Re: new to firewalls





"Tom W." <not@xxxxxxxx> wrote in message news:l20bh3l7pog4370vep6vkvrmn76trks1va@xxxxxxxxxx
On Tue, 16 Oct 2007 23:14:29 -0400, "Mr. Arnold" <MR.
Arnold@xxxxxxxxxx> wrote:


"Tom W." <not@xxxxxxxx> wrote in message
news:cvmah3tqi44bm3ltj1fcen519e1km3jf13@xxxxxxxxxx

I just installed comodo pro firewall.
I have never really used a firewall before
and I have a question. I keep getting
inbound policy violation entries in the log
every few minutes all from the same ip
address. Can someone explain this?


Something like Comodo is not FW technology. Comodo is a personal packet
filter or machine level packet filter, and it's not FW technology.

You can start with the links.

http://www.vicomsoft.com/knowledge/reference/firewalls1.html
http://www.more.net/technical/netserv/tcpip/firewalls/

Date/Time :2007-10-16 20:47:23Severity :MediumReporter :Network
MonitorDescription: Inbound Policy Violation (Access Denied, IP =
192.168.1.65, Port = nbname(137))Protocol: UDP IncomingSource:
192.168.1.65:nbname(137) Destination: 192.168.1.255:nbname(137)
Reason: Network Control Rule ID = 5



Date/Time :2007-10-16 20:47:18Severity :MediumReporter :Network
MonitorDescription: Inbound Policy Violation (Access Denied, IP =
192.168.1.65, Port = nbdgram(138))Protocol: UDP IncomingSource:
192.168.1.65:nbdgram(138) Destination: 192.168.1.255:nbdgram(138)
Reason: Network Control Rule ID = 5


It was denied the personal packet filter is doing its job of stopping
unsolicited inbound traffic. What you need to worry about is the inbound
traffic that's is coming through the packet filter and is not being denied.
A connection is made due to some program running on the computer behind the
FW or packet filter that has made a solicitation for traffic to a
remote/Internet IP, because the program sent outbound traffic to the site,
and inbound traffic is coming back -- the solicitation.

There a two types of traffic a FW or a packet filter is going to deal with
and is kind of a default. 1) Solicited inbound traffic. Traffic is coming
inbound due to a program running behind the FW or packet filter has sent
outbound traffic or the contract was initiated by the program behind the FW
or packet filter. The FW or packet filter is going to let that type of
inbound traffic pass. The traffic can or cannot be legit. It could be a
legit program or a malware program that is doing the solicitation.


2) Unsolicited inbound traffic is just the opposite. No program running
behind the FW or packet filter has made a solicitation for inbound traffic.
That type for inbound traffic is blocked or denied.





Rebooting the computer seems to have cleared it up.
Thanks for the response.


I suspect that's not the case. Unsolicited inbound traffic which was what the packet filter was blocking is just everyday noise or traffic on the Internet. The booting of the computer is not going to clear it up, unless Comodo was doing false reporting, which can happen with any PFW/personal packet filter. But most likely, the unsolicited was stopped from whatever on the other end, because it couldn't get through, and it moved on.

.



Relevant Pages

  • Re: new to firewalls
    ... Inbound Policy Violation (Access Denied, ... It was denied the personal packet filter is doing its job of stopping ... and inbound traffic is coming back -- the solicitation. ...
    (comp.security.firewalls)
  • Re: new to firewalls
    ... Comodo is a personal packet filter or machine level packet filter, ... Inbound Policy Violation (Access Denied, ... A connection is made due to some program running on the computer behind the FW or packet filter that has made a solicitation for traffic to a remote/Internet IP, because the program sent outbound traffic to the site, and inbound traffic is coming back -- the solicitation. ...
    (comp.security.firewalls)
  • RE: an error in the NMAP docs?
    ... > and outbound by deny all rules and then add a packet filter ... > rule to allow the machine to act as a DNS server (inbound port ... the server's port 20. ... > Earn your MS in Information Security ONLINE ...
    (Security-Basics)