700+ intrusions everyday

I’ve been getting about on average 700 intrusions everyday from my Comodo firewall.

I check the log viewer and under the application tab it always shows “Windows Operating System” and under destination port its - 27032 about every 10 seconds.

I check the log from my router and it keeps showing stuff like leasing ip to my computer almost every 20 min and “SYN Flood Attacks - Packet dropped” often showed up.

Is this normal and Should I be concerned? What should I do? I scanned my computer using Avira antivirus with full system scan and nothing showed up.

Did you happen to have a torrent client active that is closed now?

This is typical behavior for such an applications, packets logged against Windows Operating System are destined to a port that is no longer listening…

You can add a block rule in your Global rules if you like to get rid of these loggings, and the destination port is always the same.

i think Ronny is right.
BitTorrent is a huge flooder after u close the client, u said u had 700 intrusions blocked by the FW each day, and process is called windows operating system,
but when i use this bitTorrent software then when the iso i was dling is complete,
when i close this P2P client, i got like 1200 or 1300 intrusions blocked by comodo FW with process named windows operating system. as i set 1 port for incoming and 1 for outgoing, i see that others clients are hamering my machine for a service that is no more running, and it can go on for days sometimes.
if u try with emule, u can see the same thing but with emule the hamering stops after maybe less than a hour. BitTorrent is really a giant port flooder, i never saw that with other prog.
if it’s too boring, the only way is to delete the rules u created in the router to nat bitTorrent.
once the ports are no more open, the torrent flood stops immediatly.
for the moment i didnt find yet a solution to stop this crazy flood.
maybe i missed to set some advanced rules the right way to stop that.
hopefully, people can only use now 2 ports only, but if u dont modify some rules, the prog uses all ports and after some minutes, u can see that your bandwitch is totaly used by torrent.
even surfing the web becomes a 56Kbit story.
this torrent thing is a bandwitch killer, never DL more than 1 file eachtime u use it, or the hamering will go on for days.
if someone knows how to configure this torrent thing to stop the hamering for days, please help,
emule stops the flood way before torrent, so what’s the prob ?

on bittorrent online documentation, they say that disable DHT options can reduce the problem…

[i]"Why am I still receiving incoming connection attempts after I have already closed BitTorrent Mainline?
In BitTorrent, peers disconnect from the swarm without notifying every other peer in the swarm because it would be inefficient to do so, and also because peers rarely have the IPs of every other peer in the swarm (which would make it impossible to do in the first place). Because most BitTorrent clients cache peer information, when they try to connect to a particular peer in their cache, they may end up attempting to connect to a peer that has already disconnected since they last received the peer’s IP and port number.

This phenomenom is what you are observing when you see incoming connection attempts after you’ve exited BitTorrent Mainline. Depending on how many peers had a copy of your IP and port number in their peer cache, this can take up to several weeks to subside. Having DHT enabled may magnify the effects, as there are many more peers using DHT than there are connected to any one particular torrent swarm (so more users may have your IP and port number by the time you disconnect). Although there is no way to prevent this from occurring, disabling DHT may reduce the amount of time needed for this to taper off. Assuming your network is properly protected, these connection attempts can be safely ignored."[/i]

Hi Guys,

First there is no response yet from the OP whether that is indeed P2P causes the problem.

Then, there is not need necessary either to delete the rule nor disable DHT.

There actually 2 styles of setting rules as far as I know.
Previously I used the one with the Global Rule that has to be just moved “Up” above the last blocking Global Rule as soon as you finished … a bit annoying
Currently I am not using the Global Rule for uTorrent.

The only thing I do is setting back from P2P (second option in Stealth Wizard) to “Block all…” and I’m always removing forwarded port(s) (just don’t like if those are there when not in use) That’s all.

Cheers!
Happy New Year!

Do not log it. I have 25000++. This is the pressure :o

It might be caused by a P2P software. I’m not sure. ??? I do use Bitcomet and video streaming alot.

I have 2 pcs, 1 PS3. All of them are connected to my router DI-524 firmware 1.23.

I have suspected it could be caused by P2P softwares. I stopped using them for 2 days, and the comodo firewall log still shows around 700 intrusions daily, yesterday one of my PC got 3000+ intrusions. They are all from windows operating system from different source IPs to different destination ports but always to my ip.

I checked my router log, and it keeps showing “SYN Flood Attack - packet dropped” sometimes almost every 10 seconds. Does SYN flood attack slow down my network performance and speed? :o

I think I’ll keep oberving.

Thanks.

So is there any danger to having all these connections trying to access your IP? Like are they really trying to attack your computer? I just got over 600 intrusions after downloading this video add-on to watch a video online. I don’t know if I should be concerned about this or if it’s standard with P2P and other sort of things like this. Thanks

Hi ssjmichael , welcome to the forum

I think that your question is not related to the issue that’s currently discussed here.
The question is about using and setting up P2P correctly, Guys who were trying to help suggested that logging were because of P2P use.
Jeff-Ryan - the original poster confirmed that he is suspecting Bitcomet as well

You question as far as I got it is about using some video Add-on
Moreover, you did not provide enough information about the Add-on you’ve downloaded voluntarily.

Usually it is very suspicious if you are asked to download special player / add-on / codecs / license in order to watch (playback) the content. You have to be extremely careful with such requests.

I would suggest you create a separate thread, say in offtopic;
post more details about the properties of the video and the add-on required.

There is no intention to scare you, but there is no such video here whether it is downloaded or watched online that I cannot playback … and I have practically all possible samples. Video/Audio editing is one of my hobbies.

Yes I would be concerned, as you asked , but the part of the question:

“… or if it’s standard with P2P and other sort of things like this?.." Is absolutely unclear, since the statement: “… after downloading…”

You can download anything using P2P and you can download anything without using P2P…

So, whatever is happening after that - is just a work of the alleged Add-on, therefore your P2P settings have nothing to do with the “some unknown Add-on” functionality and has to be investigated irrespectively to P2P (whatever client you are using).

My regards

can you post the logs here. It’ll narrow down the cause very quickly

Sorry how do I post logs here?? ???
Comodo firewall logs only let me export it to HTML. Should I post a screen cap instead? Is there a way to post logs as text?

bump

Yes please post a screenshot and if you have a public IP please blur them…
(Public IP is not 10.x / 172.23.16 - 31 / 192.168.x)