CFW is blocking thousands of intrusions per day. I have had the firewall for a little over a year now, and the behavior just started recently. (Previously I had 0-5 per day.) I am worried and do not know how to interpret this. My best guess is that the new level of blocked intrusions took place after I upgraded the software, but I can’t be sure.
ALL of the intrusions (as in every single one, save for the intrusions I can easily identify) are from the application “Windows Operating System.” The source IP varies, but the destination IP is always 127.0.0.1 or my router’s IP. The source IP varies considerably, and the protocal (TCP/UDP) varies as well.
Is there anyway to diagnose what is happening here?
I use Azureus. The only new software I have installed is Nod32 and Mamutu . I have checked startup files and found nothing. I don’t think either nod or mamutu are causing this as I have both programs marked as trusted in cfw.
Maybe it’s the bittorrent. Is there a way to stop incoming bittorrent traffic so that I can test and see? I take it my ip is on some servers somewhere and that server is redirecting requests my way…
Still I am concerned because I have used azureas in the past (as long as I have had comodo) and never noticed activity like this.
I have done a traceroute of the IP’s and can’t seem to get any information. They come from all over, although most are outside of the US. Australia, Europe, Asia.
Would bittorent traffic be through TCP or UDP? I don’t know if it can be either or not - I am getting traffic through both protocols.
If you use a dedicated port for your torrent client you’ll notice it’s the destination port. As Kyle said they’ll die down after a few days. Seems like CFP is doing it’s job. I wouldn’t worry about it.
This exact thing has been happening to me too just recently…
I was trying to fix the yellow smiley, and I went exploring went into the Stealth ports wizard, in there I switched it to Block all incoming connections, and after that, the intrusion attempts go through the roof, then I set it back to Alert me to incoming connections, then the intrusion reports stopped.
Although it says block all incoming connections, I think it just prevents the other IP’s from seeing your ports, or something like that, I’m not all that good with protocol jibberish.
So I switched the setting in the Stealth ports Wizard to the middle one, and set a new port for Azureus to use, and did the port forwarding in my router, now I get almost no intrusion attempt reports, and the smiley is green. : )
Speaking of hackers, Trend keeps telling me the following computers are connected to my network. Checked out the site you provided Hikertrash and they’re from Dallas. Now, I know my PC is clean, but anybody care to weigh in?