I’ve one question. I often use uTorrent program and it needs to accept incoming connections. With ZA it is not a problem, the needed port is open without any configuration. But, after a lot of BSOD today caused by srescan.sys (it belongs to ZA) I moved back to Comodo Firewall. But… I need to create a rule for uTorrent incoming connections. Is it very risky to leave open port? The rule is below, I opened only one port which I’ve set randomly on uTorrent (it is not the default one). Actually I found it as the only one possible way to configure Comodo with uTorrent. :-\
To me that rule is too open ended also and liable to exploit.
I don’t know what you mean by an open port, no restriction on use, rather than what something like grc.com shields up would call an open port, one that isn’t stealthed. A port that isn’t stealthed can effectively announce your presence when port scanned, leaving you liable to more detailed scanning.
What if you allowed access based on uTorrent, program permissions rather than a global rule like this. Perhaps you need to visit a comodo forum.
The problem is that my IP is dinamic, not static. The only way to make uTorrent accept incoming connections is the rule in #1 post… Already tried everything… Program rule does not works, moreover uTorrent is marked as SAFE in Comodo so it do not asks any rules from this program.
Are you in a network? Even so, just let it static… there is no other way as you need to open a port for an specific computer in the network…
Well, maybe other guy understand more than I of these stuffs…
Well, using the rule you’ve posted, there is no difference on allowing server rights like in ZoneAlarm. Comodo allows you to get, in theory, a narrow rule for an open port. ZA open it completely. If you want to run P2P at high identity login, the only way will be opening the port…
Just back from Comodo support forum. Seems the first rule I posted is the only way. This configuration is mentioned in Comodo several times, and I can’t find better solution in their forum. PS. My ISP can’t provide me static IP. I need to change ISP if I want to have one static IP, instead dinamic, which changes every time I’m reconnecting to the net.
My ISP only allows static IP to enterprises not to a person user.
But having a router, you can do it. Your (your computer) has a static IP, as well the router. The only dynamic is your ‘real’ IP 8)
modem(dynamic/static ip)----router(forward port X to pc IP address)----pc(IP address)
You have to forward the port you have chosen to use in utorrent to the PC running utorrent. You also need to make sure the PC running utorrent has a static ip, by that i mean an IP you have manually specified and not one that the dhcp server of your router has assigned.
Whether your ISP issues you with a static or dynamic ip for your modem does not matter.
so in your router you would for example forward port 50000 to IP address 192.168.1.4
modem(dynamic/static ip)---->router(forward port 50000 to pc 192.168.1.4)---->pc(192.168.1.4)
You should not need to change your software firewall settings on your pc, just make sure the application utorrent is allowed access.
DukeNukem,
This seems to work well if your using ZoneAlarm but, it doesn’t work when using Comodo.
Allowing the program by itself, doesn’t give the program access to the designated port(s)
That’s the stone wall I’ve been running into with Comodo for a long time.
In a rule firewall (like Comodo, Kerio, etc.) you need to manage the Network access.
ZA is simpler, but you give server rights (full access), which let you in a less security state (I suppose).
I’ve just scanned my port uTorrent is using, and I opened in Comodo rules for TCP In. I was nicely surprised: even with torrent working this port was not reported as OPEN by auditmypc.com scanner
Ahrrr… It’s too complicated for me… Actually I hate my ADSL Modem-Router, because it has bunch of settings for hell knows what. Moreover, since this thing came from ISP it has modified firmware (Lithuanian version) so all settings are adapted to my ISP requirements… And… Seems it is rare enough model too… MT820
It’s in English, but… Now somethings wrong with it. It just started blocking itself constantly when I’m connected…after some time all indicators lits up, and I need to re-turn it on to connect again. And I can’t get into config page, it’s not opening anymore… seems it f*** a lot. Pressed RESET button, but it keeps blocking…
