Connections to ports 135, 445, etc.

Hi, I’m in a LAN behind a router (Netgear 814), I receive a lot of connections from Internet to my local ports 135, 139, 445, 5109 and many others.
Listening processes showed by CFP Log are Svchost.exe, System, Windows Operating System.
I’m using Windows XP Pro Sp2 updated with all recent updates.

Why these connections if I behing a router ? Are these at high risk or harmless ?
The only way to block these is firewall (comodo or windows firewall) ?

I attached the CFP log here.
Thank you very much

[attachment deleted by admin]

Is your router fully stealthed? svchost only needs outbound connections as well as the others. See what your firewall setting for those programs are set to. You may need to fully stealth and echo block ping your router. A hardware firewall is always your first line of defense.

If your router is configured with NAT active, you should only see connection requests inbound that are in response to something you sent out. Unless you have ports forwarded or set up a DMZ. Check your router configuration. You can also set up a global rule in cfp3 (at the end):
block/ip/in/any/any/any if you just want to make the messages go away, but you should see why your router is passing them along first.
Whenever you send a log, please include the protocol of each message. Are these all TCP or do they also include UDP?

My Netgear 814 router configuration has

  • DMZ disabled
  • NAT active
  • NO port forwarding for 135, 445, etc. BUT for two emule ports only.
  • my emule client was not running since 2 days.

Is problem in the router?
Why the router forward connections to if I didn’t start any connection before?

block/ip/in/any/any/any (at the bottom)
This is the best cfp global rule to block all these attacks? I want to use emule and utorrent.

Whenever you send a log, please include the protocol of each message. Are these all TCP or do they also include UDP?
I tried but the exporting html function does not export protocol column in any way.

Thank you very much

[attachment deleted by admin]

If you go to and run a “Shields Up” test of your port configuration, you should be able to tell if your router setup is ok. Your router should show all ports not forwarded as stealth. CFP is just blocking unauthorized traffic from outside like it is supposed to.

The logs are showing what looks like the typical Internet port probes. Either your router is seriously broken, or the the traffic is coming in some way other than your router. Maybe an unsecured wireless LAN.

Your router is probably working correctly, but as a precaution I would suggest doing a “factory reset” (usually a small recessed button on the back of the box), and then set up the router for your connection, and use a non-default password for accessing the router configuration. Attacking routers using default setup passwords seems to be the current fashion, and a non-default password blocks that method.

If you’ve got a wireless LAN connection, you can turn it off of a little while, and see if the CFP log goes quiet. If it does, the traffic is coming thru the wireless from somebody nearby. That means security changes on the wireless setup are in order. tests give me all ports as STEALTH.

I have 3 PC in my LAN. All Windows XP. Can the problem be caused from other 2 PCs ?
I have NO Wireless devices or connections and neither other PCs.
Thank you

If it was coming from the other computers all you have to do is find there IP address.
The IP addresses in your log do not look like local address.
Screenshot below DHCP from my desktop to laptop my laptop has a fixed IP.

[attachment deleted by admin]

Is one of your computers acting as an ICS gateway? Are you sharing between them? Are any of the ports shown connected with emule?


I’m not sure, but worth a try. Create restore points and use this utility to disable some system’s components on all of your computers in LAN.

All, except the middle one - netbios – otherwise bloody file and print sharing on the LAN won’t work.

Ok, I run WWDC.exe in all PC and I closed all the ports.
Thank you very much (R)