|
Posted by Mr. Arnold on October 16, 2007, 11:50 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> On Tue, 16 Oct 2007 23:14:29 -0400, "Mr. Arnold" <MR.
> Arnold@Arnold.com> wrote:
>
>>
>>>
>>> I just installed comodo pro firewall.
>>> I have never really used a firewall before
>>> and I have a question. I keep getting
>>> inbound policy violation entries in the log
>>> every few minutes all from the same ip
>>> address. Can someone explain this?
>>>
>>
>>Something like Comodo is not FW technology. Comodo is a personal packet
>>filter or machine level packet filter, and it's not FW technology.
>>
>>You can start with the links.
>>
>>http://www.vicomsoft.com/knowledge/reference/firewalls1.html
>>http://www.more.net/technical/netserv/tcpip/firewalls/
>>
>>> Date/Time :2007-10-16 20:47:23Severity :MediumReporter :Network
>>> MonitorDescription: Inbound Policy Violation (Access Denied, IP =
>>> 192.168.1.65, Port = nbname(137))Protocol: UDP IncomingSource:
>>> 192.168.1.65:nbname(137) Destination: 192.168.1.255:nbname(137)
>>> Reason: Network Control Rule ID = 5
>>>
>>>
>>>
>>> Date/Time :2007-10-16 20:47:18Severity :MediumReporter :Network
>>> MonitorDescription: Inbound Policy Violation (Access Denied, IP =
>>> 192.168.1.65, Port = nbdgram(138))Protocol: UDP IncomingSource:
>>> 192.168.1.65:nbdgram(138) Destination: 192.168.1.255:nbdgram(138)
>>> Reason: Network Control Rule ID = 5
>>>
>>
>>It was denied the personal packet filter is doing its job of stopping
>>unsolicited inbound traffic. What you need to worry about is the inbound
>>traffic that's is coming through the packet filter and is not being
>>denied.
>>A connection is made due to some program running on the computer behind
>>the
>>FW or packet filter that has made a solicitation for traffic to a
>>remote/Internet IP, because the program sent outbound traffic to the site,
>>and inbound traffic is coming back -- the solicitation.
>>
>>There a two types of traffic a FW or a packet filter is going to deal with
>>and is kind of a default. 1) Solicited inbound traffic. Traffic is coming
>>inbound due to a program running behind the FW or packet filter has sent
>>outbound traffic or the contract was initiated by the program behind the
>>FW
>>or packet filter. The FW or packet filter is going to let that type of
>>inbound traffic pass. The traffic can or cannot be legit. It could be a
>>legit program or a malware program that is doing the solicitation.
>>
>>
>>2) Unsolicited inbound traffic is just the opposite. No program running
>>behind the FW or packet filter has made a solicitation for inbound
>>traffic.
>>That type for inbound traffic is blocked or denied.
>>
>>
>>
>>
>
> Rebooting the computer seems to have cleared it up.
> Thanks for the response.
>
I suspect that's not the case. Unsolicited inbound traffic which was what
the packet filter was blocking is just everyday noise or traffic on the
Internet. The booting of the computer is not going to clear it up, unless
Comodo was doing false reporting, which can happen with any PFW/personal
packet filter. But most likely, the unsolicited was stopped from whatever on
the other end, because it couldn't get through, and it moved on.
| 
XML site map