Intrusions

[Guest]

[speedosurfer]

 ???i found out that Comodo Firewall 3.0 is blocking 576 intrusions this a lot where can i found information about the intrusions is there an event file/log it never warns that it has blocked intrusions.

[Vettetech]

90% of firewall don't warn you. Of course there is a log. Go to firewall\firewall events. What are your global rules? Are you behind a hardware firewall?

[speedosurfer]

i am not behind an hardware firewall i use adsl and use an Fritz Box fon WLAN modem/router and i don't know of there is an build-in firewall. The intrusions/blocks are on remoteport 14013 and igmp and icmp, i use the standard global rules delivered with Comodo Firewall i have only disabled netbios udp/tcp local and remote.
I use Comodo Firewall 3.0, Avira Premium Anti-Virus and A-Squared anti-malware have you any idea where the intrusions come from. See also the attachement and thanks for your help

[Vettetech]

If you have a router then you need to be sure your hardware firewall is enabled properly. That is your first line of defense. Dont save something to an html view. Save it has a jpeg or something. Those are mainly Windows blocks. What are your global rules again? What are your rules for Windows and and other things like System or Explorer? What does your global rule say? "Block all incoming connections"? Or something else?

[speedosurfer]

hello i have made an printscreen of the global rules i have nothing change to other predifined rules i download comodo and thats it

[Vettetech]

You must have run the stealth port wizard and selected the option to block all incoming connections cause the default global rule is block all echo ping,something like that. The reason for your intrusions is cause of your global rules. What are your firewall rules for Windows? Again I ask if your router has a hardware firewall cause most of them do. I have a hardware firewall which blocks all my inbounds so I do not need a global rule to block all incoming connections.

[speedosurfer]

where can i find the windows rules for the firewall

[Vettetech]

Go to Firewall\Advanced\Network Security Policy. Once again I will ask is your router firewall on?

[speedosurfer]

Yes the firewall on the router is on but you can't change anything very strange i have asked mine ISP for support and they will react in 3 days so the internal firewall seems to be on and active.

The windows rules are standing in the global rules i understand i have made 2 screenshots for you maybe you can help me.

[Vettetech]

See this post and screen shots. Dont wait for your ISP. You can get into your router settings by typing something like 192.168.1 into your address bar. Just Google your router and you will find out.

http://forums.comodo.com/help_for_v3/windows_operating_system_system_idle_process_in_logs_merged_threads-t14948.0.html

[Vettetech]

I honestly don't need a software firewall cause my modem is fully stealthed and blocks all incoming connections. I use Comodo for the program control and HIPS features.

[grue155]

I've taken a fast eyeball at your log. It looks like some process running on your PC is trying to talk to your router, and CFP is blocking the replies. The process that is running on your PC is using port 14013, and all the router replies are trying to answer back to that port. That's why you're seeing all the destination port logs for that one port. The fact the the source ports are changing (and in an increasing sequential manner) is typical for "status query"-like traffic.

If you use a "netstat -anob" from a PC command prompt, you should see some process running that using port 14013. Once that process gets identified, then it will be possible to figure out what rules need to be changed.

The ICMP and IGMP traffic that is in your log, looks to be normal router-to-PC type traffic. IGMP in particular gets used with Windows UPnP. From your log, these don't seem to be anything to be concerned about, for now.

[Tags:]