FIREWALL EVENTS - BLOCKED TRAFFIC - WINDOWS OPERATING SYSTEM - TCP/UDP

[Guest]

[cbtech]

First post here;

Love the product. I've had it installed for a couple weeks now. I'm just trying to get my "Trusted Application" traffic tweaked.

I am getting blocked traffic on port UDP 25115 among others relatively close in that port range about once every 30 seconds.

The traffic is labeled under windows operating system, although I am not sure if it actually IS.

I traced the IP address(s) to my ISP and to some kind of super node/network center in Asia.

Anyone know what might be causing these flags? I run AVG but that is in the 10,000's.

The closest app I've been able to narrow it down to is Firefox which doesn't seem to be using the mentioned problem port range.

Thanks a mil.

Target: 218.169.224.169
Date: 5/26/2008 (Monday), 12:21:28 AM
Nodes: 21

Node Data
Node Net Reg IP Address      Location            Node Name
  21   1   1 218.169.224.169 Gaoxiong            218-169-224-169.dynamic.hinet.net

Packet Data
Node High Low  Avg  Tot  Lost
  21  329  329  329    1    0

Network Data
Network id#: 1

OrgName:    Asia Pacific Network Information Centre
OrgID:      APNIC
Address:    PO Box 2131
City:       Milton
StateProv:  QLD
PostalCode: 4064
Country:    AU

ReferralServer: whois://whois.apnic.net

NetRange:   218.0.0.0 - 218.255.255.255
CIDR:       218.0.0.0/8
NetName:    APNIC4
NetHandle:  NET-218-0-0-0-1
Parent:     
NetType:    Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: NS-SEC.RIPE.NET
NameServer: TINNIE.ARIN.NET
RegDate:    2000-12-07
Updated:    2005-05-20

OrgTechHandle: AWC12-ARIN
OrgTechName:   APNIC Whois Contact
OrgTechPhone:  +61 7 3858 3188
OrgTechEmail:  search-apnic-not-arin[ at ]apnic.net

Visit AboutUs.org for more information about HINET.NET

Registrant:
Internet Dept., DCBG, Chunghwa Telecom Co., Ltd.
   Data-Bldg, No. 21 Sec.1, Hsin-Yi Rd.
   Taipei, Taiwan 100
   TW

   Domain Name: HINET.NET

   Administrative Contact, Technical Contact:
      Internet Dept., DCBG, Chunghwa Telecom Co., Ltd.  vnsadm[ at ]hinet.net
      Data-Bldg, No. 21 Sec.1, Hsin-Yi Rd.
      Taipei, Taiwan 100
      TW
      +886-2-23444720 fax: +886-2-23960399

   Record expires on 20-Mar-2010.
   Record created on 19-Mar-1994.
   Database last updated on 23-May-2008 04:34:10 EDT.

   Domain servers in listed order:

   HNTP1.HINET.NET              168.95.192.1
   HNTP3.HINET.NET              168.95.192.2

[grue155]

Welcome to the forums, cbtech

It could be that you've inherited an IP address that was previously in use by a p2p user. That's assuming you have a dynamic IP address. You'd need to post your log to allow me a better guess. In CFP, click Firewall, and then Firewall Events, and export the result to a file that you can post here.

[cbtech]

Thanks for the response.

Heres a shot of the log;

Direct link:
http://i228.photobucket.com/albums/ee96/cb3tech/Flog.jpg

[grue155]

It still looks like a p2p connection. In this case it's just one connection attempt over 43 seconds from a single host, trying to talk to something on port 45795.

You can check in CFP, click Firewall then Active Connections, you can see if anything is listening on that port 45795. If You don't have anything listed, then it looks almost certain that this is an old p2p connection.

But if you do have something listening on that port, and you're not expecting to find anything there, then there may be a problem.

[Surge]

I had the same issue. At some point I noticed that eMule gets Low ID, while it was not the case before. Trying to change settings of Comodo, reinstalling eMule and Comodo, I noticed that most of the traffic is identified as "Windows operating system" and thus automatically is either blocked or allowed.

Removing Microsoft Network Monitor 3.1 (a dll from which I needed to install SyncToy 1.4 on my Vista x64, version 2.0 for Vista being unbearably slow) solved the problem and now everything is back to normal!

Clearly, I have no idea what exactly happened and if it is only Microsoft Network Monitor which causes this behaviour of Comodo.

[Tags:]