Comodo Firewall 3.12.111745.560 (latest) on fully updated XP SP3 pro 32-bit English.
Looking at the firewall log, I see lots of blocked connection attempts where both the source IP and the destination IP are different than my own IP.
Application is mainly ‘Windows Operating system’, sometimes svchost.exe and very rarely rundll32.exe. Protocols are ICMP or UDP.
What could be the explanation of this ?
I’m in no way a network expert and the question is probably lame, but I connect to LAN via one LAN card and have one fixed IP. No wireless or other additional connections. The computer is a part of a domain and IP’s I see in the log are from that domain too, but I can’t understand how both source and destination IP’s may be different than my own - this means something tries to connect to something else through my machine (as I think), which is quite illogical as it’s an ordinary laptop.
Thanks for any suggestions.
They could be private LAN IP’s (eg. 192.168.0.1, etc.). But, unless you post a screen shot or something… there is no way to be certain.
Ah… just looked at your previous posts. Yes, my guess is private LAN IPs (network drives).
thanks for the replies. These are not network drives, as no network drives are connected, nor IP’s like 192.x.x.x
Could be private LAN IP’s, but still this does not explain things.
If it was
Source IP = my IP and dest.IP = whatever
Source IP = whatever and dest.IP = my IP
,then I understand. But it’s
Source IP <> my IP and dest.IP <> my IP
neither source nor dest. IP’s are somehow ‘mine’, for instance none of them appears if I type Ipconfig /ALL at cmd.
Anything that I say without seeing the logs would be pure speculation on my part and potentially misleading. I’m not sure what else I can do… is there a problem with the log?
You could try Googling the IP numbers to see what you get.
If for some reason you don’t want to post those types of details here, then you can email it to me if you wish (my email address is on the left under the