Confusing Log Entry [Resolved]

i got this logs. is this safe? and how to add rule

Moderator Edit: Removed extended logfile text and appended to post as attachment

[attachment deleted by admin]

anyone? (R)

johnjohn1,

Those all appear to be from either:

  1. Some aspect of your ISP
  2. Some other customer of your ISP attempting to access your computer

Heh, or
3: A combination of both

A lot of the entries were on ports commonly associated with various aspects of Windows (and thus some are commonly exploited).

My recommendation would be that if you have no connectivity problems, I would leave them blocked. If they continue to fill the logs but you’re not having any problems, you can create custom rules above the bottom rule, to block without logging. For instance, you had incoming traffic on ports 139 and 445 (among others).

You would go to the very bottom rule, which is the Block & Log IP In/Out from Any Source/Destination IP, Any Protocol (basically, everything…). Right-click that rule, and select Add/Add Before. Build the rule as follows:

Action: Block (but don’t check the box for ‘Create an alert if this rule is fired’ - that way it won’t be logged)
Protocol: TCP/UDP
Direction: In
Source IP: Any
Destination IP: Any
Source Port: Any
Destination Port: a set of ports: 139,445 (no space after the comma)
OK. Reboot.

Now that will be the second-to-last rule, and it will block those ports for incoming traffic, without logging it.

Hope that helps,

LM

PS: Welcome to the forums! I created a text file from the logs you posted, and attached to your post; in doing so, I also edited the IP address since it matched your public IP, for privacy.

thank you so much little mac and more power to comodo firewall pro team (R)

No problem; glad to help.

I’ll go ahead and mark the thread as resolved. If you have further questions on it or otherwise need it reopened, just PM a Moderator (please include a link back here) and we’ll be glad to do so.

LM