Alert: "SYSTEM is trying to receive connection from Internet"

cska133 · November 9, 2009, 11:50am

I installed Comodo firewall today and I m getting alert “SYSTEM is trying to receive connection from Internet”.
Remote: 88.65.133.222 - TCP
Port: nbsess(139)

do I have to allow or block this?

imagine · November 10, 2009, 5:41am

You need to identify the URL to decide. Go here http://samspade.org/whois/88.65.133.222

This will give you all the info you require to decide to block or not. Any URL can be queried by putting it in the Whois box.

rhgtyink · November 10, 2009, 8:03am

Hi cska133,

Unless you are sharing files and printers i would block this traffic !!
Port 139 is used to share files and printers, so it’s “someone” trying to connect to your pc to access your files/printer and/or registry.

cska133 · November 12, 2009, 4:13pm

ok, (1) the IP is from Arcor, this is my Internet provider. But why it needs to connect my PC???

(2) I dont share my printers or files with anyone, so could is lead to problems if I block SYSTEM to connect Internet? Beacause I get alerts that many different IPs are trying to connect SYSTEM.

Is this OK?

rhgtyink · November 12, 2009, 4:33pm

I would block all those incoming connections, those are probably all from infected hosts trying to spread their worm virusses…

cska133 · November 13, 2009, 7:51pm

how can I block all the incoming connections to SYSTEM at once and not for every IP alert? Where is this setting in Comodo firewall?

rhgtyink · November 13, 2009, 7:59pm

You can create this rule on the Global Rules tab.

Create a rule

Block
TCP or UDP
IN
Source = Any
Source Port = Any
Destination = Any
Destination port = Range 137 - 139

And move it all the way to the top, if you decide to go with these rules also create one for port 135 and 445.

If you don’t ‘share’ any thing on your PC then you can also use the Stealth Ports Wizard and then chose option 3 Block all incoming traffic, global rules will then be changed automatically.

If you want to check how stealth you are you can use a web scanning service like shields up!
https://www.grc.com/x/ne.dll?bh0bkyd2

cska133 · November 13, 2009, 8:06pm

And move it all the way to the top,

why should I move the rule at the top? Which role/effect does this play/have?

cska133 · November 15, 2009, 12:13pm

could I get a answer please why I need to move the rule on the top? which top actually?
thanks

Dennis2 · November 15, 2009, 12:26pm

The reason to move rules to the top is the rules are read from the top of the list first, so a rule you wish to take precedence over all other rules has to be at the top.

Dennis

cska133 · November 15, 2009, 12:35pm

which rules do you exatcly mean?

rhgtyink · November 15, 2009, 12:37pm

The global rules i suggested.

You can find them by going to Firewall → Advanced → Network Policy and then switch from the applications tab to the global rules tab.

bluesjunior · November 16, 2009, 9:35am

You can also just set the rule for System to “Outgoing Only” and do the same for svchost as well. This is what I and many others do.