* Home Help Search Login Register  

Welcome, Guest. Please login or register.
March 20, 2010, 08:42:22 AM

Login with username, password and session length

373191 Posts
41401 Topics
94091 Members
Latest Member: suzieq

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Archived Boards
| |-+  Discontinued Products
| | |-+  Comodo Firewall
| | | |-+  Help for v2
| | | | |-+  Ridiculous amount of blocked inbound connections		 « previous next »
Pages: [1] Go Down Print
Author Topic: Ridiculous amount of blocked inbound connections  (Read 2088 times)
2point0
Newbie
*
Offline Offline

Posts: 5
« on: September 21, 2006, 12:13:47 AM »
Hello all!  First off I am new to Comodo and I love it and I am very excited to be a part of this community.

Well, as I am sure you can guess by the subject, I am getting an absurd amount of inbound connections but I have no idea what the cause of this is.  I am getting approximately 50+ inbound policy violations and I can't figure out the source.

Any help would be greatly appreciated.

Here is a sample so you can see the frequency of the connection attempts.

Date/Time :2006-09-21 01:04:41
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = *.*.*.*, Port = 6881)
Protocol: UDP Incoming
Source: *.*.*.*:3000
Destination: *.*.*.*:6881
Reason: Network Control Rule ID = 5


Date/Time :2006-09-21 01:04:41
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = *.*.*.*, Port = 6881)
Protocol: UDP Incoming
Source: *.*.*.*:49153
Destination: *.*.*.*:6881
Reason: Network Control Rule ID = 5


Date/Time :2006-09-21 01:04:36
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = *.*.*.*, Port = 6881)
Protocol: UDP Incoming
Source: *.*.*.*:24851
Destination: *.*.*.*.116:6881
Reason: Network Control Rule ID = 5


Date/Time :2006-09-21 01:04:31
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = *.*.*.*, Port = 6881)
Protocol: UDP Incoming
Source: *.*.*.*:6669
Destination: *.*.*.*:6881
Reason: Network Control Rule ID = 5


Date/Time :2006-09-21 01:04:31
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = *.*.*.*, Port = 6881)
Protocol: UDP Incoming
Source: *.*.*.*:58000
Destination: *.*.*.*:6881
Reason: Network Control Rule ID = 5


Date/Time :2006-09-21 01:04:31
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = *.*.*.*, Port = 6881)
Protocol: UDP Incoming
Source: *.*.*.*:32100
Destination: *.*.*.*:6881
Reason: Network Control Rule ID = 5

Edit: Sorry for putting this in FAQs
« Last Edit: September 21, 2006, 12:43:23 AM by 2point0 » Logged
Soy Joy
Comodo's Hero
*****
Offline Offline

Posts: 804


Phyuuu-Fyuuuh!
« Reply #1 on: September 21, 2006, 12:24:15 AM »
Hi, welcome to the forum.
Glad to have you as a part of this community.

...in the mean time, can you please attach a screenshoot to your "Network Control Rules", as it seems all of this LOG trigered by your rule in position #5.

Also, can you tell us what's your OS, CPF version, other security software you use, etc.
Logged
Ganda: over here in my country , im a real sex object
Soy Joy: looool
Ganda: whenever i ask girls for sex ... they object
Melih: LOL!
2point0
Newbie
*
Offline Offline

Posts: 5
« Reply #2 on: September 21, 2006, 12:34:23 AM »
I'll get on that right now and be back in a moment to edit this post. =D

Here's the screenshot of the rules you requested, and I think I am beginning to see my problem...


I'm running Windows XP, SP2 and as far as other security software just Avast!.
« Last Edit: September 21, 2006, 12:38:16 AM by 2point0 » Logged
Soy Joy
Comodo's Hero
*****
Offline Offline

Posts: 804


Phyuuu-Fyuuuh!
« Reply #3 on: September 21, 2006, 12:51:05 AM »
From the attached screenshoot, I can see that nothing's wrong with your rules. As it was the default one that comes with the installation.
Anyway, after doing some Googling, I found out that most Torrent downloader using this port (6881) as their default port.
...now, is there any chance that you have a torrent downloader at the moment?
If you say, yes. Then the problem should be; "How can I allow this trafic (if you want it to) then?"
It's almost as simple as 1, 2, 3. But to make you have a better understanding to how CPF work it's way around to control your trafic, you can try to check the folowing links:
-. [Emule and bittorent tuttorials]
-. [How To - Understanding & Creating Network Control Rules properly]
Logged
Ganda: over here in my country , im a real sex object
Soy Joy: looool
Ganda: whenever i ask girls for sex ... they object
Melih: LOL!
2point0
Newbie
*
Offline Offline

Posts: 5
« Reply #4 on: September 21, 2006, 12:58:20 AM »
I found the same thing too shortly after I made that post.  I do use the bit torrent network for file transfers, however, currently, I am not running the program.  Why would there still be incoming connections if the program isnt open or running at all?
Logged
Soy Joy
Comodo's Hero
*****
Offline Offline

Posts: 804


Phyuuu-Fyuuuh!
« Reply #5 on: September 21, 2006, 01:05:23 AM »
Since torrent downloading are based on the tracker, then it must be the tracker that kept on trying to connect to your PC as per user request, regarding any files you seed.
And so far, as I Google around, I can say that it's quite safe to use this port, as there is none (yet!?) exploit to this torrent port.
Aside from that, you can always tone down the way CPF alerts you, by changing a few of it's configuration from the folowing order:
- Main Window > Security tab > Advanced > Miscellaneous > Alert Fequency Level
Logged
Ganda: over here in my country , im a real sex object
Soy Joy: looool
Ganda: whenever i ask girls for sex ... they object
Melih: LOL!
kail
Autonomous
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 5364


I'm not a complete idiot, some bits are missing.
« Reply #6 on: September 21, 2006, 01:35:29 AM »
Quote
Edit: Sorry for putting this in FAQs

No problem. I'm going to move this topic to the Help section directly after this post.
Logged
Windows 7 Ultimate x32 with CIS 3.14 & Firefox 3.6 & Becky! 2.54
__
A positive and polite attitude may not solve all your problems, but it will annoy enough people to make it worth the effort.
2point0
Newbie
*
Offline Offline

Posts: 5
« Reply #7 on: September 21, 2006, 02:00:37 AM »
Thanks a lot for all your help, both for moving the topic and taking the time to answer my question(s).  This seems like a great community and I hope to be able to contribute as time goes on. Wink
Logged
Soy Joy
Comodo's Hero
*****
Offline Offline

Posts: 804


Phyuuu-Fyuuuh!
« Reply #8 on: September 21, 2006, 02:20:44 AM »
Hey, no problem at all.
I'm just trying to raise my post count.
...but that's a secret. And don't tell everyone about it!
Laugh
Logged
Ganda: over here in my country , im a real sex object
Soy Joy: looool
Ganda: whenever i ask girls for sex ... they object
Melih: LOL!
Tags:
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 7.868 seconds with 20 queries.
Powered by SMF 1.1.11 | SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks 		Design by 7dana.com