CFW is blocking thousands of intrusions per day...

CFW is blocking thousands of intrusions per day. I have had the firewall for a little over a year now, and the behavior just started recently. (Previously I had 0-5 per day.) I am worried and do not know how to interpret this. My best guess is that the new level of blocked intrusions took place after I upgraded the software, but I can’t be sure.

ALL of the intrusions (as in every single one, save for the intrusions I can easily identify) are from the application “Windows Operating System.” The source IP varies, but the destination IP is always or my router’s IP. The source IP varies considerably, and the protocal (TCP/UDP) varies as well.

Is there anyway to diagnose what is happening here?

You could always check the IP that’s knocking.

Do you use uTorrent or the like? Once you close the program you’ll still get hit on and get the block notifications

I use Azureus. The only new software I have installed is Nod32 and Mamutu . I have checked startup files and found nothing. I don’t think either nod or mamutu are causing this as I have both programs marked as trusted in cfw.

Maybe it’s the bittorrent. Is there a way to stop incoming bittorrent traffic so that I can test and see? I take it my ip is on some servers somewhere and that server is redirecting requests my way…

Still I am concerned because I have used azureas in the past (as long as I have had comodo) and never noticed activity like this.

I have done a traceroute of the IP’s and can’t seem to get any information. They come from all over, although most are outside of the US. Australia, Europe, Asia.

Would bittorent traffic be through TCP or UDP? I don’t know if it can be either or not - I am getting traffic through both protocols.

Hey streets, What your experiencing is quite normal for using bittorrents, The traffic will die down after a few days of not using bitorrent.

If you use a dedicated port for your torrent client you’ll notice it’s the destination port. As Kyle said they’ll die down after a few days. Seems like CFP is doing it’s job. I wouldn’t worry about it.

This exact thing has been happening to me too just recently…

I was trying to fix the yellow smiley, and I went exploring went into the Stealth ports wizard, in there I switched it to Block all incoming connections, and after that, the intrusion attempts go through the roof, then I set it back to Alert me to incoming connections, then the intrusion reports stopped.

Although it says block all incoming connections, I think it just prevents the other IP’s from seeing your ports, or something like that, I’m not all that good with protocol jibberish.

So I switched the setting in the Stealth ports Wizard to the middle one, and set a new port for Azureus to use, and did the port forwarding in my router, now I get almost no intrusion attempt reports, and the smiley is green. : )

I’ve had problems with hackers before, this should be helpful, assuming they’re not using a proxy of any kind. :-
Much thanks though!

Speaking of hackers, Trend keeps telling me the following computers are connected to my network. Checked out the site you provided Hikertrash and they’re from Dallas. Now, I know my PC is clean, but anybody care to weigh in?

That’s a router and a computer. You sure it’s not yours? Maybe a close neighbors. I had the same with a Linksys router until I set up a static IP.

That’s exactly what I have, Linksys. But why would NT say it’s coming from Texas when I live nowhere near there?

Can’t understand why. It’s your network. I wouldn’t worry about it.

The addresses you’ve qouted ( and are private addresses and cannot be routed across the internet.

The reason it says Dallas is because that is where the server you have sent the IP trace request to is located. It found itself.

Ewen :slight_smile: