Hi, I’m in a LAN behind a router (Netgear 814), I receive a lot of connections from Internet to my local ports 135, 139, 445, 5109 and many others.
Listening processes showed by CFP Log are Svchost.exe, System, Windows Operating System.
I’m using Windows XP Pro Sp2 updated with all recent updates.
Why these connections if I behing a router ? Are these at high risk or harmless ?
The only way to block these is firewall (comodo or windows firewall) ?
Is your router fully stealthed? svchost only needs outbound connections as well as the others. See what your firewall setting for those programs are set to. You may need to fully stealth and echo block ping your router. A hardware firewall is always your first line of defense.
If your router is configured with NAT active, you should only see connection requests inbound that are in response to something you sent out. Unless you have ports forwarded or set up a DMZ. Check your router configuration. You can also set up a global rule in cfp3 (at the end):
block/ip/in/any/any/any if you just want to make the messages go away, but you should see why your router is passing them along first.
Whenever you send a log, please include the protocol of each message. Are these all TCP or do they also include UDP?
If you go to https://www.grc.com/ and run a “Shields Up” test of your port configuration, you should be able to tell if your router setup is ok. Your router should show all ports not forwarded as stealth. CFP is just blocking unauthorized traffic from outside like it is supposed to.
The logs are showing what looks like the typical Internet port probes. Either your router is seriously broken, or the the traffic is coming in some way other than your router. Maybe an unsecured wireless LAN.
Your router is probably working correctly, but as a precaution I would suggest doing a “factory reset” (usually a small recessed button on the back of the box), and then set up the router for your connection, and use a non-default password for accessing the router configuration. Attacking routers using default setup passwords seems to be the current fashion, and a non-default password blocks that method.
If you’ve got a wireless LAN connection, you can turn it off of a little while, and see if the CFP log goes quiet. If it does, the traffic is coming thru the wireless from somebody nearby. That means security changes on the wireless setup are in order.
If it was coming from the other computers all you have to do is find there IP address.
The IP addresses in your log do not look like local address.
Screenshot below DHCP from my desktop to laptop my laptop has a fixed IP.