Hello,
just installed latest comodo firewall and I am wondering do I need to put my adsl router’s IP into a zone? - comodo just detected my two network cards and placed them into the zone. I get plenty of these errors below and have no idea what to do. Source is my Billion router
Date/Time :2007-02-21 09:47:14
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.xxx.1.254, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 192.xxx.1.254:50004
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 7
Yes, your routers IP should be included in the IP range used to define your zone. The easiest way to adjust this is through SECURITY - TASKS - ADD/REMOVE/MODIFY A ZONE and adjust the end address so it includes the IP of your router.
If your PCs addresses start at 192.168.1.1 and go upwards, it might be an idea to change the routers IP to 192.168.1.1 and change your PCs addresses accordingly. This way, you can restrict the range used by the zone to only those addresses actually in use. If you leave the routers address at 192.168.1.254, your range address has to cover all of the 192.168.1.X subnet.
Those are uPnP multicasts made by your router. Unless you rely on uPnP or want to use this feature, shut the service down on your computer and disable it on your router. They are used for automatically detecting and opening up ports on your computer and router. As this feature is easily exploited, and hardly in use anymore, most if not all disables this.
Just on a side note, log entries are not errors. Log entries are information about the network flow, what the firewall drops and what it allows. Logs are meant as a debugging tool
You dont need to create another zone for just one one IP address, particularly since your PCs are already in the 192.168.1.X subnet, as is your router. Find the zone for your PCs and modify the end address so it includes 192.168.1.254 (your router). Less zones and less rules decreases throughput time and increases overall speed. Less is more, providing your “less” still provides adequate security.
I believe the outbound requests are due to uPnP (Universal Plug and Play being enabled on your router. Unless you have a specific need for it (and if you’re going “up ‘n’ what?”, then you don’t )turn it off on your PCs and on your router.
)turn it off on your PCs and on your router.