This is my first post here on the Comodo forums.
I am having some kind of trouble and I don’t know exactly what’s going on. This morning when I opened CIS (I use version 5.8 with antivirus, defense+ and firewall all enabled) I saw the firewall reporting that “firewall has blocked 400 intrusions so far” and I opened the event log to see what and who are those intrusions. The application was Windows Operation System and the interval of these events was around 10-15 seconds. Direction was “in” and protocols were both “tcp” and “udp” coming from different IPs source with different ports but having the same destination ip and port (port 63562).
I was just browsing on the internet looking for some products to buy. I scaned my PC for malware and I’m not using p2p clients or torrents. My laptop is behind a router and all other PCs in my house are turned off. I don’t know where or why all those IPs addresses are coming/trying to connect to me. And most important I don’t want them to connect.
Also, why is the application labeled “Windows Operation System”? I have Windows 7 Home Premium (if this information helps).
I attached a print screen so you can see what I’m trying to explain… maybe this will help better (english is not my native language so I may have made some mistakes in this post)
P.S. While I am posting this, the firewall has blocked more intrusions. This time around 150+
[attachment deleted by admin]
Do you have a static ip (public ip in the internet, not the one of your computer)?
If not, you can easily get rid of those attempts by changing it (switch router off and on for example). And sometimes you get an ip, which has maybe traffic phantoms that were initiated by the former user of that ip.
At least the two ips that i checked are from the same country. Romania.
“Windows operating system” as destination name means, the attempts are blocked before the specific service which was meant as target has been located. For example, if “unrequested ingoing traffic” is blocked by a global rule which would be: “block ingoing any any any”.
This rule is generated if you use the stealth port wizard setting 3, and its usually very usefull to have it.
What is strange: You have a router. If it was set right, and you didnt initiate the traffic, it shouldnt reach your desktop firewall at all.
Do you use any program that would use this port? A messenger for example?
Thanks for your reply, clockwork.
You given me an idea and I think I found the problem, or at least I found a [working] solution.
I switched the router off and on and got another public IP. This helped. No more intrusions.
Then I remembered… I recently cleaned up my desktop and forgot to remove some port forwards from my router. There’s were I found that port I didn’t knew anything about it - I think it was for y!mess. My mistake, bad and old configuration. I removed the port and the traffic was gone. But still I can’t figure it why there was so much traffic.
At least for now everything seems alright.
P.S. thread can be closed.
Just a scenario: One of the computers behind the router could have responded to those traffics before… and it was not obvious until this traffic found its way into your log after block.
Thats why desktop firewalls are a good idea, additional to a router.
Or you just got a “bad” public ip.