UDP Port Scans

I am concerned about a bunch of UDP Port scans I have been receiving. My log says they have been blocked and have been logged in as High Severity, there have been a total of 6 logged. The first time 25 ports were scanned, the next 5 times 50 ports were scanned.

But also there have been over 400 that under the severity clolumn was marked “info”. They are all the same attacker, but on these there is a remote thing listed.

What im trying to say is should I be concerned about this?

No, you shouldn’t worry. CPF stopped it.

But, you could find out about who did it… goto [url]http://www.dnsstuff.com/[/url] and tap in the scanner’s IP address into the WHOIS Lookup. This will tell you lots about that IP address. Sometimes there’s also can email address that to can email complaints to, if you so wished. But, it may also tell you that it is something like that you were ineracting with… a web site… software… etc…

what about these ones that it logs?

Description:
Information (Access Granted, Protocol - IGMP)

Protocol:
IGMP Incoming

Source:
192.168.1.1

Remote:
224.0.0.1

Reason:
Network Control Rule ID = 1

I think that is the rule that allows “fragmentation needed” ICMP communication to come in

under the security tab on the Network settings should I allow or disable any of the ID’s, such as the IP Out and In and the TCP/UDP in/out?

I guess that all depends how they are configured… what are they set to do?

There is a snapshot of mine attached.

I would also like to point you towards a Network rule “How To” [url]https://forums.comodo.com/index.php/topic,1125.0.html[/url]. It may help you understand what the wizards created for you. You may also find this terminology guide handy [url]https://forums.comodo.com/index.php/topic,1126.0.html[/url].

[attachment deleted by admin]

thanks for the links i’ll check them out.

And thanks to everyone who has responded.

Hey Dan,

In your attached screenshot, isn’t your rule ID3 the same as your rule ID 6, except 3 allows traffic in and rule 6 blocks it? Doesn’t rule 3 expose your PC?

Cheers,
Ewen :slight_smile:

The part the screenshot doesn’t show are the Ports that the rule is specific for… basically it is my rule that enables Bittorrent downloads.

Rule D in my “How To”

I see said the blind man!

… to the deaf woman, who was listening to the radio. :wink:

I followed your guide, but after applying rule C that you had listed I have failed the Leak Test posted on the Comodo home page.

If I block IP out will I not be able to run Internet Explorer or Firefox?

I might be wrong, and I may be thinking of the wrong test, or it might be because I am reading this at 1 am… but the leaktest I think was for testing the application rules… if you ran the test and CPF prompted you for an action and you allowed it… that would be why you failed… i think…

ah yes. I did allow it. stupid me… yea i think its cuz its 2a.m. and im all paranoid about these Port Scans i’ve been getting.

lol, anyway. thanks for your help.

Awesome, glad I could help… (unlike Ewen who just came to pick on my attachments) :wink: ;D

(CLY)