Baffled by this repeating connection

OK, I have run full antivirus, Spybot S&D, Adaware and Crapcleaner. They all come up clean. I am baffled by this connection that keeps happening. I do not know how to track down what is trying to connect and being blocked (thank god) by CPF. Can anyone shed some light for me? It tries about every 10 seconds. The destination varies also(shown at bottom of this log)

Here is some of my current log file:

Date/Time :2007-03-18 15:23:18
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.0.101
Destination: 72.39.209.240
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 8

Date/Time :2007-03-18 15:23:08
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.0.101
Destination: 24.62.59.43
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 8

Date/Time :2007-03-18 15:23:08
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.0.101
Destination: 72.39.209.240
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 8

Date/Time :2007-03-18 15:23:03
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.0.101
Destination: 24.62.59.43
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 8

Date/Time :2007-03-18 15:22:48
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.0.101
Destination: 24.62.59.43
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 8

Destination: 85.132.255.233
Destination: 124.79.111.34
Destination: 213.231.107.161
Destination: 41.212.192.10
Destination: 220.248.232.18
Destination: 67.189.87.51
Destination: 24.62.59.43
Destination: 219.194.167.108

Try going to AVG 2023 | FREE Antivirus, VPN & TuneUp for All Your Devices and running an online scan. It might pick something up that the others missesd.

Hi goggy
Quick question, are you running any p2p software?
I checked a few of the address and they are internet service providers.
ICMP is not spyware trying to phone home. Basically your comp is trying to tell a connecting computer that it cannot connect to that port.
Here is a thread that might help explain it a bit.
https://forums.comodo.com/index.php/topic,5883.0.html
I have a number of allow rules for icmp. A p2p thread at another forum suggested that allowing icmp unreachables helped with speed.

Hope this helps (V)
Found another thread that I couldn’t find earlier regarding icmp
https://forums.comodo.com/index.php/topic,7175.0/topicseen.html
(if you would like to know more about icmp check wikipedia)

Hi Sullo,

Yes, I had recently run utorrent. But is not running now. Would my pc continue to try to connect without the software running? or is it the network trying to reach my pc?

Even after uTorrent is closed, the connections to other peers are still there for up to 1 or 2 minutes. Even if you don’t run peer sharing programs, it’s still possible that you receive such alerts, though certainly not frequently. It basically means your computer failed to connect to or communicate with other computers ports.

Since CFP’s default netmon rules does not allow ICMP port unreachable in or out, you are receiving such alerts. I personally just recently changed my netmon rules to allow all kinds of ICMP because there is not real security threat according to some sites like this. It is recommended for p2p’ers to at least allow ICMP outgoing for port unreachable speed up the network communication (i.e. download speeds 8)).

More on ICMP Destination Unreachable: Internet Control Message Protocol - Wikipedia

I just started using comodo recently and I keep getting this entry into the log. It would appear to be my computer trying to access the dns servers I am using. Any ideas why it is an outbound violation.

Date/Time :2007-03-19 20:02:39
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.1.100
Destination: 4.2.2.3
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2007-03-19 20:02:39
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.1.100
Destination: 4.2.2.2
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2007-03-19 19:59:49
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.1.100
Destination: 4.2.2.2
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Date/Time :2007-03-19 19:59:44
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE)
Protocol:ICMP Outgoing
Source: 192.168.1.100
Destination: 4.2.2.3
Message: PORT UNREACHABLE
Reason: Network Control Rule ID = 5

Welcome to the forum, dustwvl.

I fused your topic with this one since it’s directly related. As you can see in my post above, you can create a netmon rule to allow ICMP out - port unreach. should you wish.

Thanks.

Do most people leave the firewall in learning mode or should it be turned off after awhile.

Learning mode? Component Monitor?

Try this thread: https://forums.comodo.com/index.php/topic,6241.0.html