea, with the block rule on top the list the problem is gone, after experimenting a bit I think I isolated the problem to this rule (see screenshot, destination adress and IP details are set to any).

I don’t understand why though. I thought that rule allowed incoming connections from “connectify” network zone (which is 192.168.236.1 - 192.168.236.255) only. I need this rule to allow my notebook to share my PC’s internet connection. With this rule my notebook can connect to the internet via PC, but my smartphone (under android 2.1) can’t, that’s another problem (it can if I turn firewall off). They’re using the same wi-fi network.

So what am I doing wrong?

[attachment deleted by admin]

I would make rules with numbers, instead of “representing names”. Its an easier approach than to find out what the name rules are missing.
Its also better if rules represent what they contain. For the overview. You can work with “ip range”.

Does the behaviour change if you explicit allow what you plan?

I assume your rule screenshots represent the pc? So, you get an “unreqested ingoing attempt” question for a program on your pc, because you have a rule which should let traffic pass to your notebook?
How easy routers are in compare :smiley:

@clockwork
I’m sorry, I didn’t quite understand what you wrote…

Yes those are screenshots from the PC.

I also noticed that if I use Ip range instead of network zone in therule I mentioned above, I won’t get unrequested incoming connection request.

You named what i wrote about :slight_smile:
The network zone rule contains a bad decision, and you dont make a mistake with ip range.